Preface
Introduction to the ISHTAR Project
Petra Wilson
Shortly after joining the Health Telematics Applications Unit Directorate General XIII (as it was then called) of the European Commission I was charged with the responsibility of acting as Project Officer to the three projects working on security and legal issues in health telematics at that time. Coming from an academic legal background I had a ready understanding of some of the more arcane legal issues in health telematics, but I faced a very steep learning curve in the wider practical application of telematics in the day to day life of Health Care Establishments (HCEs). In this context ISHTAR came to me as a gift - it provided a readily accessible introduction to the wide range of issues which must be considered if HCEs are to meet the security challenges associated with a full implementation of Health Information Systems. Many of the lessons I learnt from ISHTAR are well reflected in the chapters of this volume and will provide the reader with a similar easily accessible introduction to the issues of security in health telematics applications.
This volume presents the results of the ISHTAR project, and to some extent of its predecessor, SEISMED, in a clear and accessible manner, covering the political and policy issues (see chapter one); legal issues (see chapters three and four), various technical issues (see secure architectures in chapter five and incident reporting schemes in chapter eight); the clinical perspective (see chapter two); as well as providing an introduction to the training and information needs and the ways in which such needs may be met through courses and WWW based information services. Each chapter is self-contained and serves well as a background document for anyone seeking to understand a given issue within security in health telematics.
Yet it is only after reading the book as a whole that the reader will appreciate the many facets of security in health telematics, and the interdependence of those many facets. The way one perceives security issues in health telematics depends greatly on ones perspective. For the technician the structure of a system, its components and architectures must be capable of secure handling of information - authorisation systems and access control must be catered for and security devices such as firewalls and external access LANs must be integrated into the system. For the lawyer, on the other hand, the system itself is often incomprehensible, the key issue for the legal expert is that all players understand their duties and obligations: the legal requirements of data protection, the legal duties of healthcare provider to the patient and the steps necessary to execute those duties. The healthcare administrator, coming from yet another perspective, will emphasise the human and ergonomic elements – the necessity of training for all players in their duties, and the meeting of wider policy and non-legal requirements.
While this book cannot cover all the areas in exhaustive detail, the many disciplines and professions represented amongst its authors give a depth to its coverage which is often missing in health telematics security texts.
However, notwithstanding the fact that this book covers a wide range of issues of security in health telematics, it is important to note that one particular issue arises again and again in different guises: that is the issue of ethical use of health telematics applications. Whether this is addressed from the perspective of policy, law, technical specification, incident reporting, training or guidelines, all authors accept the underlying concept of an ethical dimension to the doctor/patient relationship which extends to the way in which telematics tools and applications are integrated into the healthcare setting.
Since Hippocrates it has been accepted that respect for autonomy of both the patient and practitioner, lies at the heart of ethical medical practice. A key element of respect for autonomy is maintaining confidentiality of patient information which is cited in both the Hippocratic Oath and the International Code of Medical Ethics, and requires that the medical practitioner maintains the secrecy of information entrusted to him by the patient. In using telematic tools the medical practitioner will have to ensure that the medium she or he uses to store it or transmit it to another treating practitioner is safe from those who might intercept it. That means that the computer and telecommunications systems used must be secure, that all who handle information must have a high duty of confidentiality, that they must have been trained in meeting that duty, and that guidelines on how to achieve these aims must have been set. Concern for the ethical principle of autonomy does not end here, however, for in order to respect the autonomy of the individual it is important not only to respect the confidentiality of data stored about a patient, but also the integrity and availability of such data. This means that as well as ensuring that unauthorised people do not have access to patient data, the data controller must also ensure that any data she or he sends to or receives from another has ‘integrity’ ie, that that which she is receiving is exactly what the sender sent, similarly the controller must also be able to be sure that the data has really been sent by the individual shown as sender [1].
How to set about meeting all these ethical demands is well documented in the chapters that follow, reading this text is thus a first step in meeting the new ethical challenges posed by the increasingly wide use of health telematics applications in the healthcare provision.
Petra Wilson
Scientific Officer
European Commission
DG Information Society – Application relating to Health
[1] For an introductory overview of these simple security issues see Benson and Neame (1994) or Barber Treacher and Louwerse (1996), or ‘Security in Medical Information Systems’ in van Bemmel and Musen (1997).