Information technology in medical practice: safety and privacy lessons from the United Kingdom

  title={Information technology in medical practice: safety and privacy lessons from the United Kingdom},
  author={Ross J. Anderson},
  journal={Medical Journal of Australia},
  • Ross J. Anderson
  • Published 1 February 1999
  • Business, Medicine
  • Medical Journal of Australia
The previous UK government's strategy for managing information technology in healthcare caused serious safety and privacy problems, which led to a government review of healthcare computing that advocated some seemingly quite radical changes. Here I offer a personal view of what went wrong, as an engineer with a background in both safety‐critical systems and computer security, and who has been involved in advising the British Medical Association (BMA) on the safety and privacy of clinical… 
A Review of Security of Electronic Health Records
  • K. Win
  • Political Science, Medicine
    Health information management : journal of the Health Information Management Association of Australia
  • 2005
It is concluded that current EHR security technologies are inadequate and urgently require improvement.
Information governance in NHS's NPfIT: A case for policy specification
The main goal is to convince the reader of the strong benefits of employing formal policy specification in nation-wide electronic health record (EHR) projects, and to recommend the use of trust management and policy specification technology for the implementation ofnation-wide EHR infrastructures.
Towards a Secure Web-Based Health Care Application
A prototype was developed to show the feasibility of the implementation of security mechanisms required in a Webbased healthcare application and a tendency to use the Internet as a communications media can be observed.
Securing electronic health records with broadcast encryption schemes
This paper presents a novel solution to allow a secure access to the EHRs whilst minimising the number of the encrypted ciphertexts, and enjoys shorter cipher Texts compared to having multiple ciphertextS encrypted for several different participants.
Cassandra: flexible trust management and its application to electronic health records
CASSANDRA is presented, a role-based language and system for expressing authorisation policy, and the results of a substantial case study, a policy for a national electronic health record system, based on the requirements of the UK National Health Service’s National Programme for Information Technology (NPfIT).
Improving information management in the Health Service: The role of information systems development
The lack of adoption of health information management systems (IS) in the health services, as part of the drive to attain greater efficiency and productivity is the subject of many debates. Recent
A proposed architecture and method of operation for improving the protection of privacy and confidentiality in disease registers
  • T. Churches
  • Medicine
    BMC medical research methodology
  • 2003
The system proposed would significantly improve the protection of privacy and confidentiality, while still allowing the efficient linkage of records between disease registers, under the control and supervision of the trusted third party and independent ethics committees.
Brief Review: The Contributions of Biomedical Informatics to the Fight Against Bioterrorism
  • I. Kohane
  • Computer Science, Medicine
    J. Am. Medical Informatics Assoc.
  • 2002
A comprehensive and timely response to current and future bioterrorist attacks requires a data acquisition, threat detection, and response infrastructure with unprecedented scope in time and space.
Providing secure mAccess to medical information
The HERMES system builds an environment where mobile medical personnel perform secure registration and acquisition of medical information and can be used as an overall medical communication system on which diverse medical applications could inter-operate and securely exchange data.
Infiltrating IT into primary care: a case study
A web-based solution to the problem of managing data collection from student encounters with patients whilst on placement and an additional effect will be to expose practicing healthcare providers to electronic information systems, along with the undergraduates who are trained to use them, and increase the skill base of the practitioners.


Managing Health Data Privacy and Security: A Case Study from New Zealand
  • R. Neame
  • Business, Computer Science
    Personal Medical Information
  • 1997
The past decade has seen a rapid upsurge of interest and concern relating to protecting the privacy of personal information. Some countries have enacted adequate privacy legislation: others have not.
Personal medical information : security, engineering, and ethics : personal information workshop, Cambridge, UK, June 21-22, 1996 : proceedings
This book discusses security and Confidentiality issues related to the Electronic Interchange of Clinical Data in the German Health-Care System, as well as user-Oriented Control of Personal Information Security in Communication Systems.
Implementing access control to protect the confidentiality of patient information in clinical information systems in the acute hospital
A practical approach to managing the confidentiality of patient information in large-scale clinical information systems in the acute hospital is described and control over access to the individual patient is required.
Protecting Doctors ’ Identity in Drug Prescription Analysis ( Draft Version )
This paper describes work undertaken to assure the privacy of doctors in a system that enables some other parties to analyse prescription information at a reasonably detailed level. Our task was to
Clinical Record Systems in Oncology. Experiences and Developments on Cancer Registers in Eastern Germany
  • B. Blobel
  • Medicine, Computer Science
    Personal Medical Information
  • 1997
The labour-shared, cooperative care for cancer patients as “Shared Care” requires a complete, distributed cancer documentation, summarized in clinical cancer registers, which are also a basis for a population-related epidemiological registry.
Report of the Inquiry into the London Ambulance Service
It is difficult to understand why the final decision to use only the computer generated resource allocations was made, knowing that there were so many potential imperfections in the system.
Safety and Privacy in Clinical Information Systems
  • In: Lenaghan J, editor. Rethinking IT and Health. London: IPPR
  • 1998
Safetyand privacy In clinical information systems
  • Lenaghan J. editor. Rethinking ITand health. London: IPPR,
  • 1998
Experiencesand developments on cancerregisters in Eastem Germany
  • 1997
Managing health data privacy and security. In: Anderson RJ, editor. Personal medical information { security, engineering and ethics
  • Managing health data privacy and security. In: Anderson RJ, editor. Personal medical information { security, engineering and ethics
  • 1997