1. M EDICAL D ATA, P ROCESSING, E -P RESCRIBING AND PACS Week 4 – Part 1

2. F IRST, AN A NNOUNCEMENT

3. O VERVIEW What is medical data? How is data processed? What are Picture Archiving and Communication Systems What is ePrescribing? What about security?

4. M EDICAL D ATA (1) Gathering medical data (or simply data) and interpreting their meaning is central to providing healthcare to patients. Medical data are crucial to information processing and decision making. Computers are used for information processing in three ways: 1. Observation (measuring and data entry) 2. Diagnosis (data processing / analysis) 3. Therapy (output generation)

5. M EDICAL D ATA (2) Data provides the basis for categorising the symptoms that a patient presents or for identifying subgroups within a population of patients. It also helps clinicians to decide what additional information is needed / what tests need to be performed to gain better understanding of the patient’s problem or to treat most effectively the problem that has been diagnosed.

6. M EDICAL D ATA () Data is anything which can be observed from a patient or generated based on previously collected or derived data. Temperature, ECG, red blood cell count, age, gender, past history of disease, family history etc. Medical data typical includes: Details of the patient in question The parameter being observed The value(s) of the parameter The time of the observation (if appropriate)

7. T YPES OF M EDICAL D ATA (1) Narrative data: Description of symptoms, family history etc. Typically gathered from focused questions asked by the practitioner. Discrete Numerical Values Many data in medicine take on these values. Temperature, pulse rate, lab test results. Analog data Some data is in the form of continuous signals. Perhaps the best known example is the ECG. Typically graphical tracing is included with written interpretation of its meaning. Visual data (images) Either acquired by machine or sketched by clinicians. Radiological images is an obvious example.

8. D ATA R ECORDING T ECHNIQUES It should be clear from these examples that the idea of data is inextricably bound to the idea of data recording. Data recording techniques range from: Hand-written text Commonly recognised shorthand Hand drawn sketches Machine generated tracings of analog signals Photographic images. This range of data-recording conventions presents significant challenges to the person implementing computer-based medical-record systems.

9. W HO C OLLECTS M EDICAL D ATA ? Clinician staff – doctors and nurses Office / Admin Staff Lab personnel Radiologists Pharmacists ICT devices – ICU monitors.

10. M EDICAL D ATA U SES Build up an historical record Identify future health risks Identify deviations from expected trends Provide a legal record Support training and development

11. I NFORMATION P ROCESSING We can only talk about information processing if a human is involved. Computers cannot process information. Computer can only process DATA. Only a human being is able to interpret the data so that they become information. As we previously discussed, computers in medicine exist to serve and complement human beings (clinicians) but not replace them.

12. O NLINE M EDICAL D ATA Source : http://www.scientificamerican.com/article.cfm?id=future-of-medical-data

13. P ICTURE A RCHIVING AND C OMMUNICATION S YSTEMS (PACS) PACS are computers, commonly servers, dedicated to the storage, retrieval, distribution and presentation of images. Two main uses Hard copy replacement: PACS enables images such as x-rays and scans to be stored electronically and viewed on screens, creating a near filmless process and improved diagnosis methods. Remote access: Doctors and other health professionals can access and compare images at the touch of a button.

14. PACS (2) PACS allow image: viewing at diagnostic, reporting, consultation, and remote computer workstations, archiving of picture, typically to a central server (image repository). communication using local / wide-area networks, public communication services, and gateways to healthcare facility and departmental information systems.

15. PACS (3) Images are stored in an independent format. DICOM (Digital Imaging and Communications in Medicine) standard. PACS can handle images from: Ultrasound Magnetic Resonance Imaging Computed Tomography Digital X-ray

16. PACS C OMPONENTS Image sources Suitable Network Powerful and robust central computer to process information Client viewers available in at the office, home, or patient bedside

17. PACS A DVANTAGES Replaces standard film – space saver! Allow remote viewing and reporting – teleradiology Digital images have a zoom feature Computer Aided Detection (CAD) Automatic classification Able to ‘draw’ over scans

18. PACS 3D R ECONSTRUCTION / S IMULATION

19. C ONTENT B ASED I MAGE R ETRIEVAL S YSTEMS

20. PACS D RAWBACKS Cost of initial setup – server purchase, digital radiology equipment. Bandwidth limits Some clinicians complain that images can take 15- 20mins to load! Black and white computer monitors not as bright as traditional x-ray view boxes. Potential loss of detail.

21. PACS S UMMARY PACS systems are regarded as one of the more well received technologies. There appears to be less concern about implementation and training. Organisations worry about the initial setup fees. Nevertheless, PACS are expected to become widespread, similar to WiFi, in the coming years.

22. PACS IN N ORTHERN I RELAND Source : http://www.prohealthservicezone.com/Customisation/News/Diagnostics_Equipment_Monitoring_and_Test/Radiology_I nformation_Systems_RIS/Northern_Ireland_hospitals_go_live_with_NIPACS_radiology_IT_solution.asp

23. I NTRODUCTION TO E LECTRONIC P RESCRIBING ePrescribing is defined as: the use of electronic systems to facilitate and enhance the communication of a prescription or medicine order, aiding the choice, administration and supply of a medicine through knowledge and decision support and providing a robust audit trail for the entire medicines use process. (NHS Connecting for Health, 2007) http://www.connectingforhealth.nhs.uk/systemsandservices/eprescribing/baselinefunctspec.pdf

24. E P RESCRIBING Aims to replace paper-based prescriptions scripts to facilitate the development and delivery of systems to improve patient safety by reducing prescribing and administration errors. It will allow medications and other prescribed therapies to be managed electronically at every stage, from prescribing to supply and administration.

25. T HE N EED FOR E LECTRONIC P RESCRIBING The medications we use have increased in number and complexity. This demands more knowledge and understanding from clinical staff This also leads to greater concern over the risk of errors and the harm they cause Medication errors are indeed identified as a major preventable source of harm in healthcare. Errors do occur, UK studies show that: o Prescribing errors occur in 1.5-9.2% of medication orders written for hospital inpatients o Dispensing errors are identified in 0.02% of dispensed items o Medication administration errors occur in 3.0-8.0% of non- intravenous doses and about 50 % of all intravenous doses The use of ePrescribing can help reduce such errors

26. T HE P APER B ASED S YSTEM It’s estimated that approximately 7,000 US citizens die each year due to medication prescription errors! 1 in 20 hospital admissions within the UK are thought to be medications error related.

27. P ROBLEMS WITH THE P RESENT S YSTEM (1) Fraud Estimated that prescription fraud costs the NHS of the order of £70 – 100 million / year. Data integrity Approx. 40% of all US / UK prescriptions require clarification with 5% requiring a phone call to the doctor. Administrative Workload In 2001, the UK Prescription Processing Agency (PPA) handled 578 million prescriptions. Each script has to be processed before payment can be dispensed to the pharmacy. Patient Exemptions and Identification At present within the NHS system, emphasis for checking for identity and exemptions rests with the Pharmacist. Helps those seeking fraudulent benefits. Source: http://kar.kent.ac.uk/13770/1/SystemMundy.pdf

28. P ROBLEMS WITH THE P RESENT S YSTEM (2) Efficiency Script processing system is reasonably efficient between the prescriber (e.g. GP) and the dispenser (pharmacy). It is waiting for payment through the PPA that takes time. In order to be accepted by all stakeholders, one of the main objectives must be to ensure a lack of degradation of the efficiency of present working practices. 60% of Pharmacists believe e-prescribing would lead to timesavings within the dispensation process. 55% believe will lead to shorter waiting times for prescriptions. Such high expectations place additional demands on the implementation of EPP (Electronic Prescription Processing). One area where benefits may accrue from e-precribing could be improvements in the handling of repeat prescriptions. Source: http://kar.kent.ac.uk/13770/1/SystemMundy.pdf

29. W HAT WILL E-P RESCRIBING P ROVIDE ? Computerised entry and management of prescriptions. Knowledge support, with immediate access to medicines information. Decision support, aiding the choice of medicines and other therapies, with alerts for drug interactions. Computerised links between hospital wards / departments and pharmacies. Ultimately, links to other elements of patients' individual care records. NPfIT (Week 6) Improvements in existing work processes. A robust audit trail for the entire medicines use process.

30. S IMPLISTIC S YSTEM O VERVIEW

31. R EALISTIC S YSTEM O VERVIEW o Doctor = Computerised Physcian Order Entry (CPOE) o PAS = Patient administration system o EMR = Electronic medical records

32. B ENEFITS OF E-P RESCRIBING A reduction in the risk of medication errors as a result of several factors, including: More legible prescriptions. Reduced ‘paper’ work Alerts for contra-indications (risks involved with using a particular drug), allergic reactions and drug interactions. Guidance for inexperienced prescribers. Process improvements as a result of: Improved communication between different departments and care settings. Reduction in paperwork-related problems, e.g. fewer lost or illegible prescriptions. Clearer, and more complete, audit trails of medication administration. Improved guidance and management and appropriate reminders within care pathways.

33. P OTENTIAL R ISKS OF E-P RESCRIBING Changing from paper to a computer based system is hard Most people struggle at first, and tasks take longer Some people are fearful that their computer skills are not sufficient Systematic errors may be programmed in, e.g. terminating a course of antibiotics without warning Assumption that ‘the computer must be right’, e.g. unthinking use of default doses Errors using drug selection drop-down lists Reduction in face-to-face communications within the care team

34. E XAMPLE OF A DMINISTRATION S CREEN o Legible o Two day context o Clear record of activity o Able to review allergies

35. E- PRESCRIBING S UMMARY Implementing ePrescribing is a challenge, a major project and a substantial change in the way care is delivered But it is achievable, and others have achieved it and gained many benefits Once it is in use most health care professionals would not want to go back to paper

36. SECURITY AND CONFIDENTIALITY Week 4 – Part 2 36

37. INTRODUCTION Many of the topics discussed thus far have highlighted the benefits of: databases for storing vast arrays of medical data and computer networks for sharing this information between medical staff and different institutions. Associated with these obvious benefits are a number of potential ‘risks’ in relation to the security of medical data. 37

38. D EFINITION OF SECURE Free from fear, care, danger, doubt, etc. Not worried, troubled Firm, stable Safe; in safekeeping Reliable, dependable (Source: Collins Concise English Dictionary) 38

39. D EFINITION OF CONFIDENTIAL Told in confidence (the belief that another will keep a secret) Entrusted with private or secret matters Derived: Latin con (with) fides (trust) 39

40. W HY ARE THEY IMPORTANT ? Not all information is public The best secret is one you tell to no one Desirable qualities of information: confidentiality available to those who are authorised to use it unavailable to those who are not integrity safe against unauthorised modification 40

41. W HY IS MEDICAL INFORMATION SENSITIVE ? Personal Can highlight a weakness or lack of One of a number of types of information deemed "sensitive personal data" by the Data Protection Act… 41

42. S ENSITIVE PERSONAL DATA (DPA 1998) the racial or ethnic origin of the data subject political opinions religious beliefs or other beliefs of a similar nature whether they are a member of a trade union (within the meaning of the Trade Union and Labour Relations (Consolidation) Act 1992) physical or mental health or condition sexual orientation the commission or alleged commission by them of any offence, or any proceedings for any offence committed or alleged to have been committed by them, the disposal of such proceedings or the sentence of any court in such proceedings 42

43. S ENSITIVE MEDICAL CONDITIONS 43 AIDS/HIV Other STDs Abortion Fertility/embryology Mental health problems Can Impact on… personal relationships job ability to get obtain insurance

44. H ORROR STORIES Person told results of tests by their neighbour Inappropriate calls to family practitioner committees Hospital Episode Statistics contain date of birth and postcode NHS Tracing Service first database to contain up-to-date information on the whereabouts of every man, woman and child in england. 44

45. K EY QUESTIONS Are these… ethical? legal? Have patients given their consent? 45

46. C ALDICOTT REPORT (1) Report on the review of patient-identifiable information: Review commissioned by Chief Medical Officer of England Chaired by Dame Fiona Caldicott Reported December 1997 Continually amended. 46

47. C ALDICOTT REPORT (2) Looked at all patient-identifiable information transferred between NHS and non-NHS bodies 86 flows of patient-identifiable information were mapped relating to planning, operation and monitoring purposes 6 principles which should be applied to information flow were made Read the article of webCT.

48. Caldicott Principles. Principle 1 – Justify the purpose(s) for using confidential information Principle 2 – Only use it when absolutely necessary Principle 3 – Use the minimum that is required Principle 4 – Access should be on a strict need-to- know basis Principle 5 – Everyone must understand his or her responsibilities Principle 6 – Understand and comply with the law 48

49. C ALDICOTT RECOMMENDATIONS Reinforce awareness of confidentiality issues Appoint "Caldicott guardians" NHS number (ID) should replace other identifiers Establish protocols for authorising access Design systems that avoid patient-identifiable data being transmitted 49

50. P ATIENT IDENTIFIABLE INFORMATION patient’s name, address, full post code, date of birth; pictures, photographs, videos, audio-tapes or other images of patients; NHS number and local patient identifiable codes; anything else that may be used to identify a patient directly or indirectly. E.g. Rare diseases, drug treatments or statistical analyses which have very small numbers within a small population may allow individuals to be identified. 50

51. P SEUDONYMISATION Use a patient number which only the responsible organisation can link to the patient's name However, many people are still identifiable from their condition (or combination of conditions), or other factors The NHS number is in very widespread use 51

52. A NONYMISATION Restrict: age data to year of birth address to postcode sector This is enough to identify age cohorts and deprivation index, but not enough to identify individuals 52

53. C ONSENT Explicit or Express Consent This means articulated (spoken) patient agreement. The terms are interchangeable and relate to a clear and voluntary indication of preference or choice, usually given orally or in writing and freely given in circumstances where the available options and the consequences have been made clear. 53

54. E XCEPTIONS THAT ALLOW DISCLOSURE Public interest prevention or detection of serious crime prevent abuse or serious harm to others "notifiable diseases" Legally required to disclose court orders and inquiries 54

55. B ASICS OF SECURITY SYSTEMS What you know Password-controlled systems What you hold Key-based systems Who you are Biometric systems 55

56. P ROBLEMS OF SECURITY SYSTEMS Endemic problems: high turnover of staff temporary (agency) staff mobile staff logging in/out is inconvenient Results in: sharing passwords leaving systems logged in 56

57. B REACHES : C AUSES AND E FFECTS 57

58. C RYPTOGRAPHIC SERVICES Principle security services for electronic transactions: Confidentiality – to keep information private Integrity – to prove that information has not been manipulated Authentication – to prove the identity of an individual or application Non-repudiation – to ensure that information cannot be disowned 58

59. T YPES OF CRYPTOGRAPHY 59 Symmetric Same key encrypts and decrypts Relatively fast Asymmetric Key pairs - different keys for encryption and decryption Relatively slow One key can be public if the other is kept private Can provide digital signatures

60. P UBLIC K EY I NFRASTRUCTURE (PKI) As well as keys, need: products to generate, store and manage keys certification of keys (how do you know a public key belongs to the person you think it does?) certification authority(ies) 60

61. PKI O VERVIEW Certificate Signing Request Certificate Authority Developer’s Identity Information Developer’s Public Key Information Name of Certificate Authority Certificate Authorities Digital Signature Digital Certificate Certificate Authorities Private Key Message Digest Value Generate Digital Signature Developer’s Identity Information Developer’s Public Key Information Name of Certificate Authority Certificate Authorities Digital Signature Digital Certificate Certificate Authorities Public Key Message Digest Value Certificate Authorities Digital Signature Validate by comparison of MD Values Trusted Certificate List

62. T YPES OF I NFORMATION Digital Patient health records Digital administrative information Digital X-rays, photographs, slides and imaging reports Digital media – tapes, CD-roms, DVDs, USB memory sticks. Email, sms and other message types. 62

63. S ECURITY I NCIDENTS Risk to the integrity of computer systems or data Risk to availability of computer systems Adverse impact, such as: Legal obligation of penalty Financial loss Disruption of activities Examples of possible breaches will include: Virus infections Spyware / malware Hacking Copying of unauthorised or unlicensed software Inappropriate use of the internet or email. 63

64. S ECURITY WITHIN THE NHS (1) Strict and robust safeguards have been put in place to protect the security and confidentiality of every patient's health care record. The use of 'smart cards' with a Personal Identification Number (PIN). Only authorised users will receive these, for example, a consultant will see more detail than a receptionist who will only see the information needed to process an appointment, not the full clinical record (role-based access). NHS Care Records will only be accessible in an identifiable form to authorised health care professionals who have a justifiable clinical or legal reason to see the information. anonymised format for research allowed. 64

65. S ECURITY WITHIN THE NHS (2) There will be a log kept of those who use the NHS Care Records Service to access a care record, showing who they are and what they added or changed. The patient can ask to see this information Systems will not hold any clinical information or sensitive data items such as ethnicity or religion. Patients cannot routinely request that their data is not stored on the Personal Demographic Service (PDS) as it is necessary for some information to be held about everyone who is a patient of the NHS. 65

66. S ECURITY WITHIN THE NHS (3) In particular, contact details must be held to: satisfy legal requirements for registers of which patients are under the care of each GP Practice. ensure that each individual presenting for care is ordinarily resident in this country and therefore eligible for free care. ensure that information about one patient does not become confused with that of another patient. contact patients when they need to attend check-ups etc. There are cases where access to a patient's demographics record must be limited, for example for an adoption. 66

67. S UMMARY As IT infrastructure continues to be embedded within healthcare security will continue to be at the forefront of system design and management. The best policy for managing security is to ensure that strict guidelines are issued and adhered to by clinical staff. This, however, will require a large change in the current workflow of clinicians and clinical support staff. 67