Follow us on Twitter

Access our Document library

Meet the team

Viewpoint: My Healthcare under my Control, with my Consent, for my Benefit.

Posted by admin on Thu, 28/10/2010 - 10:10
Printer friendly


sadd.jpg
Last week the Coalition Government promised an 'information revolution' for the NHS based on patient choice. Graham Sadd of Paoga sees this as a start, but more can yet be done. 
 
I welcome the recent White Paper -  ‘Equity and excellence: Liberating the NHS’ -  issued by Andrew Lansley, Health Secretary, setting out some worthy and technically achievable ambitions for NHS patients justifying, at least in part, the huge cost of the necessary computerising of patient records.
 
Allowing the patient a choice of service providers will persistently identify successful and failing healthcare providers on quality of frontline ‘service’ rather than the admin-hungry ‘targets’ currently in place.
 
Over a year ago I wrote ‘Have the Tories found the answer to NHS IT?’ in which I set out what I, as a citizen, patient, parent, employer, carer, wanted the NHS to give me as the best return on my NI contributions. To bring it up to date, I should change ‘Tories’ to ‘Coalition Government’ but not much else.
 
A healthy society is good for citizens, business and the nation (tax payer), so that old cliché ‘prevention is better than cure’ is even more relevant given the dire financial straits in which we find ourselves today.
 
Whereas the White Paper focuses on NHS patients, the longer term opportunity for this initiative is to provide the ability for the patient to store a synchronised copy of their NHS medical record to which they can choose to allow access or delegate responsibility to their GP/parent/child/carer. The individual can choose to add other relevant data input from non-NHS health related suppliers (private dentists, chiropractors, sports trainers, dieticians etc.) providing an accessible holistic personal health record with the ability for the individual to share relevant medical information in other trusted relationships such as employment or insurance.
 
My recent personal experience with my aged father is that it is impossible to get different specialists (Dermatology – Nephrology) within a single hospital to cooperate (“Not my department”) and share information, let alone the GP, PCT, Consultant, Carers, Social Services, Pharmacist, etc.
 
I am repeatedly asked, “What’s wrong with him?” “Has he had any operations?” “What medication is he on?” all of which the same hospital has diagnosed, performed and prescribed. Why are they asking me? Why are they scribbling it unintelligibly on little pieces of coloured card? And what information are they relying on from an 85 year old with dementia when I am unable to accompany him to the hospital?
I then push him in his wheelchair, clutching a handwritten prescription, to the pharmacy to join a long queue to be told to come back in half an hour.
 
Confusion and error
 
All this confusion, duplication, opportunity for error and time wasting of valuable medical expertise would be resolved with a simple keyboard/voice/touch screen interface to the patient record under strict access control. This is not new technology – they have been using it in restaurants for years!
 
Legal compliance, security and privacy are major issues that must be addressed.
 According to the Information Commissioner's Office (ICO) earlier this year:
“. . . the NHS is responsible for the highest number of serious data breaches of any UK organisation since the end of 2007. . . Most of the breaches (113) were the result of stolen data or hardware, followed by 82 cases of lost data or hardware.”
 
The solution is ‘access control to encrypted data in the Cloud’ with an audit trail of who accessed what data, when and why. To achieve this, the NHS needs to provide:
  • verification of identities and roles – of approved service providers and their individual employees in delegated roles through framework referral points and various registers. The access rights, privileges and responsibilities that are related to the delegated roles are specified by the service provider;
  • verification of patient identities– can be provided by, for example, their GP in the first instance. Delegates (relatives, carers etc) should also be verified by, for example, cross checking with existing government databases (IPS, CRB, etc). The access rights, privileges and responsibilities related to delegates roles are specified by the patient;
  • traceability – all digital exchanges made by the interacting parties and patient can be traced by the use of the secure audit trail stored at the chosen Attestation Service Provider (ASP) which can be called upon to provide legally admissible evidence of suitable evidential weight in case of a subsequent dispute;
  • accountability – enabled for the service provider employees and patient since they have sole control of their Unique Digital IDentity (UDID). This empowers the individual to be responsible and accountable for all actions related to their delegated role;
  • integrity of process and data – is assured through the use of the irrefutable time-stamp, the record of the content stored in the secure audit trail and the ability to identify the data source be they an individual user acting in a delegated role or the patient;
  • integrity of users - is achieved by the use of delegated roles which explicitly define the access rights and privileges assigned to the user, by the service provider or the patient, in their delegated role;
  • reputational protection – enabled so service providers and  individual users acting in delegated roles can prove their actions through the secure audit trail, if required;
  • interoperability – within a common framework, between diverse systems is achieved through the use of the UDID and NHS Number; 
  • security – is enhanced since all digital exchanges are allowed to have appropriate security implemented based on perceived risk. Additionally, the individual users in delegated roles and the patient will be able to add their own security measures for any digital exchange;
  • legal compliance – is supported since the  PAOGApolicy complies with national and international legislation in relevant jurisdictions, as well as national and international standards and best practice, where appropriate;
  • privacy – by clearly defined access rights, traceability of actions and the possibility to verify identities, confidential personal data is better protected from misuse; 
  • building trust – in relationships over time as the interacting parties will be able to verify the existence and authenticity of approved service providers; verify if individual users are authorised to act in a delegated role and have the ability to receive independently verifiable references.
The outcome of such a structure will be to improve the accuracy and controlled access to data with the express permission of the patient who will be able to exercise the ‘choices’ described in the White Paper whilst substantially reducing the administration time and cost of  patient data collection, maintenance and sharing in compliance with the Data Protection Act 1998. The structure can then be extended to NHS procurement.
 
Now, let’s apply these same principles and outcomes to Education and Employment!
 
Graham Sadd is Chairman & CEO of  PAOGA which has been researching and developing TRM (Trusted Relationship Management) tools, applications and services extending CRM to the mutual benefit of suppliers and consumers whilst respecting individuals’ privacy. Graham will be talking more about information, trust and the NHS at the Business Cloud Summit on 30th November. Ten free places - worth £499 -  are on offer to PublicTechnology.net readers. To claim a free place on a first come, first served basis, please email verity.tarrant@siftmedia.co.uk.