אירועים
אירועים והרצאות בפקולטה למדעי המחשב ע"ש הנרי ומרילין טאוב
יום שלישי, 10.12.2013, 14:30
חדר 337, בניין טאוב למדעי המחשב
There have been serious tussles over health privacy in the UK, the USA and elsewhere over the safety and privacy of health IT systems. Many countries are moving medical records away from family doctors, clinics
and hospitals to central cloud systems. This can cut costs and increase resilience: Hurricane Katrina wiped out many New Orleans patients' records, but those covered by the Veterans' Administration
could walk into any VA hospital and find their files waiting for them. But centralisation can bring serious privacy failures: following the UK health service's National Programme for IT (NPfIT) receptionists
found they could access psychiatric casenotes, and over 700,000 people
opted out of an early centralised system. Such systems can also impair
functionality: once they are no longer bought by doctors but by large
firms or ministries, they become less good at supporting healthcare in
many subtle ways. And once the records are available in one place,
there are huge pressures for access by all manner of organisations,
benevolent and otherwise; lobbying over the new EU data protection
regulation is so fierce that the European Parliament and Council may
not be able to agree on it. Regulation is poor, as regulators are
captured by powerful lobbies; the safety of medical equipment still
awaits its Ralph Nader. Medical records are a hard problem not just
because the subject matter and the workflow are complex, but because
support systems embody power relationships and are the scene of fierce
struggles for control and for money. Into this cauldron, we are about
to add genomics. How will the world change once patients can add their
DNA sequence data to their records?
Bio:
Ross Anderson is Professor of Security Engineering at Cambridge
University. He holds a Brandeis award for lifetime achievement in
health privacy; he has worked for the British and Icelandic medical
associations, been a special advisor to the UK parliament's health
committee, and was an author of "Database State" – a report that led
the UK government in 2010 to cancel two large systems to collect data
on children. He has made a number of technical contributions to
security, from cryptography through hardware tamper-resistance to API
security; and he is one of the founders of security economics, which
brings the tools of game theory and microeconomic analysis to bear on
complex multistakeholder systems.