Saturday, 20 January 2007

The NHS Programme for I.T. (Part 2)

This part covers the Patient Care Records System (CRS) because I believe it's one of the most important parts of the whole setup. Without accurate records it's makes everything so much harder. They also have to be retrievable quickly. It's possible that it could make things much better if done properly though.

The terms of reference for the 'taskforce' who introduced the system was:
  • To identify and analyse the problems perceived by different stakeholders.
  • To resolve identified problems in ways that are practicable and for the benefit of patients and the NHS.
  • To resolve identified problems in ways that are practicable and for the benefit of patients and the NHS.
  • To take account of the legal basis for storing, sharing and using records and Department of Health policy.
  • To take account of the technical and practical barriers to implementation.
  • To draw up an agreed plan for implementation of the shared summary record.
  • To make recommendations to ministers.
  • In doing this to take account of the implementation and use of shared records by the Veterans’ Administration in the US.
As you can see, a lot of those points are fairly generic, but the important ones concern technical barriers and legal difficulties. As it is an electronic system, where people details will be communicated over internal networks and the internet, security is essential. Without adequate procedures in place, it will fail straight away. The legal issues will be about things such as sharing information, so it's about the Data Protection Act and Computer Misuse Act. It's good to see that they also took notice of the implementation of similar systems (see last point).

Back in November, there was an article on the GuardianUnlimited website about the new records service and the opening paragraph was:
"Millions of personal medical records are to be uploaded regardless of patients' wishes to a central national database from where information can be made available to police and security services.."
It went on by raising concerns about details of things such as alcoholism and the staus of HIV patients being available and potentially vulnerable as the system could be 'hacked into'. There were a number of responses to this, one of which was from Ian Hayes, who is a trustee of the Terrence Higgins Trust:
"I am writing to express my concern about the lack of balance in your coverage of the Electronic Care Record. The articles seemed calculated to raise concerns, especially in vulnerable groups with most to fear, without attempting to look at the safeguards that will surround the system and potential advantages of a national patient information database."
He also said:
"The Care Records Guarantee, which you only mention in passing in your coverage, represents a significant attempt to give people rights in over their medical records. It is based on a clear view that my medical records are my property over which I have control and includes a right to opt out."
Ian Hayes makes a good point in the second quote - people have the opportunity to opt out with certain pieces of information. That almost completely takes the worry about make data more available to other services out of the equation.

Ok, so sharing data is less of a worry, but what about security. It is an almost worry now. What measures does the project have to protect records from things such as 'hacking' and viruses? We're talking about more than 50m patient files here.

On the Connecting for Health website, there are two technical pages. One is about the Central Design Authority and Technology Office. The other is for NHS Data Standards and Products. Unfortunately, they don't cover anything in any great depth. Those pages don't tell you about the safeguards to protect the records. None of the other projects covered in my previous post tell you anything either. I checked the factsheet for N3, which gives you basic details about infrastructure, but nothing about security. I'm sure there will be some measures in place, but unless they are publicly available and clearly explained, the worries will still remain.

The next part will cover the other parts of the programme and will also have my ideas for how it could have been done better. I'll also mention how the new setup will affect GPs.

Technorati tags: NPfIT, Connecting for Health, Government, IT, NHS