Privacy and security issues in a wide area health communications network

Abstract

In 1993 the first national health information service went live in New Zealand, using commercial network services for all communications. This system provides a point of connection for all health personnel, and for those with a legitimate interest in health care information (e.g. insurers): it also provides access to a number of information resources managed on behalf of the government of New Zealand (e.g. index of health care users), as well as to those developed by individual network service providers. Much of the data exchanged across this network is personalised. Since the recipient may not be known personally to the sender, it is vital that the sender has confidence that the recipient will treat personal information according to agreed criteria for privacy. A Code of Practice covering health information was developed under the New Zealand Privacy Act to ensure that the confidence to share confidential data was supported. For large organisations such as hospitals to function efficiently, they need the flexibility to be able quickly to assign user privileges to selected staff without the need for extra paperwork seeking approval from the centre. But the audit trail requires unique identification of the individual undertaking each transaction. This requirement has been addressed. Some of the data moved across the network relates to life-critical issues, e.g. clinical warnings about allergies or serious medical conditions. A failure of communications causing this vital information to be improperly represented in some way on the receivers system could have disastrous consequences. To ensure the integrity of data transfers, user installations have to be certified compliant with standard test scripts before they are authorised for access to these resources.