Friday, October 28, 2011
An Interesting Little Report from a Regional Newspaper In the UK!
The following report appeared a few days ago.
Published on Saturday 22 October 2011 22:00
THE NHS in North Yorkshire has begun transferring medical records on to an electronic database to help boost life-saving treatment for hundreds of thousands of patients.
But health chiefs have maintained strict procedures will be in place to protect patients’ confidential records, which can be accessed by doctors anywhere in the country.
Angela Wood, NHS North Yorkshire and York’s assistant director of informatics, said: “Anything that can be done to save vital minutes in the treatment of patients can only be a good thing.
“When the new database starts to save lives, hopefully the concerns about the new procedures will diminish.
Only authorised staff with a chip-and-pin NHS smartcard who are involved in a patient’s treatment will be able to access the information stored on the database. Unlike the existing paper records, an audit trail is generated when a patient’s details are viewed on the computer database.
Patients have been given the chance to opt out of the new system, and a mail-shot was sent to residents across North Yorkshire to make them aware of the choices they had. Figures show just 0.9 per cent of the county’s patients have opted out, although Mrs Wood stressed every effort was being made to raise awareness of the new procedures.
The full article is here:
There are two interesting elements of this report.
The first relates to the remarkably low opt-out rate among the general population despite a media campaign - including letterboxing every home - explaining what was planned and its implications.
We have had a poll on the issue here:
and a discussion of the issue here:
A range of links are found there.
The second is the obviously routine use of smartcard based security to manage and audit access to the sensitive health databases.
As I pointed out a few days ago - until we have a system of this type strength and robustness fully implemented across the health system before the claims regarding a provider access audit trail will be true.
Of course just how individual user ID’s will be managed through issues like separation, divorce etc. are also matter of considerable uncertainty. The ConOps does not seem to have a use case on how that is actually handled in terms of access revocation etc.etc.
Amazing how a little regional article from the North of England can have relevance in the Antipodes!
Posted by Dr David More MB PhD FACHI at Friday, October 28, 2011