next up previous
Next: Introduction

Cambridge University Computer Laboratory
Pembroke Street, Cambridge CB2 3QG

An Update on the BMA Security Policy

Ross Anderson

Also available in pdf.


In this article, we attempt to step back from the current dispute between the BMA and the government and describe it as a whole. We give a brief account of the origins and development of the BMA security policy and guidelines. We then summarise the feedback so far, and discuss its practical implications (which were the focus of official objections). Experience of pilot projects and systems overseas shows that many of the problems can be solved fairly easily by available technology.

The policy has clarified things significantly, and we now see that the remaining `hard' problems are unavoidably political. They pit long established patient rights and professional privileges against the NHS's Information Management and Technology Strategy, which directs healthcare computing investment away from clinical systems to build a series of databases that will make personal health information available centrally to administrators. Our investigation of this has been slowed (though not thwarted) by systematic official obstruction, which suggests that administrators are uncomfortably aware of the ethical problems.

Ross Anderson
Tue Jun 25 08:31:53 BST 1996