Sounds like a great idea
What could possibly go wrong?
NHS Oxfordshire is to put the medical records of around 545,000 people online in an effort to give healthcare professionals faster access to patients' information. The Oxfordshire care records programme will be made up of two parts: the national summary care record (SCR) and the local Oxfordshire care summary. The cost of the …
What could possibly go wrong?
As long as they've designed the system so only healthcare pro's can rummage around in the data, fine. Yes, there's bound to be the odd cock up here and there, but this is a good thing (IMHO). No, I don't want my data lost or discarded on a mem-stick in a taxi, but equally I don't want my treatment to rely on (sometimes handwritten) paper records stuck on a GP surgery shelf in one of those ubiquitous brown card envelopes. Access to that information is not speedy, but access to correct medical treatment sometimes needs it quickly.
Seems to be quite cheap, too - just over £1/subscriber (assuming most opt in). Much more value than that national scheme the govmt was touting not so long ago (probably with different aims, I agree).
Records are held locally anyway.
Most GPs' have IT systems with patient data stored locally. This system will be available nationwide, not just Oxfordshire. I've already opted out of the national access system. I did that when I noted that health "professionals" included anyone who had paid the fee to be so registered, and that it included social workers....in my mind the most unprofessional people around.
Note this from NHS care records service:
People who can see your records:
need to be involved with your care;
need to have an NHS Smartcard with a chip and passcode (like a bank card and PIN);
#should# only look at the information they need to do their job; and
#should #have their details recorded – who they are and if they have added or changed information.
These measures mean that your information is stored safely, stays private and can only be looked at by those healthcare staff supporting or providing your care.
No matter how careful we are, there are always risks when information is held on computers as there are with paper records.
Lot of "shoulds" there.
Except paper records need to be searched manually.
"As long as they've designed the system so only healthcare pro's can rummage around in the data, fine."
Except that we all know that that is *not* going to be the case. Someone's going to have made a cockup or leave a password on a piece of paper or feel like having a snoop at someone else's medical records when they're not supposed to (and then perhaps sell that to the tabloids).
If you suffer from something that's life-critical, carry an Alert Bracelet or wear an SOS Talisman or some other such thing to let people know if you're unconscious, anything else can wait until your records (and *only* your records) are accessed as per usual.
I moved home 2 years ago and changed GP surgery at that time. Went to A&E recently and they had my old surgery details. B1tch at reception looked at me like it was my fault. Am I supposed to update all the Hospitals with my info myself?
A card system would be good. I had to limp my way round A&E reception, stand and give all my details when it would have been so much better and quicker if I could just scan a card. In fact you could get rid of reception stage completely and be put through to triage.
...who DOESN'T think this will end up in a massive fuck-up.
Agreed. I mean, it's not like they don't already have a piss-poor reputation for keeping data confidential is it....
A new cluster-fuck in the making....
Will patients have access to the audit trail?
If so, enough are likely to take the trouble to see who has been looking at their records to provide a basic check on misuse of the system.
If patients can't check the audit trail of access to their records then perhaps the rules need to be changed so that they can.
I worked on the Spine programme for a number of years and my role required me to have a smart card - and one of my assigned card roles gave me the ability to appear on the system as 'any' authorised user - purely for diagnostic purposes - and therefore I could log onto the SCR system and pretend to be any GP (or other HCP) and the system would allow me to access whichever records they were authorised to, and this account switching was not audited - so unless this specific smart card job role has been removed then there is still the ability to hop around undetected.
I no longer work on the Spine !!
Well it's one step up from what I expected from the NHS (access monitoring on sensitive systems being missed, or cut to save project budget)
The other question, is will the have MI running on the system to actively detect odd access requests? (e.g. why did a GP at the other end of the county look up another doctors patient's records)
If they do have the MI, will they also have the staff to actively hunt down and reconsile the access with genuine actions (e.g. One GP asked his colleague for his opinion about a patients test results), and deal with misuse (GP checking up on his daughter's new boyfriend, etc.)
Lets run the NHS like a business!
I don't understand why we can't have a system where the patient controls the access.
* Patient carries a smartcard - if they go to a hospital or are found lying in the street, smartcard gives access. Put in some sort of emergency override if necessary.
* Patient registers with doctor/provider - uses smartcard to give access either permanently to that practice, or for a period in case of private one-off things.
* Patient has access to web portal to add/remove these bits, and see who has been accessing their data.
This is kind of similar to the way lots of organisations already work with 2 factor authentication and access to service accounts. Because the data is stored centrally it's a lot more robust in case of card loss, but you could add an option to load it onto the smartcard to help with network outages.
The article states "Healthcare professionals with chip and pin NHS smartcards, *who are directly involved in a patient's treatment,* will be able to access the SCR". How is "directly involved with the patient's treatment" defined? It cannot be enforced, no matter what the definition.
More smoke and mirrors from someone that thinks everyone's data is just up for grabs.
A couple of years ago, my wife and I found out that the SCR for us from our local health centre were wrong, and I don't mean odd details but REALLY corrupt. I wont go through the complete list of cockups, but here is a taster. My wifes records had another persons details entered on her record. She also had one or two of my details. The most worrying missing item is that my wife has a serious allergy to penicillin, that information had vanished from her scr.
I had numerous entries missing and / or corrupt, for example my glaucoma was entered as "cured" . We got a meeting with the practice manager. I asked about data entry verification Answer "Whats that". We were told that data entry was done by a really good person, A retired district nurse! , NO CHECKING AT ALL. The other problem is that ongoing data entry is ad hoc. Any new paper or pictures are given to a "free" doctor to enter on the summary, as well as being scanned and attached to the database. Unfortunately again there is no check that the scanned information is attached to the correct persons record.
I was told there are diagnostics to check data entry. When I pulled the specs, I found the diagnostics check that the illness, treatment and status codes are "good" codes, not that they apply to the correct person.
As a result of this my wife and I have opted out of the system!