individual health identifier (ireland) - privacy impact assessment

Delivering eHealth Ireland | Office of the Chief Information Officer

THE INDIVIDUAL HEALTH

IDENTIFIER

Clare Sanderson

IG Solutions, Liverpool

1


Agenda

1. Presentation:

Background to the Individual Health Identifier

Explanation of what a Privacy Impact Assessment is

Explain what we have done

Proposals for the public consultation

2. Discussion with the group

How we will present the findings

Questions we will ask


Health Identifier Act 2014

A unique number (an Individual Health Identifier or IHI) will be assigned to each person that has used, is using or may use a health or social care service in Ireland

A unique number (a Health Service Provider Identifier or HSPI) will be assigned to any practitioner or organisation who provides a health or social care service in Ireland

NOTE - We are only concerned with the IHI at this stage.


Health Identifier Act 2014 (continued)

A register of IHIs and related personal information will be established and maintained.

The register will not contain any clinical information

The Minister for Health will agree who can access the register and process the personal data it holds

The Minister for Health can delegate functions to the Health Service Executive


Why do you need an IHI?

Your IHI will help:

Health service providers to identify you uniquely

To improve patient safety

Your records in different healthcare providers to be

accurately associated with you

To share information between those who are looking

after you for example on referral letters sent from a

public hospital to a private GP

The electronic transfer of your health information,

which results in faster care for you.


Some facts about the IHI

Your IHI will look like this:

5934-014 893-485-897-3-2

Your IHI doesn’t contain any personal information about you (such as your date of birth)

Your IHI will be allocated at random

Your IHI will never be allocated to anyone else, even after you die


What information is held on the IHI register?

The IHI register contains demographic information,

(no clinical information): (a) surname;

(b) forename;

(c) date of birth;

(d) place of birth;

(e) sex;

(f) all former surnames;

(g) mother’s surname at birth;

(h) address;

(i) nationality;

(j) personal public service number PPSN (if any)

(k) date of death in the case of a deceased individual;

(l) signature

(m) photograph


What is a Privacy Impact Assessment?

A PIA is an approach that helps us to make

sure

we have safeguards in place to protect your

information

we abide by data protection laws

A PIA is recommended by the Data Protection

Commissioner and the Health Information and

Quality Authority for projects like this.


What does A PIA involve?

Discussions with a range of stakeholders

(including the public) about:

The design of the IHI project

The benefits of having an IHI

The risks to your privacy

Safeguards to mitigate the risks which will either:

Reduce the possibility that the risk will occur

Reduce the impact if it does occur

Identification of those responsible for implementing

the safeguards


Public consultation

The consultation is part of the stakeholder

engagement

It will allow the public to provide their views


Why do we want your help?

This is a complex topic:

Use of plain English!

Include a short summary at the front

BUT

How can we get the technical aspects over in an

understandable way?

Will our questions get the feedback we are looking

for?


Discussion Topics

How we will present the key components of

the PIA in the consultation document:

1. Technical descriptions

2. Benefits

3. Privacy Risks & Safeguards


1. Technical Descriptions – the issue

The Legal Basis for the IHI

What a Privacy Impact Assessment is

How the IHI register will be created and used


1. Technical Descriptions - solution

Options:

Include details in the main body of the consultation document

Summarise in body of the document and include details as appendices to the document

Summarise in the FAQs

Other?


2. Benefits – the issue

Benefits apply to you, your health and social care providers and your GP.

Should we state them all or just yours?

Should we also provide examples / scenarios?


Stating the benefits

16

Should we add…..

For example, your GP sends a letter to Beaumont hospital referring you for an outpatient appointment but the hospital has two patients with your name and date of birth. If your IHI is included in the letter this will help to ensure that YOUR medical records are available at outpatient clinic.


The question we will ask

Are all the benefits clear to you? Y/N Should we add NOT SURE?

Are there any other benefits we should include?


3 Privacy Risks & Safeguards – the issue

Privacy Issue Prob’y Impact Risk

Score

Proposed mitigation actions or controls Prob’y Impact Risk

Score

Establishment of the

National Register

creates a risk that

personal confidential

information may be

accessed illegally

(e.g. identity theft,

sold or otherwise

misused by

commercial

organisations)

4 5 20 Responsibility for the technical solution and physical controls lies with the Office

of the Chief Information Officer

The health identifiers operator implements appropriate security controls around

the National Register that meet current best practice for data protection

(including for example data is encrypted at all stages).

The health identifiers operator has safe and effective recruitment practices in

place.

The health identifiers operator seeks to prosecute those (both internal staff and

external organisations) that knowingly access or process the Individual Health

Identifier data inappropriately as provided for within the provisions of the Act.

The National Register will only be held on servers physically located within Ireland

Implement the HIQA IG standards

1 5 5


How the scoring works

19

Likelihood

Impact Rare

1

Unlikely

2

Possible

3

Likely

4

Highly Likely

5

Negligible - 1 1 2 3 4 5

Minor - 2 2 4 6 8 10

Moderate - 3 3 6 9 12 15

Major - 4 4 8 12 16 20

Critical - 5 5 10 15 20 25

LOW (1-7) MEDIUM (8-14) HIGH (15-25)


3 Privacy Risks & Safeguards – the issue

Privacy Issue Prob’y Impact Risk

Score


Score

Establishment of the

National Register

creates a risk that

personal confidential

information may be

accessed illegally

(e.g. identity theft,

sold or otherwise

misused by

commercial

organisations)

4 5 20 Responsibility for the technical solution and physical controls lies with the Office

of the Chief Information Officer

The health identifiers operator implements appropriate security controls around

the National Register that meet current best practice for data protection

(including for example data is encrypted at all stages).

The health identifiers operator has safe and effective recruitment practices in

place.

The health identifiers operator seeks to prosecute those (both internal staff and

external organisations) that knowingly access or process the Individual Health

Identifier data inappropriately as provided for within the provisions of the Act.

The National Register will only be held on servers physically located within Ireland

Implement the HIQA IG standards

1 5 5


3. Privacy Risks & Safeguards – the solution?

21

Risk Prob’y Impact Risk

Score


Score

Children attending St

Ignatius Primacy

School have to cross

a busy road and are

at risk of being run

over.

4 5 20 Reduce the speed limit for cars outside the school to 20 mph

Improve street lighting outside the school

Add road signs to warn drivers that there is a school in 100 yards

Prevent parents from parking on the road to drop children off

Provide a school road crossing warden at start and end of school day

1 4 4



Have we identified all the privacy risks? Y/N Should we add NOT SURE?

Are there any other privacy risks we should include?



Have we identified sufficient safeguards to supplement the HIQA IG standards? Y/N

Should we add NOT SURE?

Are there any other safeguards we should include?


The final question we will ask

Is there anything else you wish to add? Y/N


Public consultation

We will engage with patient advocacy groups

We will include FAQs – copies are at the back

We would appreciate your feedback to:

[email protected]

mailto:[email protected]


Thank you for taking part today

individual health identifier (ireland) - privacy impact assessment

Healthcare