Security, Privacy and Data Protection

Digital Health Definition

• Digital health involves using technology to improve health and wellbeing at individual and population levels.

Factors Driving Innovation in Healthcare

• Increasing costs/expenditure

• Population Health & Societal Changes

• Population growth - ageing populations

• Increasing chronic and comorbid conditions

• Increasing demand for healthcare

• Increasing demand from ‘expert patients’

• Lifestyle risk factors

• 'Digital' life – inactive lifestyles

• Unequally distributed in the population

• Health and social care crisis

• Waiting lists

• Staff shortages

Aims of Digital Health Initiatives

• Improve access to healthcare

• Development of new treatments and interventions

• Personalised and precision medicine

• Share and coordinate patient information

• Support and improve collaboration

• Improve care coordination

• Improve the quality and efficiency of care

• Improve assessment, decision-making, treatment and monitoring

• Improve quality and safety

• Evidence-based medicine (EBM)

• Reduce inefficiencies and costs in the healthcare system

• Support achievement of policy aims

Four Influential Factors Impacting Individual Health Outcomes

• Framework for digital equity (Richardson et al. 2022)

Health Literacies

• A person’s capability to understand, read, use and obtain health care information.

HEE Health and Care Digital Capability Framework - Domains:

1. Communication, collaboration and participation

2. Teaching, learning and self-development

3. Information, data and content literacies

4. Creation, innovation and research

5. Digital identity, wellbeing, safety and security

6. Technical proficiency

Digital Literacies

• Ability to access, manage, evaluate, and create information safely and effectively using digital technologies.

• Ensures effective use of digital tools while maintaining privacy, security, and ethical standards.

• Confidence in using digital technologies, willingness to embrace change, digital resilience.

• Understanding the adverse side of digital literacies such as cyber threats and misinformation.

• Knowing when not to use digital sources.

• Those capabilities that fit someone for living, learning, working, participating and thriving in a digital society (Health Education England, 2018)

Correlation vs. Causation

• Consideration of confounding factors (e.g., education, digital divide, health conditions) when analyzing correlation between age and digital skills.

Key Terms and Definitions

• Privacy, security, information governance.

Legislation

• UK GDPR and DPA 2018.

Qualities and Characteristics of Personal Data

Ethical Issues

Privacy

• Right to be let alone, free from interference or intrusion.

• Rights of an individual or an organisation - Access and control.

• How (and what) information is collected, stored, processed, used and shared.

• Situated – depends on context.

Types of Privacy

• Bodily, spatial, communicational, informational, intellectual, decisional, associational, behavioral.

Data Security

• Standards and technologies protecting data from destruction, modification, or disclosure.

Key Principles of Data Security: CIA Triad

• Confidentiality (C): prevention of unauthorized disclosure.

• Integrity (I): guarantee that information isn't modified in transit.

• Availability (A): information is available when needed.

• Resilience: systems continue operating under adverse conditions.

Examples of Cyberthreats

• External: Malware, hacking, phishing.

• Internal: Insider threats, loss of devices.

• Unsecured networks.

Security Measures

• Encryption, access control, data backups, data masking, data erasure, network protections (VPN, firewalls).

Information Governance (IG)

• Framework: legal, ethical, and quality standards supporting high-quality care.

Consequences of Inadequate Data Security

• Physical harm, privacy breach, data loss, identity theft, emotional distress, fines, reputational damage.

The Caldicott Principles

1. Justify the purpose

2. Do not use PII unless it is absolutely necessary

3. Minimise PII

4. Restrict access

5. Everyone should be aware of their responsibilities

6. Understand and comply with the law

Revisions to Caldicott Principles

• Principle 7: The duty to share information can be as important as the duty to protect patient confidentiality

• Principle 8: Inform patients and service users about how their confidential information is used

• Patients have the right to opt out of their confidential information being used beyond their own care

UK Data Protection Act 2018 & General Data Protection Regulation (UK GDPR)

• Sets out principles, rights, and obligations for processing personal data.

Data Protection

• Process of protecting data, relationship between data collection, privacy expectations, and relevant laws.

Legal Definitions of Personal Data

• Information that directly or indirectly identifies an individual.

• Special categories (e.g., race, health data) require higher protection.

GDPR: Rights for Individuals

1. Right to be informed

2. Right of access

3. Right to rectification

4. Right to erasure

5. Right to restrict processing

6. Right to data portability

7. Right to object

8. Rights related to automated decision making including profiling

Lawful Bases for Processing Data

1. Consent

2. Contract

3. Legal Obligation

4. Vital interests

5. Public task

6. Legitimate interests

GDPR: Consent Definition

• Freely given, specific, informed, and unambiguous agreement to the processing of personal data.

Ethical Considerations

• Patient autonomy, confidentiality, risk of harm, equity, data exploitation, bias.