Via John Naughton. My default position is that most personal health related material on the web or via ‘secure’ email is not private, and open to NSA / GCHQ etc.
There is an interesting article by Cory Doctorow in the Guardian, in which he draws parallels between public health and computer security. It is worth reading in conjunction with some of Bruce Schneier’s stuff (the security guru, as the Economist calls him). If only medical education was a little more agile, this topic would form a great module for some students. I suspect however that students just get a ‘professionalism fix’ on using encrypted USB drives on NHS machines (yes, those ones running IE6). We are missing the chance to talk about big issues: the apparent data breaches by the English NHS (see letter from Ross Anderson and others here); and the inability of the Wellcome Trust—amongst others— to understand the limits to anonymisation, nor the fact that research does not trump all other values. So students, if you wanted to hack medical information, whether paper or digital, how would you go about doing it? I suspect students would find such an approach interesting, and those running the NHS might learn something too (I am not of course suggesting they try to breach security, merely that they are forced to think about some of the tradeoffs involved —scale, security, ease of use etc). For all of this to fly, we need genuine ‘core’ and ‘options’, something that seems as likely as a system immune to hacking. And we need to educate them, so that they do not think data security is something they get told about in a FY1 induction pack. (And of course, we might ask them to appraise some of Doctorow’s metaphors re typhus, cholera and the importance of water in disease spread)