fredag den 23. oktober 2009

Hospitals of the Futurè

An important part of the Danish Prime Ministers future plans deal with the construction of a number of bright, new so-called Super Hospitals. When he addressed the Danish Parliament on his opening speech first Tuesday in October, the amount of 40-50 Billion Dkr (9 – 10 B US $) was mentioned.

In Denmark the Regions are responsible for hospitals, but they have no tax income of their own, so they are completely depending on the Government allocation of funds. So the 5 regions are looking to negotiations with the Government, and as it looks they are treated rather differently; the regions that have been most eager to close down small and inefficient hospitals stand to gain the most.

In any case the question any Dane should put to his regional politicians, now up for re-election in November, is how they see the future of the hospitals. If this is not discussed, I fear the entire discussion will be around the brick-and-mortar investment, and not about the rethinking of the entire health structure as I feel is highly needed – not least in light of the demographic changes we can foresee, including the lack of doctors, nurses, more elderly, more chronic diseases etc.

So where can we find the inspiration needed before these new super tankers are cast in iron?
Normally you would look to US:
But US has its own problems and has a highly different tradition than Northern European health systems, where this is an integral part of our welfare system, hence mainly paid for by the tax budgets. (Try to see the notices from the US Commission on the Future of Health Care from 2008: )

There are sources and best-of-breed examples out there that can easily by reached; the web page for DesignIT has a very interesting article of hospitals of the future.
One of the cases that DesignIT describes is the Il Camino Hospital (Silicon Valley, Ca):

Il Camino Hospital is a completely wireless hospital that is well on its way to becoming paper and film free. The hospital estimates that the new system has saved them 120,000 dollars a year in medical costs and 300,000 dollars a year in avoidable errors.
The hospital’s wireless technology includes:
· Voice-activated communicators: Nurses and doctors use a small voice-controlled, hands-free device that they wear around the neck to communicate with each other. The device is made by Silicon Valley start-up Vocera Communications Inc.
· Biometric supply cabinets: A device that enables authorised personnel to open doors or cupboards for medicine and other medical items by reading a thumbprint.
· Automated laboratory system: Laboratory tests go through various ‘stations’ that together make up an automated production line. Staff calls it ‘race track’. Automisation is made by
· Beckman Coulter Inc.
· Tablet PCs and handhelds: Doctors test small, tablet computers and handhelds devices. In time, these will replace the clipboard. These devices are manufactured by Hewlett-Packard Corp.
But this system would appear to be particularly exposed to terror attack or technical failure – unfortunately key considerations in the future. How will medical staff cope if the system goes down? Will they be able to treat patients? While innovative, this hospital must also be fool proof. Otherwise technology will control people rather than vice versa.”

But we don't need to go to US to find fine examples of forward oriented hospitals: In Glasgow, for instance the Homeopathic Hospital has an interesting, holistic approach that could very well be part of the design principles for Hospitals for next several decades.

In Taiwan, the Chiang Gung memorial hospital with 8.800 beds has a very advanced deployment of RFID for controlling logistics, likewise an important part of the future High Tech Hospital, where the focus is on accountability, quality, saving human resources for the health and care oriented tasks.
Asia seems to be really pushing the uptake of new technology when they plan for future hospitals;
See for instance these award winners Asian hospitals: . Not so surprisingly, there is a number of Singapore, Taiwan, Philippine references, but China and India is beginning to appear on this list as well.
Construction of hospitals is indeed a hot topic in these mega-countries.

In Sweden, Karolinska Sjukhuset, already a leading Nordic hospital in many specialties, is constructing a new site where the use of microelectronics and Gene technology is being deployed at a World record level. See for instance this description on their use of ICT.
Hospital trends in Europe can be found here: .
Since 2006 IBM has been running a Health Competency/Innovation center for the Latin speaking countries out of Barcelona. The center benefits from cooperation with the Hospital of Barcelona, one of Spain's most modern hospitals.

Each of the hospitals awarded in US, in Asia, being recognized as World leaders, contribute to the picture of the Hospitals of the Future, yet no hospital alone seems to have it all.
Given the pressure from the Climate debate and the mentioned adverse demographics plus not least the current financial crisis, new aspects has to come into the design principles.
And of course IT is going to play a major role. (See this New Scientist Article)

But in line with IBM's recent announcement of the Smart Planet initiative, I recommend that we look at the entire value chain of 'Health' – and not only look at the Hospital and the IT infrastructure: It has to be regarded as it is: A system of systems.
A Hospital is but one (important) station en route from disease to cure, but it doesn’t solve the long range development in human habits: from eating and drinking to travelling and social interaction.

The brick-and-mortar thinking should be replaced by thinking intelligent buildings:
imbedded control of material, light, control of electricity, water, sewage..

Around the hospitals we have a huge logistic task: transporting patients in and out, particularly in light of many more ambulant treatments, but also emergency systems, evacuation plans, logistics for delivery of goods, linen, visitors etc.

And we have the internal communication and collaboration between all the different stakeholders, doctors and nurses,, including admin, records management, knowledge management – and, not to forget: Electronic Patient Records that can be exchanged, distributed and disseminated with full compliance for data protection.

Another subsystem is the flow in and out of highly advanced diagnostic systems, surgery, remote collaboration, robotics. The advanced RFID plus asset management can take care of hospital beds, instruments, (patients), all sorts of critical material.

The final major sub-system is of course the entire process of a patient's engagement, not least how the out-patient services are provided, how collaboration can be obtained between hospitak satff and primary care, between patient and local government social services, including telemedicine and a holistic treatment of cronic patients in their own home, something we have been engaged in in far too many 'pilot projects' – now it is the time to deliver.

Or as Obama has put it: It's time to Change. This is understandable if you look at the status reports from 2008. So we Northern European spoiled citizens must cross our fingers that his medical plan for US comes true, because that would create yet a stronger, global drive to real forward thinking hospitals in the future.

mandag den 19. oktober 2009

Video Surveillance and Privacy

In Copenhagen this summer has seen a number of gang shootings in certain districts. Events like these are certain to raise a request for more video surveillance, more policing, and prolonged prison verdicts.
Video surveillance in Denmark has been relatively limited compared to UK and US, even banks have been restricted from using outdoor video surveillance. But like threats from terrorism, the threat from gang wars - however local and limited, might change the attitude against video surveillance using all sorts of arguments like “The law abiding citizens have nothing to hide” to “It will result in much faster arrests”, even “This will prevent crimes”. (See Camwatch: Preventing Crime 24/7 )

According to Gus Hosein , visiting senior fellow at London School of Economics and recent speaker at the European Privacy Seminar in Copenhagen “The Net will not Forget” , more than 44 studies on the effect of Video Surveillance have shown that the effect in preventing crime is almost non-existing, most likely reductions observed in thefts of bicycle and from cars, whereas violent crimes do not seem to be reduced at all. Also the suggestion that video surveillance should be a significant help to identify criminals after the fact, is doubtful – at least when we consider the traditional types of CCTV surveillance systems. (SeeWikipedia: )

According to this article in the Telegraph, only one crime solved pr. year pr. 1.000 cameras seem to be the result: See ,And similarly, according to UK police, CCTV is an utter fiasco:
One of the reasons may be due to the old fashioned technology that is typically used: Up to 80 per cent of CCTV footage seized by police is of such poor quality that it is almost worthless for detecting crimes, it has been claimed.
And yet CCTV accounts for three quarters of the Home Office's total spending on crime prevention, making it the single most heavily-funded crime prevention measure outside the criminal justice system.

A comparison of the number of cameras in each London borough with the proportion of crimes solved there found that police are no more likely to catch offenders in areas with hundreds of cameras than in those with hardly any. In fact, four out of five of the boroughs with the most cameras have a record of solving crime that is below average:

To get an overview of which laws regarding privacy and Video Surveillance are in force in Europe, see the following article on legal regulations of CCTV in Europe:

But even if permission is granted to establish a video surveillance system, this may be very questionable as this report points out:
The reports points out that authorisation should always include guidelines on the management and storage of the product of the surveillance, which should be under the supervision of the Data Protection Agency. Further, the following issues exist:“ -The continuing confusion with regard to the need for authorisation when surveillance equipment (such as CCTV) is focused on an individual in a public place. It is not where the CCTV is placed (which may be overt or covert) but the manner in which the camera is used that is determinative of whether the surveillance is covert; and- Authorising Officers not knowing the capability of the surveillance equipment which they are authorising. For instance, there are differences between video cameras that record continuously and those activated by motion; and between thermal image and infra-red capability. These differences may have an important bearing on how a surveillance operation is conducted and the breadth of the authorisation being granted. Therefore, a simple authorisation for ‘cameras’ is usually insufficient ”

Even if the number of US studies on video surveillance is limited, some material can be found:
Video Surveillance - Is It An Effective Crime Prevention Tool ? (Obs: this is dated 1997 )

The issues around video surveillance are several: The cameras will invariably shoot a number of completely innocent people, and either he footage is stored for an unknown period of time, storage maybe guarded, maybe not – and sometimes the cameras are directly linked to a control centre, where officers or even private persons can observe and identify persons that can be linked to specific places at specific hours. Who sees this? How is it recorded? It is definitely not an excuse that the quality may be poor - as this may even lead to other types of misinterpreting, like who is actually shown on the tapes.

In spite of the UK experiences, a number of cities in US are installing another type of video surveillance systems based on more intelligent cameras, seem to become the next hit: See this ABC Chigaco Interview: Intelligent IRIS – Video Analytics

The new type of systems may have several benefits, for instance that the cameras can be programmed so that they only record out-of-line situations, whether it is traffic, lack of movement, crossing an (invisible) border line. This automatically reduces the privacy problem of storing tons of innocent person’s data. Also the ability (not discussed in the Chigaco clippings) to mask individuals to avoid recognition of phases is a clear improvement over traditional CCTV-systems.
(Intelligent cameras come in many makes, IP Cameras: - But the system as such requires a network, an architecture, analytical solutions and the privacy intelligence on top – like in Chigaco)

The so-called Smart Video Surveillance is discussed here:
The article clearly describes the benefits of pre-programmed observation criteria, and if this is combined with dynamic microphones, it may prove useful in assisting in arrests of real criminals and even increase privacy compared to traditional surveillance systems.
Yet another wave of ‘indirect’ video surveillance systems is rapidly on the rise: Congestion charging of cars in an out of city centres as well as video assisted toll systems represents another threat.

See this article on ‘Congestion pricing, the road to the Surveillance State:’
And it really seems that quite a number of cities will have this kind of solutions in operations. Here is a short overview of traffic congestion schemes:

In Stockholm, one of the most successful anti-congestion road charging systems, the privacy question is solved by strict regulations on the storage and retention of the data, and by blurring the faces of the drivers and passengers on all footage. It may even be further improved, for instance by deploying some of the solutions described in this article on “Congestion pricing that respects driver’s privacy” by Andrew Blumberg (From Stanford) and Robin Chase (From Meadow Networks)

So to sum up:
Video Surveillance is erroneously being interpreted as trust-enhancing, supposed to calm the upset citizens, whereas the truth so far is that it simply doesn’t work: It can’t be shown to prevent crimes – violence due to drugs, alcohol, gangs etc. will prevail, probably either disregarding the risk or moving to other parts of cities, and the quality as we know it in CCTV is not very helpful in police work after the crime has been committed.
We may have new, more intelligent solutions coming to the market, but it must be required that privacy is embedded in these solutions. This goes for masking faces – maybe making it possible to lift masking after a verdict based on suspicion – it goes for regulations on storing and retention, and it goes for rules for deployment, particularly of covert cameras, which in any cases should be limited in the public space.
These rules should also be followed even if the purpose is not ‘surveillance’ but Road Charging,

tirsdag den 6. oktober 2009

Security& privacy in biometrics – how do we ensure proportionality ?

A basic principle in the current
European Data Protection Act is to ensure proportionality between the level and amount of personal identifiable data, that you have to reveal to identify yourself has to be proportional to the risk and danger incurred if the identity is faked or stolen.

The recent years have seen a growth in tools for identification, mainly in the biometric area, that has led to the risk of 'overreacting' using easy biometrics where lesser level of authentication could have been used. One of the latest strange cases from Denmark is a night club, that has been
allowed by the data protection agency to take customers fingerprints at the entrance as a means to secure against violent behavior. Horror examples of major collection of biometric data is of course U K's collection of DNA profiles for children, a practice that was started 5 or 6 years ago.

The risks involved are related to the kind of threat you are trying to prevent: Do we need the security tool to reveal the identity and all related information? This may be the case if we have a strong suspicion that a person is directly related in crime or an act of terror. Or do we only need to know if a person is 18 years old so it is legal to sell alcohol to him/her? Similarly, within the health area a nurse and a doctor do not need to have full access to a patients medical record if he has lost his consciousness and need a blood transfusion, only the key information of blood type and current medication.

So the use of biometrics in itself is one dimension of the game - and the other dimension is what the biometric identification gives access to reveal of PII – Personally Identifiable Information - at the same time or as a consequence of using the biometrics.

The first question of proportionality is then solely related to the 'strength' of the biometric method used. A weak solution is a quick, convenient solution which is non-intrusive, non-incriminating and non-discriminating in regard to civil rights and color of skin, sex, race and religion. For this purpose simple biometrics like a
signature (Analog or digitized) may be better than a fingerprint ( traditional, optical electronic scanning using a template to generate a simple bit stream) - because fingerprints may be seen as incriminating, offensive, police-like. while a face recognition reveals race, color of skin and maybe sex, and thus does not meet the other criteria.

Signatures may be faked, fingerprints (simple fingerprints) can be stolen – in bizarre cases it has been seen that criminals have cut off fingers of owners of Mercedes 300S cars to break the fingerprint starting mechanism. (This risk is probably less in Northern Europe, though.) Or it may be
difficult to read the results properly.

When stronger proof is needed, it is acceptable to rely on methods with higher reliability – like the thermal scanning of fingerprints, that measures the distance from the underlying blood, revealing riffs and valleys, again to be transformed by fast fourier transformation to a template consisting of 0's and 1's. This prevents the use of faked fingerprints copied on a strip of tape – and even the rough case of cutting off Mercedes' owner's finger –( presumably the blood has stopped circulating – so no heat difference). Also
Iris recognition has been suggested, whereas 3D face recognition at this point still has a higher rate of errors. It has been suggested to use at least 2 types of biometry, like the US border control where you combine fingerprints with face recognition.
In any case the reliability of the identification methodology applied in every case has to discussed and explained before any solution is deployed. (
See article about reliability)

It may be OK under well-defined circumstances to use higher level of trusted biometrics, even if they are not 100% proof. The second dimension of the question than is what other PII is stored with the template or the face geometry is stored and how these data are protected. This is a question of data stewardship and again should be in proportion to the use of the data. Taking the example from the Danish night club that has been granted permission to store peoples' fingerprints, these should definitely not be store with any other information than the purpose: Is this guy know to have a tendency to quarrel – NOT his name, address etc. Even if this is kept using cryptography, it is not in proportion to the use of the biometric data.

Other types of biometrics are recognition of moving patterns,
voice recognition, pattern of the veins, retina scan – and of course DNA. Whereas the failure rate (both positive and negative) of the first 2 of these types are still relatively high, the 3 other may reveal unwarranted additional details of the health situation of the individual, hence these items should only be used for forensic purposes and not just collected arbitrarily or even – as in the UK DNA case – systematically.

An important aspect of using Biometrics is also how it will be possible to revoke or change the biometrics as the person changes. Whereas fingerprints remain stable for a longer period in life, face geometry changes a lot from childhood to old age, so does walking patterns, voice. And people do have cosmetic operations in their faces, accidents may change the looks and behavior so any system based on biometrics should have a way to allow for changes of this kind and it should be possible to revoke biometrics.

But as the technology improves and computing power is increasing, one solution which could use biometrics and at the same time prevent the data from occurring in the open space or being communicated could be to have an ID card with a number of different domains, each holding the relevant information linked to the person: one domain simply stating the age, another for the bank including bank account numbers, one for driving license use, one for medical/health care use, one for insurance use, one for credit cards, one for public identification purposes.
If this identity card can be activated by a fingerprint reader plus a pin code, the citizen could then select exactly how much PII he wants to reveal in the situation. This is in line with the P
rimeLife recommendations from IBM Zürich Lab, that has just got the German award for forward think identity management solution. This type of solution has the advantage that the user is in full control and that no central database is required for the biometric data.

In a few days I will discuss the use of video surveillance, what we know about it as a crime prevention tool and what may be a more intelligent way of using it.