Security, Privacy and Data Protection

Flashcards for Security, Privacy and Data Protection Lecture

Digital Health

The proper use of technology for improving the health and wellbeing of people at individual and population levels, as well as enhancing the care of patients through intelligent processing of clinical and genetic data.

Factors driving the need for innovation in healthcare

Increasing costs/expenditure, Population Health & Societal Changes, Population growth - ageing populations, Increasing chronic and comorbid conditions, Increasing demand for healthcare, Increasing demand from ‘expert patients’, Lifestyle risk factors, ‘Digital’ life – inactive lifestyles, Unequally distributed in the population, Health and social care crisis, Waiting lists, Staff shortages

Aims of digital health initiatives

Medical knowledge, Patient engagement, Improve access to healthcare, Development of new treatments and interventions, Personalised and precision medicine, Share and coordinate patient information, Support and improve collaboration, Improve care coordination, Improve the quality and efficiency of care, Improve assessment, decision-making, treatment and monitoring, Improve quality and safety, Evidence-based medicine (EBM), Reduce inefficiencies and costs in the healthcare system, Support achievement of policy aims

Health Literacy

A person’s capability to understand, read, use, and obtain healthcare information.

Domains of capability from the Health Education England (HEE) Health and Care Digital Capability Framework

Communication, collaboration and participation; Teaching, learning and self-development; Information, data and content literacies; Creation, innovation and research; Digital identity, wellbeing, safety and security; Technical proficiency

Digital Literacies

Ability to access, manage, evaluate, and create information safely and effectively using digital technologies. It ensures effective use of digital tools while maintaining privacy, security, and ethical standards; confidence in using digital technologies; understanding the adverse side of digital literacies such as cyber threats and misinformation; knowing when not to use digital sources

Digital Literacies

Capabilities that fit someone for living, learning, working, participating, and thriving in a digital society.

Topics Covered

Key terms and definitions, legislation, qualities and characteristics of personal data, ethical issues.

Key Terms

Privacy, Data Security, and Data Protection.

Privacy

The right to be let alone, free from interference or intrusion.

Types of Privacy

Personal zone (solitude), intimate zone (intimacy), semi-private zone (secrecy), public zone (inconspicuousness).

Privacy

The rights of an individual or an organization regarding access and control over how information is collected, stored, processed, used, and shared.

Data Security

Standards and technologies that protect data from intentional or accidental destruction, modification, or disclosure.

CIA Triad

Confidentiality, Integrity, Availability, Resilience.

Cyberthreats

Malware, hacking, phishing, insider threats, loss of physical devices, unsecured networks.

Security Measures

Encryption, Access Control & Authentication, Data backups, Data masking, Data erasure, Network protections (e.g., VPN and firewalls).

Information Governance (IG)

Framework incorporating legal, ethical, and quality standards to support the provision of high-quality care.

Consequences of inadequate data security

Physical harm, privacy breach, loss of data, identity theft, emotional consequences, fines, and reputational damage.

Caldicott Report 1997

Guidance to the NHS on the use and protection of personal confidential data, including the appointment of a Caldicott Guardian.

The 6 Caldicott Principles

Justify the purpose; Do not use PII unless absolutely necessary; Minimise PII; Restrict access; Everyone should be aware of their responsibilities; Understand and comply with the law.

Revisions to Caldicott Principles

The duty to share information can be as important as the duty to protect patient confidentiality; Inform patients and service users about how their confidential information is used.

General Data Protection Regulation (UK GDPR)

Sets out the key principles, rights and obligations for most processing of personal data in the UK.

Data Protection

The process of protecting data and the relationship between data, technology, privacy expectations, and relevant laws and regulations.

Personal Data

Information about a particular living individual, regardless of whether it is private or public knowledge.

Special categories of personal data

Race, ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, sex life, or sexual orientation.

Examples of personal data

NHS number, Date of birth, Address, Mobile phone number, IP address, Location data, Social media handle or username

GDPR: Rights for Individuals

Right to be informed, Right of access, Right to rectification, Right to erasure, Right to restrict processing, Right to data portability, Right to object, Rights related to automated decision making including profiling

Lawful bases for processing personal data

Consent, contract, legal obligation, vital interests, public task, legitimate interests.

Key Elements of Consent (GDPR)

Freely Given, Specific, Informed, and Unambiguous indication of agreement to the processing of personal data.

Ethical Considerations

Patient Autonomy & Informed Consent, Confidentiality & Trust, Risk of Harm & Discrimination, Equity & Justice, Data Exploitation, Bias in Data and algorithms, Balancing Privacy and Innovation