Data protection

[Nicola Macdonald]

Hello, 

I'm trying to progress getting OpenREM for our health board so I'm currently navigating the ehealth minefield.

For the 'data protection impact assessment" I need to know "Will the project involved the collection of new identifiable or potentially identifiable information about individuals?"

From the demo system, it looks like all that is accessible to the user is the accession number. I don't know the ins and outs of how the system works. Do you consider it to be collecting identifiable data, even if that data is only present in the system for a short time and all that remains is the accession number? Obviously, the data allows the patient to be identified if you go back to the source of the data. I think i'm tying myself in knots here, help!

Nicola

[Ed McDonagh]

Hi Nicola

You have choices...

Patient identifiable data will be sent/pulled into the system to be processed, and can then be deleted automatically. The following data is always retained:

• Patient age at time of study (which could be used to get approximate date of birth)
• Patient sex
• Patient height and weight
• Accession number - not considered patient identifiable in the UK, but can be encrypted with a one-way hash if required

You can then choose to retain the following in addition:

• Patient name
• Patient ID
• Patient date of birth

As with the accession number, the patient name and ID can be encrypted with a one-way hash if required.

The reasons that you might want to retain patient name and ID, with or without encryption are:

• Finding patients for incident investigations (though normally accession number will suffice)
• Tracking cumulative dose where this is relevant, for example for skin dose alerts over a defined period.

If patient names and IDs are retained, then users with the right permissions will be able to search using those terms and export with those data, but not view them in the web interface. If they are encrypted, then searching will require an exact match in order to get the same one-way hash to match against. 

Finally, the encryption is not salted or particularly secure, but it does prevent a trivial tracing of which patient any particular data belonged to, and is probably a good balance between not retaining any patient identifiable data you don't have a need to hold, and being able to do cumulative dose alerts.

I hope that helps? See https://docs.openrem.org/en/0.10.0-docs/patientid.html for the docs on this topic.

Kind regards

Ed

--
You received this message because you are subscribed to the Google Groups "OpenREM" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openrem+u...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/openrem/67c45fa6-d7a3-4def-aa7f-7122a1b1898fn%40googlegroups.com.