Safety and Privacy – Health Systems in the Age of Biodata (Talk I - The Israel Pollak Distinguished Lecture Series)

Speaker:
Ross Anderson (Computer Laboratory, University Of Cambridge)
Date:
Tuesday, 10.12.2013, 14:30
Place:
Room 337-8 Taub Bld.

There have been serious tussles over health privacy in the UK, the USA and elsewhere over the safety and privacy of health IT systems. Many countries are moving medical records away from family doctors, clinics and hospitals to central cloud systems. This can cut costs and increase resilience: Hurricane Katrina wiped out many New Orleans patients' records, but those covered by the Veterans' Administration could walk into any VA hospital and find their files waiting for them. But centralisation can bring serious privacy failures: following the UK health service's National Programme for IT (NPfIT) receptionists found they could access psychiatric casenotes, and over 700,000 people opted out of an early centralised system. Such systems can also impair functionality: once they are no longer bought by doctors but by large firms or ministries, they become less good at supporting healthcare in many subtle ways. And once the records are available in one place, there are huge pressures for access by all manner of organisations, benevolent and otherwise; lobbying over the new EU data protection regulation is so fierce that the European Parliament and Council may not be able to agree on it. Regulation is poor, as regulators are captured by powerful lobbies; the safety of medical equipment still awaits its Ralph Nader. Medical records are a hard problem not just because the subject matter and the workflow are complex, but because support systems embody power relationships and are the scene of fierce struggles for control and for money. Into this cauldron, we are about to add genomics. How will the world change once patients can add their DNA sequence data to their records?

Bio:
Ross Anderson is Professor of Security Engineering at Cambridge University. He holds a Brandeis award for lifetime achievement in health privacy; he has worked for the British and Icelandic medical associations, been a special advisor to the UK parliament's health committee, and was an author of "Database State" – a report that led the UK government in 2010 to cancel two large systems to collect data on children. He has made a number of technical contributions to security, from cryptography through hardware tamper-resistance to API security; and he is one of the founders of security economics, which brings the tools of game theory and microeconomic analysis to bear on complex multistakeholder systems.

Back to the index of events