How to protect Medical Data

Medical information and Database Systems

How does one model a data system, this was a question posed in recent discussion. Normally this should be implemented based on best practice of Database analysis and Requirements engineering.

This therefore involves a number of stages.

1- Talk to the clients

2- Create various use cases

3- Model the data using Entity-Relationship Diagrams

4- Normalise the Data from above.

5- Create the database

None of these directly impinges on legal matters, beyond the normal contractual obligations a designer owes the employer and the standard data protection rules that are present in now nearly all jurisdictions.

However, there is one aspect of data modeling where there is special emphasis, is that of sensitive data :specifically that which has its origins from medical patients. Sensitive data is of the kind mentioned as per the EU's Data Privacy Directive Article 8 as "racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health". Given the confidenital nature of the Doctor/Patient relationship, there must be a reasonable expectation of privacy.

Therefore the best practices which can be designed to secure this are:

- Ensure that there is adequate physical security. For instance where the data is being processed on site that simple steps such as having secure ids to enter a lockable room should be standard.

- Ensure that there is adequate electronic security. That access to computers must depend on at least one stage security methods; such as fingerprints or passwords unique to each user.

- That the Sysadmin ensures that the virus protections are functional and has a process for updating & patching the underlying operating system to combat Zero-Day exploits.

- Use the Database system itself as a tool to provide security. Instead of allowing a normal access user to view the underlying table, create views which filter out only data which the user can access to fulfill their role, but no more than that. In additional engaging auditing of who viewed, updated or deleted records, This provides an excellent tool to investigators overseeing any potential issues.

- Finally, if the data were encrypted this would potentially foil any large scale data breach.

Medical data is valuable. The UK's NHS has advanced plans in place to sell such to companies - link. This data will undergo anonymization so as to purge the personal details of patients: thus removing the data from the remit of the EU Data Directive. That this process can sometimes be undone is known from such well documented cases as Netflix. 

Thus this implies a need to design security considerations within the DNA of any database system which processes medical records. This should be done both to protect a valued economic resource and to remain within a statutory duty.