Privacy and Health Research. Cybersecurity

05/01/1997

Keeping data secure obviously is part of the craft of privacy-protection. Electronic processing poses security challenges far more complex than paper processing does. In networked computerized systems the notions of "record" and "file" lose much of their meaning; data can be copied, split apart, reordered, assembled into new combinations, altered, and moved around with technical ease. Moreover, data "location" in networks is elusive, being a matter of shifting multiple access-points on interconnected web segments. The nets themselves may easily transcend geopolitical boundaries. Thus the rubric, "cybersecurity," is used here to connote the new character of the problems.

Sheer scale and interconnectedness of databases can be cause for concern. As was vividly expressed by Ross Anderson, referring to the U.K. National Health Service's system-wide "NHS- Net":114

We may not be much concerned that a general practitioner's receptionist has access to the records of 2,000 patients; but we would be very concerned indeed if 32,000 general practitioners' receptionists all had access to the records of 56,000,000 patients.


(114) Ross J. Anderson, Security in Clinical Information Systems, p. 5 (Commissioned for the Council, British Medical Association, Tavistock Square, London WC1H 9JP, January 1996). This is a solid review in British context. Available on the Internet at <http://www.cl.cam.ac.uk/users/rja14/policy11/policy11.html >.