Next: About this document
Up: No Title
Previous: Conclusions
References
- Ald95
-
``Nurse sacked for altering records after baby's death'', K Alderson, The
Times 29 November 95 p 6
- Amo94
-
`Fundamentals of Computer Security Technology', E Amoroso, Prentice Hall
1994
- And96
-
``Medical System Security --- Interim Guidelines'', RJ Anderson, to appear in
British Medical Journal 13th January 1996
- Aus95
-
`Australian Standard 4400: Personal privacy protection in health care
information systems', Standards Australia, 1995
- AC95a
-
`Setting the Records Straight --- A Study of Hospital Medical Records',
Audit Commission,, June 1995
- AC95b
-
`For Your Information --- A Study of Information Management and Systems in
the Acute Hospital', Audit Commission,, July 1995
- ACH95
-
`Keeping Information Confidential', Association of Community Health
Councils for England and Wales, May 1995
- AD94
-
``Security of Health Information Systems in France: what we do will no longer
be different from what we tell'', FA Albert, L Duserre, International Journal
of Biomedical Computing v 35 (supplement, 1994) pp 201--204
- AIS95
-
`AIS --- Advanced Information System', FHS Computer Unit, 1995
- Boy94
-
`Draft guidance for the NHS on the confidentiality, use and disclosure of
personal health information', N Boyd, Department of Health, 10 August 1994
- Bru95
-
``Is your health history anyone's business?'' McCall's Magazine 4/95 p 54,
reported by M Bruce on Usenet newsgroup comp.society.privacy, 22 Mar 1995
- BMA95
-
`A Bill Governing Collection, Use and Disclosure of Personal Health
Information', British Medical Association 1995
- Cae95
-
WJ Caelli, personal communication, July 1995
- CR94
-
``Who's reading your medical records?'' Consumer Reports, Oct 94 pp 628--632
- DGMW94
-
`How to Keep a Clinical Confidence', B Darley, A Griew, K MsLoughlin, J
Williams, HMSO 1994
- DL95
-
Data Logic product information at
http://www.datlog.co.uk/
- DPA84
-
`Data Protection Act', 1984
- DPR95
-
`Identity Cards: A Consultation Document CM2879 --- Response of the Data
Protection Registrar', October 1995
- EU91
-
`Information Technology Security Evaluation Criteria', EU document
COM(90) 314 (June 1991)
- EU95
-
`On the protection of individuals with regard to the processing of
personal data and on the free movement of such data (final)', Directive of the
European Parliament and the Council, adopted by the Council on 24 July 1995
- Gil95
-
``MDU Muddle re Death Pills'', C Gilbert, gp-uk mailing list, 23rd October
1995
- GC95
-
`A Strategy for Security of the Electronic Patient Record', A Griew, R
Currell, Institute for Health Informatics, University of Wales, Aberystwyth,
14th March 1995
- GMC1
-
`Good medical practice', General Medical Council, 178--202 Great Portland
Street, London W1N 6JE
- GMC2
-
`Confidentiality, General Medical Council, 178--202 Great Portland
Street, London W1N 6JE
- GTP93
-
``Privacy and Security of Personal Information in a New Health Care System'',
LO Gostin, J Turek-Brezina, M Powers et al., Journal of the American Medical
Association v 20 (24/11/93) pp 2487--2493
- Haw95
-
``Confidentiality of personal information: a patient survey'', A Hawker,
Journal of Informatics in Primary Care, 1995 (March) pp 16--19
- HRM93
-
``RMs need to safeguard computerised patient records to protect hospitals'',
Hospital Risk Management 1993 v 9 (September) pp 129--140
- JCG88
-
``GMSC and RCGP guidelines for the extraction and use of data from general
practitioner computer systems by organisations external to the practice'',
Appendix III in `Committee on Standards of Data Extraction from General
Practice Guidelines' Joint Computer Group of the GMSC and RCGP, 1988
- JHC94
-
``Nurse Jailed for Hacking into Computerised Prescription System'',
British Journal of Healthcare Computing and Information Management v 1 (94) p
7
- LB94
-
``Your Secrets for Sale'', N Luck, J Burns, The Daily Express, 16/2/94 pp
32--33
- MRI94
-
``Integrated Health Delivery Needs Integrated Health Record Systems'',
Medical Records Institute newsletter v 3 no 5 (December 94) pp 1--9
- Mac94
-
Letter from AW Macara to JS Metters, 31 October 1994, on `Draft guidance for
the NHS on the confidentiality, use and disclosure of personal health
information'
- Mar95
-
``Fear of Flowing'', DC Markwell, Proceedings of the 1995 Annual Conference of
The Primary Health Care Specialist Group of the British Computer Society, pp
36--42
- NHS92
-
`Handling confidential patient information in contracting: A Code of
Practice', NHS Information Management Group EL(92)60, catalogue number
2009(c), news info 132
- NHS95
-
`The Handbook of Information Security --- Information Security within
General Practice', NHS Executive Information Management Group E5209 (May 1995)
- NZ94
-
`Health Information Privacy Code 1994', New Zealand Privacy Commissioner,
1994/1/1
- OTA93
-
`Protecting Privacy in Computerized Medical Information', Office of
Technology Assessment, US Government Printing Office, 1993
- PK95
-
``GP Practice computer security survey'', RA Pitchford, S Kay, Journal of
Informatics in Primary Care, September 95, pp 6--12
- Ros95
-
``Institutionell-organisatorische Gestaltung
informationstechnischer
Sicherungsinfrostrukturen'', A Roß nagel, Datenschutz und Datensicherung
(5/95) pp 259--269
- RAC+93
-
`Interim Code of Practice for Computerised Medical Records in General
Practice', Royal Australian College of General Practitioners, February
93
- RFA93
-
`Requirements for accreditation, general medical practice computer
systems', NHS management executive 1993
- RL95
-
``For Sale: your secret medical records for £ 150'', L Rogers, D Leppard,
Sunday Times 26/11/95 pp 1--2
- RSM92
-
`Computers in Medical Audit', second edition, M Rigby, A McBride, C
Shields, Royal Society of Medicine, London, 1992
- Sch95
-
`Applied Cryptography', B Schneier, second edition, Wiley 1995
- See95
-
``Marketing use of medical DB'', M Seecof, Usenet newsgroup comp.risks 17.12
- Smu94
-
`Health Care Information: Access and Protection', RH Smuckler, Institute
for Primary Care Informatics, 1994
- Som93
-
`Medical Ethics Today --- Its Practice and Philosophy', A Sommerville,
BMA 1993
- Tho95
-
``Sex Stalker Plays Doctor to Trick Victims'', M Thomas, PA newswire no 1236,
7/7/95
- TCP+93
-
`The Canadian trusted Computer Product Evaluation Criteria',
Communications Security Establishment, Government of Canada, January 1993
- TCS+85
-
`Trusted Computer System Evaluation Criteria', US Department of Defense
document 5200.28-STD, December 1985
- USA95
-
``Online medical records raise privacy fears'', USA Today, 22/3/95 pp 1A--2A
- Woo95
-
``The computer-based patient record and confidentiality'', B Woodward, New
England Journal of Medicine v 333 no 21 (95) pp 1419--1422
- Wri91
-
`The Law of Electronic Commerce: EDI, Fax and Email', B Wright, Little,
Brown (fourth edition with supplement) 1994
- WHC95
-
`Workshop on Health Care --- Confidentiality: discussing current
initiatives', held at the BMA on 4th April 1995; transcript supplied by RH
Pyne
The sixth principle of the current Data Protection Act [DPA84] states that
personal information `shall not be held for longer than is necessary'. A more
colourful principle is stated by the Information and Privacy Commissioner,
British Columbia, Canada: `The right to be forgotten, including the ultimate
anonymization or destruction of almost all personal information' [IPC94]. It is
thus conceivable that a legal action could be brought for the destruction of a
medical record before the usual eight year period had expired. We know of no
case where early record destruction has been requested; but we merely use the
term `appropriate time period'.
Ross Anderson
Fri Jan 12 10:49:45 GMT 1996