Darren Mundy

Patient privacy in electronic prescription transfer

In paper-based prescribing in the United Kingdoms National Health Service (NHS), patients are responsible for protecting the privacy of their prescription information while it is in transit from the prescriber to the dispenser. The UK government has introduced a plan for future NHS reform that includes a change from paper-based prescribing to a national electronic transfer of prescriptions (ETP) system. This brings with it concerns for patient data privacy and questions about the burden of trust placed on professionals in the ETP system. As recently seen in the Emilio Calatayud case in the United States, systems that contain an aggregation of identifiable personal information can be abused. A similar case could result from malpractice in an ETP system. We have developed and implemented an ETP system for the UK NHS. We present our system for protecting the privacy of patient data, describe how we implemented it in Java, and discuss how others can use our system for other applications both inside and outside the healthcare sector.

Electronic transmission of prescriptions: towards realising the dream

The UK National Health Service (NHS) is about to commence upon major computerisation of its processes as part of a government plan of modernisation. One of these is the Electronic Transmission of Prescription (ETP). To achieve success it is important to know what benefits are expected from the new system and what barriers to adoption the systems will face. This paper reviews substantial ETP published material, and identifies 17 issues that need to be addressed. These issues are categorised under four major headings of stakeholders, cost, technology, and current process and practice, and are then further classified as positive or negative influences on the projects success. Many of these influences will be common to most of the computerisation projects to be undertaken by the NHS, and therefore this paper has wider applicability than ETP.

An XML alternative for performance and security: ASN.1

The UK government, for example, is firmly committed to making XML the basis for electronic transactions through their e-Government Interoperability Framework, e-Government Metadata Framework, and GovTalk program. Indeed, many UK government agencies are investigating the adoption of XML as the protocol for e-services, such as prescriptions, contracts, and personal health records. But although many have touted XML as a true e-business enabler, rarely does a technology suit in every IT scenario. In XMLs case, the drawback is performance. XML is an uncompressed textual syntax that remains in human-readable form from creation to deletion. This characteristic can degrade performance because it takes time to construct and deconstruct the syntax, and the translation increases data-stream size, which in turn increases data transfer time. Motivated by this concern, we devised a series of tests to compare XML messages with equivalent messages written in Abstract Syntax Notation One with Basic Encoding Rules (ASN.1/BER). ASN.1 is a protocol specification language, first standardized in 1984. The encoding rules, of which BER is only one variety, are used to condense the ASN.1 textual representation into a binary data stream. The goal of our test was to gather data to inform the UK Department of Health, which has requested the use of XML for encoding electronic prescriptions. In short, we wanted to see if XML or ASN.1 was the more efficient mechanism. Our tests cover the creation, transmission, and retrieval performances of the two languages. The test bed was a trial electronic prescription system already in place that uses an application certificate to transmit a prescription.

Policy based electronic transmission of prescriptions

We describe the PERMIS PMI role based authorisation policy, and show how it has been applied to the electronic transfer of prescriptions (ETP). The assignment of roles is distributed to the appropriate authorities in the health care and government sectors. This includes the assignment of both professional roles such as doctor and dentist, as well as patient roles that entitle patients to free prescriptions. All roles are stored as X.509 attribute certificates (ACs) in LDAP directories, which are managed by the assigning authorities. The PERMIS policy based decision engine subsequently retrieves these role ACs in order to make granted or denied access control decisions required by the ETP applications. The source of authority for setting the ETP policy is assumed to be the Secretary of State for Health. The ETP policy says what roles are recognised, who is authorised to assign the roles, what privileges are granted to each role and what conditions are attached to these privileges. The ETP policy is then formatted in XML, embedded in an X.509 attribute certificate, digitally signed by the Secretary of State for Health, and then stored in an LDAP directory. From here it can be accessed by all the ETP applications in the UK National Health Service that contain embedded policy based PERMIS decision engines.

The Adaptive Intelligent Personalised Learning Environment

As individuals the ideal learning scenario would be a learning environment tailored just for how we like to learn, personalized to our requirements. This has previously been almost inconceivable given the complexities of learning, the constraints within the environments in which we teach and the need for global repositories of knowledge to facilitate this process. Whilst it still is not necessarily achievable in its full sense this project represents a path towards the presented ideal. Findings from our research into the development of a model and intelligent algorithms for personalised learning are presented. Our model is built on the premise of an ideal system being one which does not just consider the individual but also considers groupings of likeminded individuals and their power to influence learner choice.

Trust Development and Management in Virtual Communities

The web is increasingly used as a platform and an enabler for the existence of virtual communities. However, there is evidence that the growth and adoption of these communities is being held back by many barriers- including that of trust development and management. This paper discusses the potential benefits and barriers to the introduction of trust development and management in virtual communities. Based on the analysis of the barriers and benefits of trust development and management, mechanisms for supporting its development and management is proposed and presented. Ideas for further research are presented and discussed. The paper is based on ongoing research and is part of a research bid towards the introduction of a trust development and management framework to support the creation of trusted virtual communities.

Security issues in the electronic transmission of prescriptions

The UK government has stated within its plan of reform for the National Health Service that a secure system for the Electronic Transfer of Prescriptions will be available by 2004. The objectives of this paper are to highlight the significant barriers faced in securing an ETP system, to provide a critical analysis of the security mechanisms in the models currently being piloted and to suggest an alternative revised model which overcomes the identified deficiencies and security hurdles. To identify the significant security issues relevant to the adoption of ETP, the authors have combined their analysis of present prescription processing practice with their knowledge of computer security. The authors identify and describe how the issues of patient confidentiality, authorization, identity authentication, audit, scalability, availability and reliability are significant barriers to the adoption of ETP, particularly if they effect ease of use. The papers contribution to the field of ETP is to suggest solutions to each of the identified security issues and to combine the solutions together in a revised and developed model.

Context-orientated news riltering for web 2.0 and beyond

How can we solve the problem of information overload in news syndication? This poster outlines the path from keyword-based body text matching to distance-measurable taxonomic tag matching, on to context scale and practical uses.

Customer privacy on UK healthcare websites.

Privacy has been and continues to be one of the key challenges of an age devoted to the accumulation, processing, and mining of electronic information. In particular, privacy of healthcare-related information is seen as a key issue as health organizations move towards the electronic provision of services. The aim of the research detailed in this paper has been to analyse privacy policies on popular UK healthcare-related websites to determine the extent to which consumer privacy is protected. The author has combined approaches (such as approaches focused on usability, policy content, and policy quality) used in studies by other researchers on e-commerce and US healthcare websites to provide a comprehensive analysis of UK healthcare privacy policies. The author identifies a wide range of issues related to the protection of consumer privacy through his research analysis using quantitative results. The main outcomes from the authors research are that only 61% of healthcare-related websites in their sample group posted privacy policies. In addition, most of the posted privacy policies had poor readability standards and included a variety of privacy vulnerability statements. Overall, the authors findings represent significant current issues in relation to healthcare information protection on the Internet. The hope is that raising awareness of these results will drive forward changes in the industry, similar to those experienced with information quality.

Experiences of using a PKI to access a hospital information system by high street opticians

This paper describes a system that gives opticians Internet access from their high street shops to patient data held in a hospital Diabetes Information System (DIS), using a standard Web browser. The system is a revision of an earlier one we provided to General Practitioners (GPs), and uses a public key infrastructure with strong encryption and digitally signed messages to secure the data as it traverses the Internet. We describe the PKI and the security architecture, the DIS we chose to distribute, the changes that we made to the Web interface to tailor it to the opticians needs, the validation testing we performed, the results of the pilot testing and the feedback we obtained from the opticians. We also compare the results with our earlier work with GPs. We found that in a well-designed system the underlying PKI is virtually invisible to the users, and its security is taken for granted. Users then concentrate on the costs and benefits of the electronic application. In our system, benefits can accrue to opticians by giving them access to the latest patient data, and this can help to improve patient care. Benefits also accrue to the DIS administrators and the wider community of DIS users, in that data quality can be significantly improved. However, we found that the slow speed of Internet access via a dial up connection is a significant impediment to its frequent use. We also found that it is extremely difficult to produce a user interface that pleases everyone. Finally, in complex information systems such as this PKI, failure of just one component or administrative procedure can have a catastrophic effect on the availability of the entire system.