Here we go again: New NHS patient database plan sets off alarm bells A paperless NHS that stores patient records in the cloud will be floated by Health Secretary Jeremy Hunt today. His plan to get medical files into a giant database by 2018 is already stoking fears given the public sector's poor record of protecting sensitive information. Hunt will claim in a speech to right-wing think tank …
<Warning: Informed comment>
The thing is, virtually every GP practice has had electronic patient records for ages courtesy of EMIS LV (google it) even if they don't know what electronic patient records are. These records can also interoperate with a wide variety of medical software which lets the average GP practice interoperate with everybody else using software that accepts open data formats.
Having worked for the NHS at a county level, I can say that >80% of surgeries in my county are using EMIS. (it used to be >90% before generous bribes, (ahem incentives, of course) were offered to practices to switch away from it. Those that were using the government recommended solutions generated more support issues than all of the others put together, because EMIS is simply a lot better written and fault tolerant than the competition. Doctors know this quite well since they all meet up occasionally, which is why you'll pry EMIS out of their cold dead hands.
You can't force GP's to use something more useless, because they are and always have been independent for profit businesses. (screaming about privitising the NHS always somehow glosses over that little fact!)
My solution? Specify one set of open interchange formats for medical businesses and declare job done. GP's could swap electronic records 20 years ago via modem, so where is the problem?
The problem only exists at the NHS PCT level. Why? IMO: political interference in operation decisions. Your opinion might differ.
"I was simply referring to the fact that the last concerted attempt to do what Hunt wants was a collossal clusterf**k!"
Except that, much as I hate Hunt for all manner of reasons, that's not what he's saying. They want a network of systems interconnected and able to share information on demand in a standardised way, rather than one giant single database with a tiny handful of possible front-ends.
Anyway, it's not new, it's classic politicians announcing old news as their own idea. Until October I was working for a Council on interoperability with the NHS, and this idea of interconnecting standards, through the Interoperability Toolkit, has been around for at least 2 years, although it may or may not have been official policy, that's what everyone was working on.
So really, define a standard interface that EMIS supports off the bat, create a central broker / proxy and all queries hit this proxy, which then forwards / redirects to the appropriate GP's surgery EMIS DB.
Only central data is name, NHS no, postcode and location of the actual DB that houses the patients records. Maybe DOB too.
Auditing DB with every access attempt (who, where, when and what) - no bulk viewing and all read only. Single record can be viewed at a time, no browsing - access by name, postcode and DOB OR NHS no plus one other piece of data as above.
Cheap and easy. Get away with a couple of tables. DB replication, a load balancer and slap it into a datacentre with diverse network and power.
What's that...? About £25k, £3k a year overhead / support / hosting / connectivity etc. Done.
Oh, 5k consultancy fee for me too.
Obviously could happily sync the data from EMIS instead, or just have it all centralized but why reinvent the wheel?
Keeps the data where it is, the same people who can already get it have access, just a central way to get it.
<Warning: Informed comment>
EMIS LV comes delivered as a client/servers setup already. Having been designed back in the days of dial up, it's pretty impervious to losing it's internet connection since the clients just send data to the server. (For the people who haven't had the unique pleasure of working for or with the NHS, Spine is the central database, access to which is role restricted and locked by 2FA; smartcard and p/w) EMIS's server also caches it (and all local data) in case it loses it's internet connection.
This makes it very handy, especially when people are web browsing during lunch and using much of the internet connection. On nameless, but infamous software which is loathed and the use is resisted strenuously doctors can (and DO) lose data because the connection drops packets and submission just fails and the client gracelessly loses it's data. Uh, you do remember all your medical notes that you typed in so you didn't have to remember, right? (This is why there was "resistance" to the NPFIT rollout!)
EMIS just shrugs and like an email server keeps retrying until it delivers it's records to wherever it needs to. The only reason I can think of for records not being held centrally is that patient consent, and needing to do data entry on the old stuff held in paper files.
I'd be interested to know what the objection was higher up the chain towards EMIS should anybody from such exalted heights wish to enlighten me.
That having said, I might be mistaken about minor details about EMIS; As we all know, systems that "just work" don't need you to learn a great deal about them beyond curiosity.
The privacy thing should not be forgotten because I'll be damned if I allow uncontrolled access to records (which is what will happen if you let them), and I want an audit trail so I as a patient can see who did a data grab.
That is, however, not very hard to do (I developed a model for that at least 10 years ago), and if EMIS LV is already in a client/server architecture it's not going to be a massive effort to link it all up.
But that would not make such a massive amount of money for $consultancy, would it?
This post has been deleted by its author
I've had a kidney transplant, and my local GPs surgery and the hospital don't seem to have problems communicating.
As for ambulances: since I'm taking a certain form of steroids as a result of the transplant I carry with me a card detailing my medication. I would imagine that most people in this sort of situation - diabetic people for example - also do something similar. If paramedics don't know to look for this sort of thing then there are some more serious problems that need to be dealt with starting with their training, and this ever occurred we really would be up a certain creek without a paddle. Another red herring perhaps?
Has Mr. Hunt forgotten that NHS trusts regularly appear on the list of organisations fined by the ICO? Why should they be trusted?
@Halfmad - and yet they keep on having to report themselves as they keep on making the same mistakes. Until people start getting sacked for these mistakes - and I'm including managers in that group since they often make spending decisions that encourage this - rather than simply fining taxpayers via the NHS then nothing will ever change.
I'm still curious: why should we be trusting the NHS?
I should think that taking a card out of someone's pocket and reading it would be more reliable (and even quicker) than trying to find it on a computer - no doubt in a wireless dead spot, as Murphy would ensure. Few things are more useless than a networked computer client without a functioning network.
Unless of course our brilliant lords and masters mean every single ambulance and paramedic to carry a complete database of everyone in the UK. Now that would be perfectly secure.
> a top down project akin to building an aircraft carrier
The first step should be to kick all the IT people off this project. Stop thinking of it as a computer to help medical people and start thinking about what those people want to do. Then apply the least amount of technology that will meet the needs of the users.
Most people in the caring professions are there because they are drawn to the personal interaction with patients, they want to do tangible stuff (like sticking on plasters) that makes people better. The ones I have met do not want to spend their days as data-entry clerks, although last time an aged relative was admitted three different members of the nursing staff sat with AR at various times during the day and wrote down on paper pretty much the same information - most of which we could have done while sitting in the waiting room, waiting to be called in.
So if this project is going to be a success - and the odds don't seem to be in its favour - the starting point must be to create a system around the way the medical staff like, or choose, to work and to make THAT JOB easier. If it starts from an IT perspective of "let's give these people new practices and procedures that will make them more productive" than it will get sidelined and ignored, just like the previous failures.
More importantly, ban all non-IT professionals from making any IT related decisions. This is the fundamental source of the problem.
Those that can - do. Those that can't - teach. Those that can't teach - administrate. Those that can't administrate - go into politics - so they can tell all the others how to do, teach and administrate. Madness.
"Those that can - do. Those that can't - teach. Those that can't teach - administrate. Those that can't administrate - go into politics - so they can tell all the others how to do, teach and administrate ..."
... and those that can't be bothered to get into politics go into Human Resources departments so they can stop anyone doing anything useful either.
But if you ask 3 medical staff how they work you'll get at least 3 different answers. This is why a country wide system will never work. Particularly now that hospitals, AKA Health Trusts are essentially disparate companies.
That said, it really shouldn't be that difficult to create a database table with 65million rows in it?
A database with 65 million rows?
Ha ha ha. Soon after you have started the project you will learn that somehow, many of these rows have subtly different structure to all the others. And then you find that you need to write and maintain communication with more than 5000 databases, each using different schema and using more than a dozen of different protocols. Few of them actually documented and none of them robust enough to actually do the job.
Well I am of course guessing all of this, but these are "normal" starting conditions of someone trying to connect thousands disparate data systems, few of them designed to support distributed data processing. And since each GP, hospital and trust currently has its own private database, that's where you start.
"a country wide system will never work", and yet in other countries that is exactly what they have, and it works (or at least, the advantages are greated than the drawbacks). Off the top of my head at least France, Iceland and The Netherlands, I think Norway, certainly other European countries. How about we ask them?
Oh no an expensive US consultancy will be hired, who hire an expensive US software company, who will outsource the work to India/China and walk off with billions and we'll have fuck all to show for them. And then as if by magic an incredible amount of politicians will get directorships in the same companies involved.
Yup. Even in Canada, where provincial government health insurance schemes cover everyone.
And we have one already in this country, just not for medical records: http://www.connectingforhealth.nhs.uk/systemsandservices/ssd/prodserv/demo. Everyone who has an NHS Number is in the Exeter system, so, amongst other things, provider NHS Trusts (hospitals etc) know who to bill when they see a patient.
This type of system is even in Canada, where provincial government health insurance schemes cover everyone.
> a top down project akin to building an aircraft carrier
So what is the brilliant alternative he has in mind? Bottom-up - with hundreds or thousands of disparate, uncommunicating teams all over the country inventing their own ways of doing it? That would turn out like the classic cartoon of the bridge being built by two teams, one on each side of a huge deep ravine. Naturally, when they reach the middle they find the two halves don't quite meet.
Other possible approaches might be middle-out, or (with apologies to the immortal Stan Kelly-Bootle - author of "The Computer Contradictionary" http://tinyurl.com/alk2o7v and its earlier subset, "The Devil's DP Dictionary") the very common but notoriously unambitious bottom-down.
There's no way to get them out again. And there's no way to prevent scope creep.
Because you can bet that some bureaucrat somewhere will think to themselves, "We've got a lot of data here on every man, woman and child in the UK. I wonder who we can sell it to."
It's true that it's likely that the records will be abused / sold off. Which is a real pity, because a good e-record system WILL really improve health outcomes.
Completely true about the no top-down approach. Nothing prevents local hospitals from keeping their own e-records. There isn't THAT much population mobility that a significant number of people will ever need their records accessed somewhere out of their home county. And when that happens, it's possible to copy an e-record from one hospitals' format to another, but too complicated to do en masse (which for privacy's sake will be a desirable feature rather than a bug)
From the article:
it estimated that £4.4bn from the public purse could be saved each year and funnelled into improving the healthcare system.
Could be, but won't. It'll more likely be funnelled into the 30+% pay rise that MPs think that they deserve amongst other things.
I seem to recall the special deals negociated by the government with the drug companies coming in for criticism in the past. Apparently a lot of the time the drops in prices were due to rebate agreements rather than simply paying less, but thanks to the complexity of said agreements the rebates were often left unclaimed leading to unnecessarily higher costs for the NHS.
I wonder how much the government could save if the civil service actually took advantage of all those rebate agreements rather than just those that were easy to deal with?
The alarm bells really started ringing when I got to the bit about PricewaterhouseCoopers having published a report. The big consultancies are short of public sector work at the moment. What better time to lobby ministers into launching another round of NHS madness.
If the consultancies are involved you can bet your a*se that any solutions will be even more complex, more centralised and more prone to juicy and lucrative cost overruns than the last attempt at this.
There are some (relatively) simple decentralised solutions to solving this problem, but there is little money to be made from them by the management and IT consultancies, hence they never see the light of day.
The fathers of the internet did not set up a single, central DNS server and require everyone to subscribe to it. Instead, they defined a standard for the operation and interaction of domain name servers. Anyone could set up a server as long as it complied with the standard, resulting in a gloriously simple and scalable distributed database. OK, it's time for some updates now, but it has served us with distinction and performed way beyond its original design goals.
The NHS needs to define a standard by which any two patient administration systems (PAS) can share records. After that, we can have many competing PAS systems which will increase choice and quality and drive down costs. Trouble is, you can't charge 12 billion quid for setting a standard.
" Instead, they defined a standard for the operation and interaction of domain name servers. Anyone could set up a server as long as it complied with the standard, resulting in a gloriously simple and scalable distributed database. "
In fact the internet is a family of standards designed to share date between wildly differing computers back when there were many more different systems (a dozen operating systems at least in widespread use).
People see the WWW and think they are seeing the internet. They are wrong.
... that in setting standards for communication that none of those standards are remotely related to HL7v3. Definitely the worst piece of design produced by the people you would least trust to produce it foisted on the last thing you want to go wrong.
AC because criticising HL7 hasn't been good for your career in Health Informatics - particularly if you're Stateside of the pond.
That's hardly fair as the NHS is the largest employer in the country and one of the top-five largest employers worldwide.
As a result you would expect more breaches in the NHS than any other organisation in the country.
Also, public sector organisations must report breaches to the ICO, private organisations do not.
"It is crazy that ambulance drivers cannot access a full medical history of someone they are picking up in an emergency"
It's crazier to assume that ambulance staff are going to be sitting in the ambulance reading the patient's medical history for anything other than keywords. Keywords that, should they impact on the paramedics ability, are most likely to be printed on a bracelet about that person in a recognised design to attract the attention of a paramedic.
"Allergic to"
"Suffers from"
"Must not be given"
etc.etc.etc.
There are not thousands of people dying every day because the ambulance has given them something they didn't know the patient couldn't have. And if there are, nothing more than a summary of keywords needs to be stored ANYWHERE, or transmitted to ambulance crew. Thus this is a fabricated problem, which makes me wonder the true intent.
The other part, about GP's etc. having consistent access to medical records - there, I grant you there's a use. But I'm afraid you just dug your own grave by going above and beyond what it quite a simple problem (digitise all medical records) to something that's unnecessary, expensive, needs lots of specialised equipment (a GP I expect to have a PC already, an ambulance doesn't need any more expensive electronic crap put into it), and transmits my personal medical details around the country for no real reason.
What you need is a common electronic file format. Not a cloud-based system with poor controls on it. Under the current system, I know that my doctor has my medical records, and can supply them to other vetted people if necessary (at his own risk). If he had a common electronic file format, he could easily supply that information to various places as and when the need arises for my details to transfer (even, say, a one-time transfer to a central location which can pass them out to ambulances should I get run over and be identified as the patient). What ISN'T needed is a way for everyone, everywhere, with an NHS machine to access my records willy-nilly, confuse me with a similarly named / numbered stranger, and to have little to no control over, say, seven thousand people all accessing celebrity X's medical records to see if he really DID have a nose job last week.
What you NEED is a common electronic medical file format. When you have that, and you publish it, and software manufacturer's can compete to provide the best system to handle those formats, then you may convert my records. How you distribute those records once converted - that's an ENTIRELY different question, and I'd personally go for a token-checkout style method. Anyone on the NHS can checkout a record (with suitable permission and checks that they are allowed to do so), but only ONE machine/user can checkout my records at a time. Those checkouts are logged and recorded and I can QUERY THEM myself from the Government gateway website at any time (I don't need personal medical details on there, either - I just want to have a list of when my token was checked out and who's currently holding it, and a short history of token changes). If a hospital in Strathclyde reads my details (I haven't been a doctor in nearly 10+ years except to register, and live nowhere near there), I will want to know WHY, and have people held accountable. And without the token request, you cannot see ANYTHING of my details.
Then an ambulance, or a Casualty department, can have "priority", take the token away from any current holder for my records (suitably logged of course) at any time. And I will KNOW they did that. And they will see what they want. And the common file format thus devised will provide the minimum of access necessary for their job (i.e. a list of important conditions and nothing more, unless they request to probe further but most likely that would be a doctor in the Casualty rather than the paramedic who does that) so they can see if I'm allergic to penicillin but NOT, say, that I recently had a colonoscopy or whatever.
Everything you do above and beyond a simple, secure system like that makes me question why. Usually the answer is simple greed ("I have a friend in the medical software business who needs some work", for instance), but that's indistinguishable from government corruption in the early stages, so you need to do things to reassure me that's NOT your intention.
And the best thing you can do? Not pilot another humongously expensive NHS IT scheme (which now have a reputation for complete and utter failure worse than anything else in IT), but a small, simple change that will make all such future schemes easier, cheaper, more practical, and still compatible with what you've done. Gimme a common file format. Then we can talk about digiting records. Then we can talk about centralising records. Then you can give me a token system that prevents abuse. Each step in a few years work at absolute worst, do-able within a reasonable budget, and helps the next steps take place.
Until then, you keep that brown envelope that my local doctor still holds and has about three slips of paper in it describing an injury to my eye at birth and - well, that's about it. I have nothing to hide in my medical records, but the WAY you want to use them doesn't give me any confidence at all in the presence of simple ideas that would work much better and that you actually stand a chance of implementing successfully inside a single term of leadership.
I have to agree, here.
Everywhere could easily run their own databases for medical records. What is needed is a standard format for exchange of this data between NHS institutions.
So if your GP refers you to the hospital, they can send the data on in a manner which will integrate with the hospital's own systems. Similarll, A&E departments could be given (logged and controlled) powers to access a patient's medical records, with that access being funnelled to the appropriate GP's database.
This requires much less development (and money) than a centralised system, and should be more secure. At the very least if a breach did occur, it would be for a single database instead of the whole thing.
I also agree that everywhere should be able to run their own electronic patient records system.
However I do see the benefit in a central database but only one that provides a pointer to where a persons medical records are stored based on their NHS number. This way GP's, A&E departments, Hospitals and even dentists could store their own data on a patients. Provide that data upon receipt a suitable, secure, electronic request via a clearly defined data interface standard.
Using this type of approach a GP, for example, could request the records for one of their patients and their own ePatients system would not only pull the data from it's own database but would query the data from other external databases based on the central NHS Number database. The resulting data retrieved from other sources could be locked as read only and sorted into date order with the GP's own data giving a full history. Queried data would then be purged after use.
Such a system should be easier to implements as a central database of people against NHS number probably already exists. Just setup a new table with a one to many relationship listing all the locations where that persons records exists. When new locations present themselves then add them to the table.
Setup an access rights table to control who can have access to what data from which sources.
Define the standard for data interchange and for communication with the central database for either queries or update/addition of locations.
Finally the software vendors who provide the ePatients databases would then needs to add the data interchange functionality, central database query functions and finally the views of the data.
Simples. Job Done. Ok sounds simple but won't be. But there does not need to be a central cloud of all patients data. There just needs to be a better way of pulling it all together when appropriate.
Just my two pence worth.
With today’s memory sticks you could store every comment & every x-ray, MRI etc in every format ever captured.
Last time round a justification for the national database was to prevent multiple x-rays being taken by each hospital that someone with complex problems, who did not want to be sterilised in the process. Sticking the x-ray on a memory bracelet and/or DVD would be much simpler.
The real benefit of a national database has got nothing whatsoever to do with patient care, it is for DNA profiling to find correlations between gene sequences, ethnicity, gender, behaviour and medical conditions
"Last time round a justification for the national database was to prevent multiple x-rays being taken by each hospital that someone with complex problems,"
IIRC the capture and storage of X-rays digitally was one of the jewels of the almight cluster**ck that was the NHS PfIT. That is already taken care of.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
