Security and Confidentiality in Integrated Care Records Peter Singleton Senior Associate, Judge Institute Research Fellow, UCL The Goal: Integrating care between agencies Gain operational efficiencies (lower costs) • Minimise replication of data entry and data storage (& better validation?) • Share development costs across agencies Improve quality of service • Avoid clients slipping through cracks (e.g. Victoria Climbié) • Better management of process & resources Give better/faster service to client • Support process redesign, improvement in care pathways Moving from paper to computer • Accessibility – Audit Commission (1996) – 35% of hospital records missing – Multi-location, easily reproduced – security? • Accuracy/reliability – 19% of GP records have errors (ERDIP 2002) – Active validation and cross-checking – Issues of context and local practice • Consistency – Elimination of duplicates – Problems of ‘ownership’ • Confidentiality – All data may be available – how to protect? – How can patients choose to ‘hide’ data? Moving from silos of care to integrated care • Currently individual actors (hospital clinician, GP, Social worker) passing messages (referral letters) • Industrial model: master craftsman – guilds and professional silos • Trying integrated teams and joint working • We need integrated processes across teams and organisations – this is the change ICRS can offer if done properly Building Quality into the system • Early feedback to minimise errors – Decision-support systems: pertinent information and quality checks • New systems to support new ways of working – Automating current practice is not enough – Need to focus on patient experience – Have planned pathway which is clear to all (including patient/client) • Quality will bring effectiveness and efficiency gains Information Governance • HORUS model: – Holding/Obtaining/Recording/Using/Sharing • Integrating Initiatives: – Caldicott/Confidentiality Code of Practice – Data Protection/Freedom of Information – Data Quality/Controls Assurance – Records Management – Information Security • Missing ‘Stewardship’ Issues to consider • • • • • • • • Sharing between NHS agencies Sharing with Social Services Sharing with other agencies Public Expectations Managing consent Effective security Accessing real data Implementation Sharing between NHS agencies • Barriers – Concerns over legal position – Inconsistent use of NHS Number – Different coding systems – Supporting consent/dissent • Drivers – PCTs & StHAs – National Programme (NPfIT) – Waiting Times/eBooking Sharing with Social Services • Barriers – – – – [Lack of] concern over legal position Identifiers: use of NHS Number? Different domains - coding systems Supporting consent/dissent for different purposes • Drivers – Shared Services/ SAP requirements – National Programme (NPfIT) – Waiting Times/Bed-blocking Sharing with other agencies • Education, Police, Home Office • Supporting immigrants • Managing poverty/health/crime Public Expectations • What do the public currently think happens? – Generally assume records are shared, and surprised that they are not – Do not realise that most GP Receptionists can see their records • What do we tell the public so that they know what to expect? • How do we need to change so that they have a reasonable chance of knowing? • Do they have a choice? What can/could/ should they choose? Managing consent • • • • How much informing? When/how to inform? How much consent? Opt-in vs. opt-out Children/Cognitively impaired/elderly/ seriously injured? • Consent to what? Direct care/planning/ clinical audit/ financial audit/ research? Effective Security • There is no 100% security – focus on weakest areas first • Involve users otherwise they will defeat the system (or worse not adopt it!) • Be proportionate • Monitor and improve rather than seeking illusion of 100% safety • Remember we are seeking to improve healthcare! Accessing real data • • • • • Research Ethics Committees Other bodies: SCAG & PIAG Data-sharing agreements Respecting restrictions Minimum data usage Implementation • • • • • Clear process for change (NPfIT not clear at present) Clear information for public on how data will be used Mechanism to support choice Design for flexibility Do not underestimate need for culture change – people need to recognise need for change and embrace it • Do not forget dynamics of change and need to align incentives to create context for change • Do not forget why we are doing this – to improve healthcare Managing Risk • You cannot eliminate all risk - you may plan to avoid certain risks, or take actions to minimise the impact of an event, or plan actions to recover quickly • This risk of not providing good healthcare is almost certain if we don’t seek to improve • All actors must be aware of risks and what should be done to minimise them CLEF Project • Clinical eScience Framework (CLEF) • Seeking to deliver ‘near anonymised’ medical data repository via GRID • S&C outputs: – Accepted policies, protocols, and procedures – Proof of ‘pseudonymised’ route to protect patients’ interests and preserve usefulness of data – Separating ‘wheat from chaff’ to improve data value and improve confidentiality – Establish mechanisms for monitoring queries for inferential attack Thank you Abstract Peter Singleton reviews the reasons for Integrated Care Records and how Security and Confidentiality issues affect the approach to, design of, and implementation of ICR systems. There are plenty of technical issues to be addressed, but a number of policy and cultural aspects also need to be addressed, so that any ICRS can be implemented effectively. Trade-offs have to be made between the benefits that ICRS can potentially bring and the requirements for 100% water-tight security & confidentiality. These issues are not insurmountable, but require clear direction from the centre and flexibility in the approach used in order to support a transition to better ways of working. Biography Peter Singleton is a Senior Associate at the Judge Institute of Management at the University of Cambridge, a Research Fellow at University College London, and a Director of Cambridge Health Informatics. He has specialised in electronic health record systems and, in particular, security and confidentiality issues, since attempting to deliver a prototype EHR system in 2000. He has written a number of papers on confidentiality issues. He is currently supporting the DoH and NHS Information Authority on Information Governance, working on the Clinical eScience Framework (CLEF) project on confidentiality issues, as well as leading the European ‘The Informed Patient’ initiative. He has an MA in Mathematics and an MBA from Cambridge