Privacy, Confidentiality and Security

This module is based on RCPA Guidelines for Digital Microscopy in Anatomical Pathology and Cytology October 2015.

The digital microscopy system must ensure the privacy, confidentiality and integrity of records is maintained at all times.

  1. Privacy - information is not disclosed for any purpose other than for which it was collected, without appropriate consent. It is concerned with information handling processes of personal and sensitive information.

  2. Confidentiality - information should only be accessible and available to those authorised to have access.

  3. Integrity - information should be stored, used, transferred and retrieved in manners such that there is confidence that the information has not been tampered with or modified other than as authorised.

    36. Standards Australia. Committee IT-014, Health Informatics. HB174 Information Security Management Implementation Guide for the Health Sector. 10 March 2003

The system must comply with National and State privacy regulations. The Privacy Act 1988 (Privacy Act) regulates how personal information is handled and includes thirteen Australian Privacy Principles (APPs). The Privacy Act defines personal information as:
                "information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual, or an individual who is reasonably identifiable. "
Common examples are an individual’s name, signature, address, telephone number, date of birth, medical records, bank account details and commentary or opinion about a person.
Health information is regarded as one of the most sensitive types of personal information. For this reason, the Privacy Act 1988 (Privacy Act) provides extra protections around its handling. For example, an organisation generally needs an individual's consent before they can collect their health information. In addition, all organisations that provide a health service and hold health information (other than in an employee record) are covered by the Privacy Act, whether or not they are a small business. Refer to Royal College of Pathologists of Australasia. Guideline: Managing Privacy Information in Laboratories. March 2014.

Note, there are now mandatory reporting requirements for data breaches. The security system must also ensure that information is accessible to authorised individuals when and where required.
Must be stored and displayed on devices that:
comply with all privacy and security requirements.
should be positioned so they cannot be seen by unauthorised people - especially important when using smartphones, tablets and other mobile devices for remote diagnosis.

As part of RCPA policy, it is noted that:

The digital microscopy system and supporting utilities should be:

  • secured and maintained, both on-site or if taken off-site.
  • must incorporate reasonable measures to protect all images and case information from misuse, unauthorised access, modification and improper disclosure.

The system must authenticate all access to information by verifying user access.
Restricting access by multi-factor authentication including a passphrase is highly recommended.

The system should provide a user-defined no activity timeout periods of less than 15 minutes.

The system should also have protection from malicious software (such as viruses, Trojans or worms).

As detailed in the Australian Government's Trusted Information Sharing Network report "User-access management - A defence in depth control analysis", the core principles of a defence in depth strategy are:

  1. Implement measures according to business risks.

  2. Use a layered approach such that the failure of a single control will not result in a full system compromise.

  3. Implement controls such that they serve to increase the cost of an attack.

  4. Implement personnel, procedural and technical controls.

‘Access’ in an information systems context has been defined simply as the ability to do something with a computer resource (that is use, change or view). Given this definition of access, user-access management therefore involves managing who can use, change or view systems or information and the circumstances in which such access is permissible. User-access management is defined by the ISO 27001 Standard for Information Security Management Systems to have the following objectives:

  • ensure authorised user access
  • prevent unauthorised access to information systems.

Expanding on the objectives from ISO 27001, a broad set of business-level objectives for user-access management can be defined as follows:

  1. allow only authorised users to have access to information and resources

  2. restrict access to the least privileges required by these authorised users to fulfil their business role

  3. ensure access controls in systems correspond to risk management objectives

  4. log user-access and system use, and ensure that the system can be audited in line with the system’s risk profile.

    38. Australian Government, Trusted Information Sharing Network (TISN). User-access management - A defence in depth control analysis. June 2008. http://www.tisn.gov.au/Documents/User-Access+Management++A+Defence+in+Depth+Control+Analysis.doc

To reach these objectives, the Standard identifies four primary controls for managing access rights. These are:

  1. User registration—formal approval and documentation of user access to information systems allows an organisation to track and verify the individuals who have access to specific systems and services.

  2. Privilege management—formalised processes for granting and revoking privileges allow an organisation to track and audit changes to user-access rights and determine the privilege levels of specific individuals.

  3. User password / token management—as passwords remain commonplace, standard processes for allocating and resetting user passwords reduce unnecessary exposure of temporary or default passwords and minimise the effectiveness of social engineering attacks against security administration staff. Policies that mandate minimal levels of password length and complexity also reduce the effectiveness of common password attacks. However, passwords alone no longer provide a satisfactory solution for critical systems and services. The use of two factor models involving the use of tokens and/or other credentials (e.g. biometrics) also require similar holistic management processes.

  4. Review of user access rights—identify improperly assigned privileges and allow an organisation to realign granted access rights with authorised access rights.

    38. Australian Government, Trusted Information Sharing Network (TISN). User-access management - A defence in depth control analysis. June 2008. http://www.tisn.gov.au/Documents/User-Access+Management++A+Defence+in+Depth+Control+Analysis.doc

Similarly, the layered approach to defence in depth recommends controls be implemented at multiple layers, including:

  1. network access controls

  2. system-level access controls

  3. host-level access controls

  4. application access controls

  5. data access controls

  6. physical access controls

  7. password controls.

    46. Snead et al. Validation of digital pathology imaging for primary histopathological diagnosis. Histopathology. 2016. 68: 1063-1072.

Other security considerations include:

  • ability to remotely disable or wipe devices;
  • periodic purging of digital microscopy files and data from remote devices;
  • logging and investigating all security breaches;
  • internal audits of all devices.

The following are documents with in-depth information on how privacy and security are controlled and regulated in Australia for accredited pathology laboratories:

  • NPAAC Requirements for information communication (2013), refer to National Pathology Accreditation Advisory Council (NPAAC). Tier 3B Document Requirements for information communication. Third Edition. 2013.
  • AS/ISO17799 Information Security Management, for some explanatory notes refer to Carlson T. Understanding ISO 17799. International Network Services Inc. 2002 the complete standard can be purchased from Standards Australia
  • HB174 Information Security Management Implementation Guide for the Health Sector, for preview refer to Standards Australia. Committee IT-014, Health Informatics. HB174 Information Security Management Implementation Guide for the Health Sector. 10 March 2003 the complete text can be purchased from SAI Global
  1. Objective

    To understand the key principles and importance of privacy, confidentiality and security when implementing digital microscopy in the workplace for diagnostic use in histopathology and cytology.

  2. Knowledge

    Privacy, confidentiality and security

    Outcomes: Understand the principles of privacy, confidentiality and security to consider when implementing digital microscopy for diagnostic use, such as:

    1. Complies with national and state privacy regulations;

    2. Information accessible to authorised individuals on demand;

    3. Stored and displayed on devices that comply with all privacy and security requirements;

    4. Secured and maintained, both on-site and off-site, incorporates reasonable measures to protect all images and case information;

    5. Verifies user access;

    6. Disable or wipe devices;

    7. Periodic purging of remote devices;

    8. Logging and investigating all security breaches and audits all devices.

  3. Behaviours

    Practices the fundamental principles of digital microscopy.

Page last updated:

Copyright © 2019 RCPA. All rights reserved.

13-Feb-2019
Top