15“Change is inevitable - except from a vending machine.“ Robert C. Gallagher
16Key Challenges & Risks Information Governance Data Items Availability Data Quality/StandardsReal Time InformationDemographic Service: quality and reliability of the service.Financial: affordability and the potential implementation cost;Resource: availability of both technical and clinical resources to implementation;Infrastructure: due to geographic distances.
17Key Challenges & RisksInformation Governance: accessing GP data would benefit from a consistent approach to data sharing proceduresReal Time Information: to ensure that portal users are confident information is accurate and avoid the need to access separate source systems.Data Items Availability: enabling the Top 14 data items to be accessible to a portal across the majority of Health Boards.Data Quality/Standards: as information is made more widely available and there is a need to agree consistent data standards.
18Disparate and Individual Practice Data Entry in GP SystemsPatient Summary – Available for MigrationPatient Clinical DataPatient Clinical HistoryApplication Read CodePrioritisation AppliedData SharingIncompleteInconsistentInaccurateMisleadingNo National Standard AppliedNo National GuidancePoor Data Entry TrainingDiffering GP SystemsNot Fit for MigrationDisparate and Individual Practice
19Emergency Care Summary Phase II SCI-Gateway ReferralSCI-DCData SharingNo National StandardNo Data .Governance .FrameworkNo SEFPatient SummaryIncompleteInconsistentInadequateMisleadingClinical PortalPatient Clinical History in GP SystemGP GP TransferPatient PortalEmergency Care Summary Phase IILocal SystemsSignificant Clinical Risk and Compromise to Patient Safety
20Patient Clinical History in GP Systems AuditProgrammePatient Clinical History in GP SystemsDefined DataNewPatient SummaryConsistentCurrentReliableAccurateFit for PurposeFit for MigrationApplicable to all .GP SystemsReducing Clinical Risk and Improving Patient Safety
21Emergency Care Summary Phase II SCI-Gateway ReferralData SharingNational StandardSEFProvides .Benchmark .for Data .GovernanceSupports .General .Practice .AdoptionSCI-DCPatient SummaryConsistentReliableAccurateFit for .MigrationClinical PortalPatient Clinical History in GP SystemsGP GP TransferPatient PortalEmergency Care Summary Phase IILocal SystemsReduces Clinical Risk and Improves Patient Safety
22The vision To improve patient journeys and quality of care Maintain patient professional and public trust with a robust Information Governance modelEnsure access to clinical records is appropriate and legitimatePeer review and guidance (e.g.”rule setting”) is essential if this is to deliver improved patient care and safety.
23Information Governance Background Clinicians need to share information to treat patients safely.Some clinical information is very sensitive.We are obliged to protect the confidentiality of patient data.We need assurance that access to information is always legitimate.Information Governance to protect clinical information might be achieved using the following principles:The relationship of the health care professional to the patientThe location of the terminalThe current activity or location of the patientThe role of the userThe type of data to be seen
24RESTRICT WHAT YOU SHARE 1VIEWINGFILTER111VISION 360 DATA HUB11111111111PRACTICEFILTERCurrently data is displayed via the Vision 360 Patient Summary web based application. In the future, certain applications like Adastra will be able to view the data directly from their application.010111111
25Concentric overlapping controls Concentric overlapping controls could be used to provide the necessary protectionEthics and trainingRole Based AccessEvent Based Access ControlEvent Based Access Control is a new concept which enhances existing protection of clinical information to meet the needs of an integrated Electronic Patient RecordPatientRecord
26Ethics and Training Staff are required to complete modules: Staff need regular reminding of their professional obligationsEthics & training: All clinical staff are bound by professional ethics which act as first protection for patient confidentialityStaff are required to complete modules:Information GovernanceData HandlingData ProtectionFreedom Of InformationRegular updates on Information Governance issues through staff bulletins and staff magazineAccess for staff to Information Governance Policies, procedures and guidelinesReaffirmation of IG responsibilities individually to staff who have been authorised to use encrypted laptops and USB memory sticks within an Organisation
27Role Based Access Control RBAC principle: Users can access a record if they have the appropriate role and status in the NHS.2009 Scottish Government Health Dept RBAC ModelInformation CategoryRolesClinical ProfessionalClinical AdminHealthcare AdminSystem AdministratorGeneral patient informationSummarised clinical informationFull clinical informationOnly for authorised userHighly sensitive informationNon patient-related informationRole based access control is embedded in many systems across NHS Scotland.
28Event Based Access Control (EBAC) An enhancement to the RBAC approach based on patient eventsEBAC Principle: Clinicians can only access a record when a patient is in the care of their area of the NHS and they have a legitimate clinical relationship with the patient ..Event base rules look at key events along a clinical pathway such as:Referral into Secondary CareOutpatient AppointmentAnd within a set time frame as well as organisational information of individual accessing record:Speciality/Pathway (ENT, Cancer Pathway)Relationship to Patient (Doctor, Nurse) to assess if an access is legitimate.BenefitsAdds a time bounded dimension to controlling accessCompliments the RBAC model by defining who might be an ‘authorised user’Combined with RBAC and audit controls gives a high level of control
29Event Based Access Control An example shows how EBAC worksIllegitimate: Access -Denied Individual is a Waiting List Coordinator of an unrelated speciality, accessing records a year after discharge….Happens to be a friend of patient who asks him to look up some results.Legitimate Access: Individual is a consultant in cardiology and is assessing a new referralDr John SmithCardiology ConsultantMr David EvansOncology Waiting List CoordinatorHealth Care Professional in Cardiology access Patients details in Clinical Portal on the 13/03/2009Health Care Professional in Oncology access Patients details in Central Vision on the 13/03/2010GP Referral Into Cardiology12/03/2009Added to Waiting List 14/03/2009Book OP Appointment28/03/2009OP Appointment23/04/2009Discharge23/04/2009Patient CHI:
30Access Rules (under development) In depth analysis established a rule set that is straightforward and feasible. High level examples are as follows:-Hospital access is time restrictedstarts when a patient is referred/presents to hospital/clinicUp to 30 days after discharge.Hospital access to records of patients with Long Term Conditions lasts while they continue to attend hospital clinics.Access requested by clinicians not associated with the speciality to which a patient has been referred will be investigated.
31The Future …Implement in phases as both technology and understanding of EBAC rules evolvesPhase 1 – Audit ControlPhase 2 – Preventative ControlDevelop functionality that will query exisiting records to detect illegitimate access.Establish process to report and investigate incidents.Build on issues encountered toRefine EBAC business rules andTrain staffBuild EBAC security into Clinical Portal to control access in real time.Provide access for legitimate clinical follow-up, and a ‘Break Glass’ facility for exceptional circumstances.Deploy process to investigate all ‘Break Glass’ incidents.Sanctions and communication