6: Data security and data protection Flashcards
What are EHRs
EHRs are digital records that contain all of a patients medical details including their medical history, physical examinations, investigations and treatments
What are some potential benefits of electronic health records
- Overcoming the shortcomings of paper-based records such as the lack of accessibility, errors and data loss
- Reducing errors by providing a comprehensive record of a patients medication and allergies
- Improving accessibility and storage space
- Aiding individual diagnosis by providing a comprehensive picture of a patients health information
- Improving public health outcomes by providing meaningful insights into specific conditions, preventative measures and medication use
- Identifying specific risk factors to improve patient outcomes such as diabetes + hypertension
To what extent are electronic health records being introduced in the UK
- In October 2020, the Royal Devon and Exeter NHS Foundation Trust (RD&E) launched their electronic health record system.
- The system includes features like MyChart, a portal available via an app or online, and a gradual roll-out of a patient portal called MY CARE.
- The Trust assured patients who are concerned about using new technology or lack access that paper communications will continue to be used.
What are the barriers for adoption of electronic health records
- Insufficient training and lack of knowledge among clinicians.
- User digital literacy and technical skills.
- Poor interoperability between different systems and technologies.
- Patient resistance, lack of trust in data privacy, and risk of data loss.
- Poor system quality, compatibility, and efficiency.
- Resource constraints, including device, time, and licensing constraints.
- Legal liability and lack of policies for appropriate and effective use.
What are the four major ethical priorities for electronic health record
- Data and privacy
- Security breaches
- System implementation
- Data inaccuracies
What is abrams taxonomy
Four ways data originates within a digital system.
Provided: Directly provided by users (e.g., signing up for an account).
Observed: Indirectly collected through tracking people or devices.
Derived: Obtained by combining datasets or simple processing.
Inferred: Produced using complex analytical methods and algorithms for profiling or categorization.
Examples of data origins abrams taxonomy
Provided: Signing up for an account.
Observed: Tracking online activities or device usage.
Derived: Combining datasets or performing basic data processing.
Inferred: Predicting future health outcomes based on correlations and probabilities.
Differences between inferred and derived data
inferred data: Based on probabilities and complex methods -> AI/ML
Derived data: Comes from combining datasets and simple processing.
Usage of inferred data
Profiling or categorizing individuals based on algorithms and dataset analysis.
What is the difference between pseudonymisation and anonymisation?
Pseudonymisation is the process of collecting and processing personal data in a way that it can no longer be attributed to a specific individual without additional information.
Anonymisation is where data is modified or processed to the extent that an individual is no longer identifiable, and the General Data Protection Regulation (GDPR) no longer applies.
What is personal data
Personal data refers to information about a living individual that directly or indirectly identifies that person. It includes both objective data, like date of birth and address, and subjective information, like opinions and sensitive data. Personal data doesn’t have to be private information
What is data privacy
Data privacy refers to the rights of individuals and organizations regarding the collection, storage, and use of information or data. It encompasses issues such as consent, notice, and the sensitivity of the data.
What is data protection
Data protection refers to the process of safeguarding data and the laws and regulations that govern the collection, dissemination, and storage of information. It includes ensuring data integrity, protection against corruption, and privacy.
What is data security
Data security is concerned with safeguarding information and ensuring that it is accessible only to authorized individuals. It includes measures such as authentication, data encryption, data masking, network protections, and data resilience.
What is CIA triad
- Confidentiality (C): Prevention of unauthorized disclosure of information.
- Integrity (I): Guarantee that information sent is the same as received and not modified.
- Availability (A): Ensuring timely and uninterrupted access to information.
- Resilience: Ability to operate under adverse conditions and restore to an effective state.
What is Information Governance (IG)
Information Governance is a framework that brings together legal, ethical, and quality standards for handling sensitive and personal information in clinical settings. It ensures the confidential and secure handling of information.
What are some examples for cyberthreats
- Phishing:
Definition: Fraudulent attempt to obtain sensitive information through deceptive emails or messages. - Vishing:
Definition: Voice-based phishing scam to extract personal information. - SIM Hijacking/SIM Swapping:
Definition: Gaining control of a phone number by assuming the victim’s identity and persuading the service provider to transfer the number. - Malware:
Definition: Software designed to harm or exploit systems, including viruses, spyware, and ransomware. - Hacking:
Definition: Deliberate unauthorized access to computer systems.
What are some security techniques
- Authentication:
Definition: Process of identifying and authorizing users to ensure authorized access.
Example: Passwords and two-factor authentication for emails. - Data Encryption:
Definition: Scrambling data to make it unreadable without access to a specific key. - Data Masking:
Definition: Technique of hiding information to protect it, such as masking data in receipts or databases. - Data Erasure:
Definition: Secure removal of data to prevent unauthorized access.
What is the General Data Protection Regulation (GDPR)?
The General Data Protection Regulation is a regulation in the European Union that aims to strengthen and unify data protection laws. It sets out rules regarding the processing and free movement of personal data.
What are the 8 Caldicott Principles?
- Justify the purpose: Every proposed use or transfer of patient -identifiable information within or from another organisation should be clearly defined (and reviewed if continuing).
- Do not use patient-identifiable information unless it is absolutely necessary: Patient identifiable information items should only be used if there is no other alternative.
- Use the minimum necessary patient-identifiable information: Where use of patient- identifiable information is considered to be essential, each individual item of information should be justified, with the aim of reducing identification.
- Access to patient-identifiable information should be restricted on a strict need-to-know basis: Only those individuals who need access to patient-identifiable information should have access to it, and they should only have access to the information items they need to
see. - Everyone should be aware of their responsibilities: Action should be taken to ensure that all staff are aware of their responsibilities and obligation to respect patient confidentiality.
- Understand and comply with the law: Every use of patient-identifiable information must be lawful.
