Vol. 5, No. 4
International Journal of Epidemiology © Oxford University Press 1976
Printed in Great Britain
Editorial Privacy
There is increasing concern in the United Kingdom about the dangers to privacy arising from the use of computers to process personal information. In 1972 the Report of the Committee on Privacy was published (1), this committee, chaired by Kenneth Younger, considered the need for legislation to protect individuals and commercial interests from intrusion by the private sector. This was the first significant publication on the subject apart from the Data Protection Act (1970) of the West German Land of Hesse. In December 1975 the UK government published two further documents—a White Paper 'Computers and Privacy', and a supplement to it 'Computers: Safeguards for Privacy' (2, 3). Both papers, particularly the latter, discussed the impact on privacy of computers in the public sector. In July 1976 the Data Protection Committee was set up to review the implications of a Data Protection Authority proposed in thefirstWhite Paper (2). Although Britain is a relative newcomer among countries to take active steps to protect privacy— Sweden, the Lander of Hessen and RhinelandPalatinate and the United States already have data protection acts and other countries have Bills pending—the subject has been under consideration for many years. The implications for medical practice and research in the UK are not yet clear, but the issues have been discussed broadly and the expectations of the medical world conditioned by the Younger Report and a statement by the Medical Research Council. The Report devotes a whole chapter to Medicine, where it reminds us that the profession imposes a special standard of etiquette backed by statutory machinery; this is emphasized in the MRC document. However, since the remit of the Younger committee was only to consider the private sector,
it did not comment on hospital practice in the NHS, where computers may raise formidable problems of privacy, or on the medical records system of the Department of Health and Social Security. Consequently, the Committee asked for evidence primarily from professional and research organizations; medical organizations stressed the traditional ethic of secrecy of the profession and the British Sociological Association submitted its statement of ethics. The latter requires the researcher to ensure that his subjects actually volunteer to participate in studies; that they understand what they will have to do, what the research is about and what it is for, and who is doing it; that they know the degree of confidentiality involved and their right to be told the results; and the researcher must also ensure that others working with him are aware of these ethical obligations. The Younger Report discusses epidemiological studies at some length and accepts that it requires trust between patient or respondent and the research worker. The Committee felt that prevention and cure of disease are considered, by most people, to be more important than the protection of personal privacy when the two come into conflict; evidence from their survey of public attitudes supported this. Although members of the Committee recommended to the medical world a scrutiny of its principles, in the report they said: 'We have no evidence that any harm has been done so far and we do not think legislation would help in this sphere. We believe that the answer lies basically in professional ethics and we applaud the MRC's decision to attempt to draw up a code of practice laying down guidelines on the practical and ethical aspects of undertaking research involving access to personal medical information and the maintenance of confidentiality.' The statement from the MRC assumes that the registered medical practitioner is, by education,-by
319
Downloaded from http://ije.oxfordjournals.org/ at Carleton University on June 20, 2015
' Whatsoever I will see or hear in the course of my profession, as well as outside my profession in my intercourse with men, if it be what should not be published abroad, I will never divulge, holding such things to be holy secrets.' Hippocratic Oath.
320
INTERNATIONAL JOURNAL OF EPIDEMIOLOGY
be specific to each type of installation. Computers which serve a number of institutions, each with its own terminal, pose substantial threats, for example, from use of data tapes belonging to one group by another or a printed output being produced at the wrong terminal. Even coded data, which may appear safe enough, can be easily deciphered if accompanied by output from standard package programs containing format specifications and the names of the variables. There seems to be a lack of awareness of the dangers of storing epidemiological data because our systems seem so unlikely to be attacked. But, with the changing public attitudes to the relationships between privacy and computers, we must not be found wanting: we must ensure when we write CONFIDENTIAL at the top of a questionnaire that this means not only private but also secure. REFERENCES
(1) Report of the Committee on Privacy. (1972) HMSO London, Cmnd 5012. (2) White Paper Computers and Privacy. (1975) HMSO London. Cmnd 6353. (3) White Paper Computers: Safeguard for Privacy. (1975) HMSO London. Cmnd 6354.
Downloaded from http://ije.oxfordjournals.org/ at Carleton University on June 20, 2015
his ethics and by his status, constrained to respect the privacy of any individual with whom he comes into professional contact. It recommends that the control of medical records becomes the responsibility of a registered practitioner or speciallyconstituted medical committee; data held under the aegis of one practitioner should be passed only to another registered practitioner; and the practitioner who works with non-medically qualified staff must be responsible for the conduct of his colleagues and for making sure confidentiality is safeguarded. It appears from public opinion that, because of the status of the medical profession, the privacy of personal data in the hands of practitioners is effectively taken for granted. However this is only one side of the coin—security of the data entered into computer systems is the other. Security measures are being built into systems used for patient data in hospitals, but to what extent are research workers keeping pace ? The MRC recommend 'proper security' at all times; an example of this is the separation of identity data from the main body of the record. But more detailed precautions are required and they may need to
International Journal of Epidemiology © Oxford University Press 1976
Printed in Great Britain
Editorial Privacy
There is increasing concern in the United Kingdom about the dangers to privacy arising from the use of computers to process personal information. In 1972 the Report of the Committee on Privacy was published (1), this committee, chaired by Kenneth Younger, considered the need for legislation to protect individuals and commercial interests from intrusion by the private sector. This was the first significant publication on the subject apart from the Data Protection Act (1970) of the West German Land of Hesse. In December 1975 the UK government published two further documents—a White Paper 'Computers and Privacy', and a supplement to it 'Computers: Safeguards for Privacy' (2, 3). Both papers, particularly the latter, discussed the impact on privacy of computers in the public sector. In July 1976 the Data Protection Committee was set up to review the implications of a Data Protection Authority proposed in thefirstWhite Paper (2). Although Britain is a relative newcomer among countries to take active steps to protect privacy— Sweden, the Lander of Hessen and RhinelandPalatinate and the United States already have data protection acts and other countries have Bills pending—the subject has been under consideration for many years. The implications for medical practice and research in the UK are not yet clear, but the issues have been discussed broadly and the expectations of the medical world conditioned by the Younger Report and a statement by the Medical Research Council. The Report devotes a whole chapter to Medicine, where it reminds us that the profession imposes a special standard of etiquette backed by statutory machinery; this is emphasized in the MRC document. However, since the remit of the Younger committee was only to consider the private sector,
it did not comment on hospital practice in the NHS, where computers may raise formidable problems of privacy, or on the medical records system of the Department of Health and Social Security. Consequently, the Committee asked for evidence primarily from professional and research organizations; medical organizations stressed the traditional ethic of secrecy of the profession and the British Sociological Association submitted its statement of ethics. The latter requires the researcher to ensure that his subjects actually volunteer to participate in studies; that they understand what they will have to do, what the research is about and what it is for, and who is doing it; that they know the degree of confidentiality involved and their right to be told the results; and the researcher must also ensure that others working with him are aware of these ethical obligations. The Younger Report discusses epidemiological studies at some length and accepts that it requires trust between patient or respondent and the research worker. The Committee felt that prevention and cure of disease are considered, by most people, to be more important than the protection of personal privacy when the two come into conflict; evidence from their survey of public attitudes supported this. Although members of the Committee recommended to the medical world a scrutiny of its principles, in the report they said: 'We have no evidence that any harm has been done so far and we do not think legislation would help in this sphere. We believe that the answer lies basically in professional ethics and we applaud the MRC's decision to attempt to draw up a code of practice laying down guidelines on the practical and ethical aspects of undertaking research involving access to personal medical information and the maintenance of confidentiality.' The statement from the MRC assumes that the registered medical practitioner is, by education,-by
319
Downloaded from http://ije.oxfordjournals.org/ at Carleton University on June 20, 2015
' Whatsoever I will see or hear in the course of my profession, as well as outside my profession in my intercourse with men, if it be what should not be published abroad, I will never divulge, holding such things to be holy secrets.' Hippocratic Oath.
320
INTERNATIONAL JOURNAL OF EPIDEMIOLOGY
be specific to each type of installation. Computers which serve a number of institutions, each with its own terminal, pose substantial threats, for example, from use of data tapes belonging to one group by another or a printed output being produced at the wrong terminal. Even coded data, which may appear safe enough, can be easily deciphered if accompanied by output from standard package programs containing format specifications and the names of the variables. There seems to be a lack of awareness of the dangers of storing epidemiological data because our systems seem so unlikely to be attacked. But, with the changing public attitudes to the relationships between privacy and computers, we must not be found wanting: we must ensure when we write CONFIDENTIAL at the top of a questionnaire that this means not only private but also secure. REFERENCES
(1) Report of the Committee on Privacy. (1972) HMSO London, Cmnd 5012. (2) White Paper Computers and Privacy. (1975) HMSO London. Cmnd 6353. (3) White Paper Computers: Safeguard for Privacy. (1975) HMSO London. Cmnd 6354.
Downloaded from http://ije.oxfordjournals.org/ at Carleton University on June 20, 2015
his ethics and by his status, constrained to respect the privacy of any individual with whom he comes into professional contact. It recommends that the control of medical records becomes the responsibility of a registered practitioner or speciallyconstituted medical committee; data held under the aegis of one practitioner should be passed only to another registered practitioner; and the practitioner who works with non-medically qualified staff must be responsible for the conduct of his colleagues and for making sure confidentiality is safeguarded. It appears from public opinion that, because of the status of the medical profession, the privacy of personal data in the hands of practitioners is effectively taken for granted. However this is only one side of the coin—security of the data entered into computer systems is the other. Security measures are being built into systems used for patient data in hospitals, but to what extent are research workers keeping pace ? The MRC recommend 'proper security' at all times; an example of this is the separation of identity data from the main body of the record. But more detailed precautions are required and they may need to
