Presentation on theme: "Security and Confidentiality in Integrated Care Records Peter Singleton Senior Associate, Judge Institute Research Fellow, UCL."— Presentation transcript:
Security and Confidentiality in Integrated Care Records Peter Singleton Senior Associate, Judge Institute Research Fellow, UCL
The Goal: Integrating care between agencies Gain operational efficiencies (lower costs) Minimise replication of data entry and data storage (& better validation?) Share development costs across agencies Improve quality of service Avoid clients slipping through cracks (e.g. Victoria Climbié) Better management of process & resources Give better/faster service to client Support process redesign, improvement in care pathways
Moving from paper to computer Accessibility –Audit Commission (1996) – 35% of hospital records missing –Multi-location, easily reproduced – security? Accuracy/reliability –19% of GP records have errors (ERDIP 2002) –Active validation and cross-checking –Issues of context and local practice Consistency –Elimination of duplicates –Problems of ownership Confidentiality –All data may be available – how to protect? –How can patients choose to hide data?
Moving from silos of care to integrated care Currently individual actors (hospital clinician, GP, Social worker) passing messages (referral letters) Industrial model: master craftsman – guilds and professional silos Trying integrated teams and joint working We need integrated processes across teams and organisations – this is the change ICRS can offer if done properly
Building Quality into the system Early feedback to minimise errors –Decision-support systems: pertinent information and quality checks New systems to support new ways of working –Automating current practice is not enough –Need to focus on patient experience –Have planned pathway which is clear to all (including patient/client) Quality will bring effectiveness and efficiency gains
Information Governance HORUS model: –Holding/Obtaining/Recording/Using/Sharing Integrating Initiatives: –Caldicott/Confidentiality Code of Practice –Data Protection/Freedom of Information –Data Quality/Controls Assurance –Records Management –Information Security Missing Stewardship
Issues to consider Sharing between NHS agencies Sharing with Social Services Sharing with other agencies Public Expectations Managing consent Effective security Accessing real data Implementation
Sharing between NHS agencies Barriers –Concerns over legal position –Inconsistent use of NHS Number –Different coding systems –Supporting consent/dissent Drivers –PCTs & StHAs –National Programme (NPfIT) –Waiting Times/eBooking
Sharing with Social Services Barriers –[Lack of] concern over legal position –Identifiers: use of NHS Number? –Different domains - coding systems –Supporting consent/dissent for different purposes Drivers –Shared Services/ SAP requirements –National Programme (NPfIT) –Waiting Times/Bed-blocking
Sharing with other agencies Education, Police, Home Office Supporting immigrants Managing poverty/health/crime
Public Expectations What do the public currently think happens? –Generally assume records are shared, and surprised that they are not –Do not realise that most GP Receptionists can see their records What do we tell the public so that they know what to expect? How do we need to change so that they have a reasonable chance of knowing? Do they have a choice? What can/could/ should they choose?
Managing consent How much informing? When/how to inform? How much consent? Opt-in vs. opt-out Children/Cognitively impaired/elderly/ seriously injured? Consent to what? Direct care/planning/ clinical audit/ financial audit/ research?
Effective Security There is no 100% security – focus on weakest areas first Involve users otherwise they will defeat the system (or worse not adopt it!) Be proportionate Monitor and improve rather than seeking illusion of 100% safety Remember we are seeking to improve healthcare!
Accessing real data Research Ethics Committees Other bodies: SCAG & PIAG Data-sharing agreements Respecting restrictions Minimum data usage
Implementation Clear process for change (NPfIT not clear at present) Clear information for public on how data will be used Mechanism to support choice Design for flexibility Do not underestimate need for culture change – people need to recognise need for change and embrace it Do not forget dynamics of change and need to align incentives to create context for change Do not forget why we are doing this – to improve healthcare
Managing Risk You cannot eliminate all risk - you may plan to avoid certain risks, or take actions to minimise the impact of an event, or plan actions to recover quickly This risk of not providing good healthcare is almost certain if we dont seek to improve All actors must be aware of risks and what should be done to minimise them
CLEF Project Clinical eScience Framework (CLEF) Seeking to deliver near anonymised medical data repository via GRID S&C outputs: –Accepted policies, protocols, and procedures –Proof of pseudonymised route to protect patients interests and preserve usefulness of data –Separating wheat from chaff to improve data value and improve confidentiality –Establish mechanisms for monitoring queries for inferential attack
Abstract Peter Singleton reviews the reasons for Integrated Care Records and how Security and Confidentiality issues affect the approach to, design of, and implementation of ICR systems. There are plenty of technical issues to be addressed, but a number of policy and cultural aspects also need to be addressed, so that any ICRS can be implemented effectively. Trade-offs have to be made between the benefits that ICRS can potentially bring and the requirements for 100% water-tight security & confidentiality. These issues are not insurmountable, but require clear direction from the centre and flexibility in the approach used in order to support a transition to better ways of working.
Biography Peter Singleton is a Senior Associate at the Judge Institute of Management at the University of Cambridge, a Research Fellow at University College London, and a Director of Cambridge Health Informatics. He has specialised in electronic health record systems and, in particular, security and confidentiality issues, since attempting to deliver a prototype EHR system in 2000. He has written a number of papers on confidentiality issues. He is currently supporting the DoH and NHS Information Authority on Information Governance, working on the Clinical eScience Framework (CLEF) project on confidentiality issues, as well as leading the European The Informed Patient initiative. He has an MA in Mathematics and an MBA from Cambridge