What could possibly go wrong?
The Heart of England NHS foundation trust has signed a five-year deal to digitise its patient records. The £7m contract, signed last year, sees EDM Group charged with converting the trust's millions of paper records into electronic format. The records are collected daily from three trust sites and then tracked, transported, …
They'll probably only find out...
...when they want to change to a new/different system :-)
IT knowledgeable staff, have your violins at the ready to play while Rome burns.
A car from these people?
I think not.
wow , they just invited literally thousands of blackhats to get their hands on this amazing amount of data....
Who needs blackhats
When your employees can simply leave it on a train/post it to the wrong person/sell it on ebay.
"talks around digitising the records had been going on for some time"
Well done NHS on digitising your records just 63 years after Lyons did it. Or at least mentioning it in meetings. Truly our helth service is the envy of the world.
Don't see a huge issue with this
So long as adequate security measures are in place to protect data, pre and post scanning then digitising the records is a win for patients and administrators. What shouldn't happen is they outsource all this work to some crowd in India and subsequently discover 10,000s of records in a skip. Or that some worker is permitted to download the entire hospital's records onto a PC and leave it on a train.
There need to be strict guidelines and strict sanctions concerning the access and use of this data. The US has an act called HIPAA which is explicitly meant to protect patient confidential information and it would be a good idea for the NHS to look at some of the ways confidentiality can be breached either through malice or ignorance and put procedures and safeguards in place to protect against them.
A few years ago I worked as a contract developer on a large NHS IT project. Part of my code involved a print function. A week into the contract my manager told me to be sure to use the bin destined for shredding when disposing of test printouts because the database we were using for testing was real, un-sanitised patient data. Unfortunately I had already used the other bin the previous day.
Still feel confident about the digitising of patient records?
Me no confident
Last time I had occasion to visit A&E at my local hospital - which has been my local for longer than I care to remember - I was told that had I never been there and there was no record of me anywhere. When I pointed out that I had in fact been going there for decades - I was told "Oh well. Never mind. Take a seat. You are not the first to disappear off our system."
Who said I feel confident?
"Still feel confident about the digitising of patient records?"
I just cited the sorts of things that should be mitigated against. Screwups happen but there are have to be procedures in place to a) minimize them, and b) if they do happen, to contain the damage and prevent it happening again.
In the case of your story, I suggest if all new hires had been required to undergo security / confidential information training that 99% of screwups would have been prevented before they had even happened. I mentioned HIPAA because I've worked in a claims processing place where these rules have a real impact on how data is handled.
I work for a large US integrated heathcare organization (insurance, hospitals, doctors); we are required to take annual compliance training, and to have taken it within 30-90 days of hire. This is tracked and reported on to managers to ensure compliance.
Covers HIPAA, ethics, etc. Covers things like shredding, password... all the expected security/privacy stuff. Our PCs are locked down in ways that force encryption of anything written to removeable media.
None of the above can guaratee breaches won't occur, but we do what we can.
We also are at this point 100% online with medical records.
Did they OCR the records?
A human has trouble reading notes written by doctors so I doubt they have been successfully OCR'ed. In this case they have a network full of a million unsearchable PDFs or JPEGs. Unless the records were transcribed by hand?
I Doubt it
OCR poses a clinical risk EG
"Is that sodium Sulphate or Sodium Sulphite we have to inject?"
They will likely be in PDF. The real problem is the metadata.
No OCR, no PDF.......
Just unsearchable greyscale JPEGs...and tons of them per patient.
(AC for a reason!)
To be fair
it's not like the paper notes were searchable though is it?
Storing and accessing e-records are easier. Securing against unauthorized access requires more effort but a higher standard can be attained. Securing against loss is much better than paper provided the purgatory of a trash bin is used.
Reading is probably safer on the machine as there is no degradation since converting. And for the user the ability to enlarge so that one word fills the screen makes decipherment easier and surer.
There were dark warnings about data prep type conversion for the Blair Which project, but that is not happening here.
So the only issue is convenience, it could be pad computers for all staff or perhaps piggy back onto the patient entertainment screens.
My doctor uses e-records, and the local hospital does too. Of course they don't connect, comm is by letter. But within each entity it works very well.
PDF with unreadable forms manually updated with notes Id guess
JPEGs? Tell me you're joking
At what compression factor? The hardcopy is hard to read as it is. The scammed-in versions will be worse (by how much?). Oh look what I've just done to your information retrieval - but at least you know what I meant to write here.
I just purchased several tens of thousands more shares in a couple of paper-making companies that I keep an eye on ... I do this every time I hear of a nit-wit bringing up the "paperless" idiocy. I have never lost money in this scenario. YMMV, as always.
just trying to think back when i first heard that empty phrase, sometime in the late 90's perhaps?
Hi youngster, that idea was being bandied about by Tomorrow's World in the late 1960s
Images of paper charts? Really? Delivered by pneumatic tubes I hope.
The problem being addressed (records available in multiple physical locations) is being addressed by distributing images of the records. None of the many benefits (such as researchable coded data on a defined population) from real electronic medical records arise. Also none of the risks and disruptions to old skool doctoring - this is a brutal approach - we need reliable research data from complete patient records for (eg) post marketing surveillance and comparative effectiveness of drugs.
Good one, NIH. After all the pathetic incompetence and resources wasted on real EMR, we have the low risk but dumb as a doorknob approach.
Back in the 90s, I worked at GEC Alsthom in Stafford. When I started, all docs were stored in paper form. You wanted a copy of a spec, you went to the doc store and they made you a copy. You wrote a new spec, you printed it out from WordPerfect (or MS Word, later) and gave it to them.
Then they heard about digitising, so they scanned them all in. Great. Except that to save money on large hard drives (expensive back in those days), they didn't scan them at a particularly high resolution. Text was still readable, but any diagrams were toast. Result was that if you wanted a *useable* version of the spec, you had to look on the front cover to see who wrote it and get them to give you a copy!
Hopefully they won't make the same mistake these days, with storage so cheap now. My maths says that at 600dpi with 8-bit grey-scale and no compression, you can fit 31450 scanned sheets of A4 onto a bog-standard 1TB drive, so the cost of storage is likely to be insignificant compared to the cost of paying people to do the scanning.
Scanning archives always makes me nervous
With compression you will get over 1,000,000 A4 docs on a TB drive. The cost of storage has been trivial compared to the cost of scan and index for 20 years.
The problem with digitising archives is the cost of scan and index which is unlikely to go away with technical progress.
So seeing past records is dependent on power? Network? Server? Not the Eyeball Mk 1?
Granted I can see the advantage of having a record available to multiple people on a site at once, but I hope to God they're going to have some solid backup systems. On the plus side if someone comes in as an emergency case it might get their past history visible faster - assuming of course they'd been to that hospital before. We're not actually talking about an ongoing health record here, really, are we? Just a record of previous treatment on site. For something. Sometime. Hopefully this is really a tool for legacy cases - "live" data should be captured directly, surely?
Doomed i tell ye...
I've been involved with digital X-Rays ( PACS ) for an NHS trust for 5 or 6 years. Yes, they
are now available for all to view at a moments notice, and are a huge improvement over film.
BUT... contrary to all guidelines and policies (and laws) they are emailed, stuck on flash sticks,
smartphones etc etc (with the best of intentions) and are generally treated like non-sensitive
More data (i.e. whole patient records) = more non-malicious abuse, leading to multiple
massive FAILs down the line.
So the question is what odds Ladbrookes will give on this solution providing data security? Given the amount of times the public sector have lost or had data stolen...hmmm. Maybe this won't finance my <<<
What they were waiting for
Now they can leave the entire NHS' records on a train
NHS GGC (Glasgow) did it first!
I worked on a Project for Greater Glasgow and Clyde 2 years ago which as part of it did this. as well as introducing scanning centres around sites do that paperwork (all of which had its own qr code and a qr code for each patient's ID number) all new data would be scanned and sorted on a Rhapsody server before being made available in a clinical portal. for records held offsite the following happened:
documents have a shelf-life of x years, if they are recalled before x, scan them verify them and destroy the originals, if not wait till x scan and destroy.
what interests me is that GGC is the biggest site in the UK and we did the project in a year for about 1/7th the cost
Didn't I sign something to say...
... "you do not have permission to computerise my records" a while back. Digitisation and storage on digital media covers that.
Speaking as an NHS doctor, the sooner records are digitised the better - searchable or not. The frustartion of seeing someone in a&e at night unable to access previous records as they are locked away/stored off site/missing/being transported to another site is intensely frustrating and frankly unsafe.
The security issue is there but placed against the clinical risk of inadeuqate information, it seems negligable.
Pictures of pieces of paper. Ho hum.