Friday, October 28, 2011

An Interesting Little Report from a Regional Newspaper In the UK!

The following report appeared a few days ago.

NHS rejects fears over roll out of medical database

Published on Saturday 22 October 2011 22:00
THE NHS in North Yorkshire has begun transferring medical records on to an electronic database to help boost life-saving treatment for hundreds of thousands of patients.
But health chiefs have maintained strict procedures will be in place to protect patients’ confidential records, which can be accessed by doctors anywhere in the country.
Angela Wood, NHS North Yorkshire and York’s assistant director of informatics, said: “Anything that can be done to save vital minutes in the treatment of patients can only be a good thing.
“When the new database starts to save lives, hopefully the concerns about the new procedures will diminish.
.....
Only authorised staff with a chip-and-pin NHS smartcard who are involved in a patient’s treatment will be able to access the information stored on the database. Unlike the existing paper records, an audit trail is generated when a patient’s details are viewed on the computer database.
Patients have been given the chance to opt out of the new system, and a mail-shot was sent to residents across North Yorkshire to make them aware of the choices they had. Figures show just 0.9 per cent of the county’s patients have opted out, although Mrs Wood stressed every effort was being made to raise awareness of the new procedures.
.....
The full article is here:
There are two interesting elements of this report.
The first relates to the remarkably low opt-out rate among the general population despite a media campaign - including letterboxing every home - explaining what was planned and its implications.
We have had a poll on the issue here:
and a discussion of the issue here:
A range of links are found there.
The second is the obviously routine use of smartcard based security to manage and audit access to the sensitive health databases.
As I pointed out a few days ago - until we have a system of this type strength and robustness fully implemented across the health system before the claims regarding a provider access audit trail will be true.
Of course just how individual user ID’s will be managed through issues like separation, divorce etc. are also matter of considerable uncertainty. The ConOps does not seem to have a use case on how that is actually handled in terms of access revocation etc.etc.
Amazing how a little regional article from the North of England can have relevance in the Antipodes!
David.

7 comments:

EA said...

David, the Australian Passport Office has relaxed its specifications for gender.
https://www.passports.gov.au/web/sexgenderapplicants.aspx
Is the alternative 'X' classification available in health records?

Dr David More MB PhD FACHI said...

Don't hold me to it but I believe this issue is handled but not ideally:

These are the codes used for Identification of Individuals.

Code Descriptor
1 Male
2 Female
3 Intersex or Indeterminate
9 Not Stated/Inadequately Described

I guess 3 get close.

David.

Grahame Grieve said...

Hi David

That list is the from the national health data dictionary. HL7 v2 and CDA standards have their own equivalents for uncertain/ambiguous and unknown gender. However system support for these concepts is variable. In particular, Medicare only supports M and F with no other options, as established by the applicable law.

EA said...

Thanks, both. I did think of fielding the question up to GG's blog.
I think the point is that some persons will choose, as adults, to identify themselves as belonging in the X category, which is not the same as a medically assigned category. Most healthcare-related transactions do not require inspection of genitalia.
How long would it take for DoHA-Medicare to harmonise its data systems with the Passport Office? (No answer required.)

Grahame Grieve said...

Medicare is confined to dealing with M and F by law (they tell me this - IANAL). Even if the law were to be changed (good luck with that), Medicare is rightfully extremely conservative in the way it manages it's systems, and it would take quite some time before they changed, and then before all the many trading partners also changed.

Anonymous said...

David,

I don't understand your comment about "how individual user ID’s will be managed through issues like separation, divorce etc." Are you referring to clinician IDs or patient IDs?

Dr David More MB PhD FACHI said...

I am talking about how access controls to PCEHR records held by parents are handled when those events occur. I am referring to patient IDs.

Think access to a 13 year old records when a change occur and do partners share log-ons to each other's and childrens's PCEHR. I have no idea and as far as I know neither does the ConOps. Is the management of that clear and automatic or something less?

I am not sure such issues have been thought through - could be wrong of course.

David.