Information Security and Exploration .


46 views
Uploaded on:
Category: Animals / Pets
Description
Draft Guidelines on Health Research. Counsel on Personal Data use for Health Research ... Where a wellbeing office (e.g. doctor's facility) envisions research ...
Transcripts
Slide 1

Information Protection and Research – Implications for a National Out-of-Hospital Cardiac Arrest Register NUI Galway Dept of General Practice Lunchtime workshop 20 November Gary Davis Deputy Data Protection Commissioner

Slide 2

Presentation Outline Data Protection: Human Right to Privacy Data Protection Principles Protecting Personal Health Information Draft Guidelines on Health Research

Slide 3

Survey Results (2005) (1) Is security vital? important essential Crime Prevention 7% 91% Personal Privacy 9% 89% Consumer protection 12% 85% Workplace equality 11% 82% Ethics out in the open office 14% 78%

Slide 4

Financial records Medical Records PPS Number Credit Card Details Telephone No Home Address Date of Birth Marital Status Survey (2): Privacy most vital in connection to-

Slide 5

Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : vital in a Democratic Society Not total: other fundamental Rights on a Democratic Society ( e.g. Opportunity of Expression, Rights of Others)

Slide 6

Constitution Implicit Right to Personal Privacy under Article 40.3.1 … The State ensures in its laws to regard, and, to the extent practicable, by its laws to safeguard and vindicate the individual privileges of the residents Court Interpretation: the privilege to security is one of the essential individual privileges of the native which stream from the Christian and popularity based nature of the State

Slide 7

European Human Rights Convention Explicit Right to Personal Privacy under Article 8 of European Convention for the Protection of Human Rights & Fundamental Freedoms (ECHR) ECHR now in a roundabout way piece of local law because of ECHR Act 2003

Slide 8

ECHR Article 8: Privacy ( 1) Everyone has the privilege to regard for his private and family life, his home and his correspondence. (2) There might be no obstruction by an open power with the activity of this privilege aside from as per the law and is important in a popularity based society in light of a legitimate concern for national security, open wellbeing or the financial prosperity of the nation, for the anticipation of confusion or wrongdoing, for the assurance of wellbeing or ethics, or for the insurance of the rights and opportunities of others

Slide 9

EU/EEA Directives Directive 95/46/EC Protection of Individuals as to the Processing of Personal Data and on the Free Movement of such Data Directive 2002/58/EC Privacy and Electronic Communications

Slide 10

Data Protection Directive 95/46/EC Electronic Privacy Directive 2002/58/EC EUROPOL and so forth Data Protection Acts 1988 & 2003 EC Electronic Privacy Regulations 2003 (SI 535/2003) Corresponding Acts Good Friday Agreement Disability Act 2005 EU & Irish Legislation

Slide 11

Presentation Outline Data Protection: Human Right to Privacy Data Protection Principles Protecting Personal Health Information Draft Guidelines on Health Research

Slide 12

Definitions: Personal Data "Information identifying with a living person who is or can be distinguished either from the information or from the information in conjunction with other data that is in, or is prone to come into, the ownership of the information controller " ( DP Act, Section 1) Applies to any information that is handled (incorporates facilitating) utilizing any medium by a lawful substance basically. Paper, PC, system, web, telephone and so forth. Just identifies with a living individual

Slide 13

Fair getting & handling Consent Specified reason No revelation unless "perfect" Safe and secure Accurate, a la mode Relevant, not unreasonable Retention period Right of access Independent Supervisory Authority European Data Protection Rules

Slide 14

General tenet – no divulgence for various reason Exceptions made, to adjust different premiums of society Section 8 exemptions Investigation of wrongdoing Collection of duties Security of the State Protect life & appendage Required by Law No broad "open premium" test Restrictions on exposure

Slide 15

Role of the Data Protection Commissioner Ombudsman Role : determination of debate between information subjects and information controllers or processors Enforcer Role: consistence by information controllers & processors Educational Role: Promotes DP rights and great practice Registration Authority : commitment on real holders of individual information to be put on open register

Slide 16

Presentation Outline Data Protection: Human Right to Privacy Data Protection Principles Protecting Personal Health Information Draft Guidelines on Health Research

Slide 17

Data Protection & Health Data on physical or psychological well-being or condition or sexual life are \'delicate individual information\' with uncommon assurance yet some breathing space for: Processing of Data "kept for factual or research or other experimental purposes" Processing "vital for medicinal purposes"(including restorative research) and completed by a "wellbeing expert" or somebody who owes a proportionate obligation of classification DP and Medical Ethics commonly fortifying

Slide 18

Presentation Outline Data Protection: Human Right to Privacy Data Protection Principles Protecting Personal Health Information Draft Guidelines on Health Research

Slide 19

Consultation on Personal Data use for Health Research Try to achieve accord on adjusted methodology reflecting Irish conditions Seminar November 2006 Addressed by speakers from alternate points of view (HSE, general wellbeing, research) EUROSOCAP rules (www.eurosocap.org)

Slide 20

Draft Guidelines Paper Presented July 2007 (on www.dataprotection.ie) Comments up to 21 September 11 Submissions got Final form in coming weeks

Slide 21

Draft Guidelines: Key Points Use anonymised/pseudonomised persistent information wherever conceivable Where a wellbeing office (e.g. healing facility) envisions research utilization of identifiable patient information, look for patient assent at most punctual conceivable open door, supported by patient handout and examination arrangement endorsed by morals board of trustees Treat identifiable individual information on "need to know" premise Recognizes plausibility inside Acts for exploration to be embraced by the Data Controller itself. Makes arrangement for setting for looking for assent including where a man not in a position to give it.

Slide 22

Anonymisation Effectively anonymised information not subject to information assurance acts – so anonymise where conceivable Pseudonimisation, subject to shields, adequate where full anonymisation impractical

Slide 23

Guidelines Paper: Patient Consent "best practice would recommend that permitting the patient decision and giving them data in connection to how their information is utilized ought to be the standard methodology. "

Slide 24

Guidelines Paper: Patient Consent "What is being advanced here is a generally basic model that each exertion ought to be made to guarantee that the patient recognizes what could happen to their information for purposes irrelevant to their treatment and are given a chance to assent or deny assent for such utilize. Along these lines, if any proposed utilization of a patient\'s information for purposes irrelevant to their treatment would likely come as an amazement to them, then another and separate assent ought to be looked for."

Slide 25

Guidelines Paper: Patient Consent " an educated and express assent [should] be looked for at the earliest opportunity after a patient presents at a wellbeing office … every information controller [should] think about in as a careful way what such potential [research] uses may be and particularly catching these in a suitable assent bolstered by an instructive patient pamphlet Additional exploration activities, not imagined at the season of looking for the underlying assent, including the utilization of patient information would should be predicated on further particular assents going ahead."

Slide 26

Can anonymised information be utilized to accomplish the points of the proposed venture? Yes/No? Yes – Proceed with proposed venture utilizing information anonymised by the information controller without requiring assent. No – Can pseudonymised information be utilized rather with suitable protections? Yes/No? Yes – Proceed with proposed venture guaranteeing that the way to a man\'s personality is held by the information controller just and not uncovered to outsiders. No – Patient assent is typically required. Has assent for exploration reasons for existing been secured in connection to the documents already? Yes/No? Yes – Is this assent legitimate (sufficiently particular) to cover this specific examination proposition? Yes/No? No – Specific, educated, openly given assent must be caught from people by the information controller. Yes – Proceed with exploration venture (subject to satisfactory shields being set up in connection to security and so on). Once legitimate assent is set up, the examination task can continue (subject to sufficient protections being set up in connection to security and so forth).

Slide 27

OHCAR – KEY POINTS Pilot Project restricted to one HSE territory Difficulties in getting express assent Largest piece of information was not individual information as it identified with dead people Who is the information controller for this situation? Endeavor through grouping of the information to give better care to patients

Slide 28

OHCAR What about information in the private framework and held by GPs? Security game plans for both physical and frameworks set up for access to the information by OHCAR venture director and staff just Intended media crusade in connection to extend

Slide 29

OHCAR From a DP point of view Methodology 1 favored Methodology 2 No trouble with OHCAR gathering information from emergency vehicle administration and A+E Depts to distinguish surviving people Have to manage reality that HSE couldn\'t be viewed as the Data Controller in connection to a vast part of the information

Slide 30

Recommendations on Methodology 2 Informed assent in one of a kind circumstances of task OHCAR to compose to surviving patients plotting all significant data