BKPRMDIN.RVW 980508 "Personal Medical Information", Ross Anderson, 1997, 3-540-63244-1, U$45.00 %E Ross Anderson ross.anderson@cl.cam.ac.uk %C 175 Fifth Ave., New York, NY 10010 %D 1997 %G 3-540-63244-1 %I Springer-Verlag %O U$45.00 800-777-4643 fax: 201-348-4505 wborden@springer-ny.com %O http://www.amazon.com/exec/obidos/ASIN/3540632441/robsladesinterne %P 250 p. %T "Personal Medical Information: Security, Engineering, and Ethics" The papers contained in this work were presented at a conference held in Cambridge, UK, in June of 1996. Those attending were from medical, legal, activist, legislative, and data security backgrounds. Most of the material comes from the UK and German experience. The first paper examines the purpose and ownership of medical information: does the data belong to the patient or the NHS (National Health Service) and what implications does ownership have on policy regarding health information. This question is complicated by the requirement for aggregated details in order to provide the proper quality of service. In Germany, a "smart" card is being developed for patient information and billing purposes and the debate and various options for the card is described in the second essay. Chapter three looks generically (and in rather jargon laden manner) at the distinctives of medical information systems. During rationalization of the medical information systems of the German Democratic Republic (GDR, East Germany) and the Federal Republic of Germany (West Germany) the value of a central repository for cancer information was noted, along with the danger of invasion of privacy in such consolidated systems. The possibility of a distributed information system in which patient information is held locally, but made available for non- identifying epidemiological research is discussed in paper four. The review of the use of information systems by general practitioners, in chapter five, is general and anecdotal, rather than analytical. The British Medical Association (BMA) has produced a policy paper on the security and confidentiality of patient information. The sixth essay takes issue with aspects of the BMA paper with particular respect to acute care. Implementation of the policy in a multi- practitioner practice in Yorkshire is noted in chapter seven. The BMA policy is used as a case study for medical ethics analysis in chapter eleven. Chapter twenty closes off the book with an update on the policy. Paper number eight is a somewhat simplistic view of a confidential patient information architecture modelled on an ideal patient ward. Unfortunately, it fails to account not only for real world situations, but also for many important uses of medical information. Although titularly involved with risk assessment, chapter nine is essentially a statement of medical ethics in opposition to the surveillance of patients used by for-profit managed care operations. With the introduction of information technologies, wholesale modification of institutions and systems is being undertaken, often with untoward consequences. The aim of essay ten is to propose a model for re- engineering that makes responsibility central to the enterprise in order to avoid confidentiality problems. While the many see patient information as primarily business related, chapter twelve looks at the needs for data as a resource for research and treatment. Electronic commerce tools are used to ensure confidentiality of patient information transfer in paper thirteen. Similarly, public key encryption is examined for the establishment of confidential auditing of medical payments in essay fourteen. Chapter fifteen is a very brief case study of the use of smart cards for medical data. The philosophical review of medical ethics in chapter sixteen has only tenuous connections to technology. Only an abstract is included for presentation seventeen. Chapter eighteen is a review of privacy policy in the United States. Nineteen is a case study from New Zealand. While the quality of the papers is uneven, the variety of viewpoints is extremely valuable. Although there is a significant bias in favour of patient confidentiality, some of the needs for sharing of information are at least raised. copyright Robert M. Slade, 1998 BKPRMDIN.RVW 980508