Preparation of Forensic Psychiatric Statements
Observand Database (ODA) software is a “privacy by design” solution for handling information about people in forensic psychiatric wards. ODA complies with the EU Personal Data Regulation and protects against misuse of sensitive personal data.
We developed the solution in collaboration with the Forensic Psychiatric Outpatient Clinic at the Central Jutland Region to keep track of the forensic psychiatric cases and statements.
Security Focus
Central to the ODA is the Personal Data Ordinance’s focus on ensuring that IT-systems used to process and store personal data, are designed to secure data in the best possible way to avoid misuse. ODA contains very sensitive personal information. Therefore, it is designed and developed to secure data in the best possible way.
Everything is Logged and Registered
In the design of ODA there has been crucial emphasis on ensuring access to the system from the outside. To gain access, one must be set up in the Region Jutland Region’s central IdM system BSK, and then approved in ODA by a local system administrator.
All actions in the system are logged, so one always can see which user has seen or changed the data. This adds another layer of security to the system.
Data View Restriction
As the system contains very sensitive personal data, it is also important to protect the users (i.e the staff), in relation to the data of which they become aware. It is important that users do not access more data than absolutely necessary.
Secure and Stable IT-Platform
The ODA system is based on the open source version of the Alfresco platform used by large public and private organisations worldwide.
Benefits of ODA:
- Secure handling, storage and exchange of personal data
- Fast and efficient case management
- High data quality, resulting in fewer errors and fewer backdraws in the work processes
- Improving and streamlining workflows using BI tools
ODA in the Media with Focus on ‘Privacy by Design’ software
In connection with serious crime such as murder, attempted murder, and rape, the judiciary may need a mental statement. These take place at the forensic psychiatry at the hospital in Skejby, which handles the task for the entire Denmark, and Greenland.
Until recently, it was done with paper journals. However, this caused problems.
»When Trine, chief physician, travels to Greenland, she previously has been sent medical records by mail from Greenland, packed them in her suitcases, traveled to Greenland, and then back to Denmark again. We have also experienced that we have lost journal material in our mail when we exchange with other authorities. « Morten Juul told candidly at Dansk IT’s conference on public IT in March.
ODA is built on the basis of ‘privacy by design’, according to Morten Juul. The system is based on two-step access, meaning that one must be created in the region’s identity system and have access via the user administration in the system itself.
Here one is granted rights which are required if you are e.g. a psychologist.
»GDPR has been absolutely fundamental in the development of the system. We exchange data between several authorities in the system: the judiciary, police authorities, municipalities and others, where we obtain information about patients.«
Everything in the system is logged. It is a necessity, even though the employees may perceive it as surveillance.
»If a data breach were to happen, then we can see what has happened.«
The system also has a built-in limitation in data display, so that professionals only can access data relevant to their particular field of work.
System administrator, Lone Poulsen from Skejby, assigns rights based on categories where doctors, psychologists, and social workers have specific access to a limited amount of information about patients.
Additionally, ‘tunnel-mail’ is used as a platform to share data, securely.
Henrik Kirk Larsen from the consulting firm, Magenta, who has helped develop the system, notes:
‘One of the important elements of Privacy by Design, is the right to be forgotten. With this kind of data, you have no right to be saved – they are saved forever.’