In the current information age, an ever increasing amount of information relating to individual citizens is being collected, stored and analysed. For example, the use of credit, debit and loyalty cards enables banks and other organisations to analyse an individual's spending habits and target them with unsolicited offers of loans etc. However unwelcome these offers are to an individual, it is rarely considered that information collected about that individual could be used for unlawful purposes or against the interests of the individual. Fortunately, there are data protection laws in most countries that give individuals certain rights in the data that is collected about them.
In the United Kingdom, anyone processing (including obtaining, holding, and disclosing) personal data must comply with the eight enforceable principles of good practice. According to these principles data must be: fairly and lawfully processed; processed for limited purposes; adequate, relevant and not excessive; accurate; not kept longer than necessary; processed in accordance with the data subject's rights; secure; and not transferred to countries without adequate protection.
Despite the drawbacks of collating information mentioned above, the recordal of data relating to an individual can be empowering to that individual. One area in which this is particularly true is in the field of medicine. The use of computers in medicine has facilitated the processing and storage of electronic medical records in order to better serve the interests of the individual and of the community. Computers contribute towards better medical care by automating techniques, reducing the burden on the doctor's memory and assisted in the compilation of medical records. Medical computer systems meet the new demands of specialisation and teamwork by providing quick and selective access to information on the patient and their treatment thereby ensuring continuity in medical care. Medical data processing also brings a major improvement to hospital management and in this way it can help to reduce the cost of health care. Computers have many uses in recording the admission, transfer and release of patients, keeping track of diagnostic and therapeutic activities, medication, laboratory analysis, accounting, invoicing etc. Lastly, medical data processing represents an indispensable instrument for medical research and for a policy of early and systematic diagnosis and prevention of certain diseases.
Accordingly, personal health data appear in many files which can be stored on, and accessed by, a computer. The holders of these files vary: the general medical practitioner, the hospital doctor, the school doctor, the occupational health worker, the hospital administrator, social security offices, and so on. Usually, the recording of medical data occurs in the context of the doctor-patient relationship. It takes the form of a medical record to be used in making the diagnosis and in supervising and treating the patient. In the context of this confidential relationship freely chosen by the patient, the information is obtained with the patient's consent by the doctor or a member of the medical team who is required to observe confidentiality under the rules of professional ethics. Health records may also be established outside the context of the doctor-patient relationship and may include data concerning perfectly healthy persons. The recording of information is sometimes imposed by a third party, perhaps even without the explicit consent of the data subject.
The quality and integrity of information is extremely important in matters of health. At a time of increasing personal mobility, the exchange of accurate and relevant medical information is necessary for the individual's safety. Furthermore, the development of medical science depends on a transborder flow of medical data and the setting up of specialised information systems over considerable geographical distances (such as the Eurotransplant organisation for the transplantation of human organs).
The needs which medical data processing systems have to satisfy are often contradictory. Information must be readily available to duly authorised users whilst remaining inaccessible to others. The obligation to respect the patient's privacy places certain restrictions on the recording and dissemination of medical data, whereas the right of each individual to health implies that everyone should benefit from the progress made by medical science thanks to intensive use of medical data.
Due to the sensitive nature of medical data, certain of the contents of medical files may harm the patient if used outside the doctor-patient relationship. Unauthorised disclosure of personal medical data may therefore lead to various forms of discrimination and even to the violation of fundamental rights. In view of these problems, it has become highly desirable that the operation of every automated medical file should be subject to a specific set of regulations. The general purpose of these regulations should be to guarantee that medical data are used not only so as to ensure optimum medical care and services, but also in such a way that the data subject's privacy and dignity are fully respected.
Some individuals are not content with knowing that their medical data is being handled according to the principles of data protection, but demand to be in control of their own data. This is likely to be of growing significance as new and experimental medical techniques become more widespread. Even today, the results of genetic testing can blight an individual's life if the results indicate that the individual is predisposed towards a particular disease or condition. It is therefore of the utmost importance that access to this information can be controlled by the patient in a secure manner.
There are numerous ways in which an individual may collect and securely store information about themselves, but few which are secure and offer true portability. Whilst pocket computers and hand-held devices offer secure storage, they are bulky, expensive and have only a limited capacity to share information with others. They also require sophisticated procedures to minimise problems if they are lost. In recent years the techniques and facilities adopted for the secure storage and access of data have become more sophisticated, involving chip-carrying smart cards, for instance, and complex systems utilising multiple passwords, biometric keys, and expensive encryption algorithms. While such developments in technology are to be commended, they are unlikely to be used by health authorities and other organisations which have limited funds and are therefore unlikely to be willing to install expensive dedicated smart card readers or biometric input data devices.
It is therefore desired to provide a method and system of securely storing and accessing data which overcomes or substantially reduces the above mentioned problems.