Welcome! It's on Thursday 23rd November 2017

The digitisation of patient data: tightening up security

So far this week, we’ve talked about the importance of sharing patient data, and its pros and cons. Join us today as we’ll be discussing privacy and security risks

Posted: 21 January 2016

If you missed yesterday’s episode of our weekly feature about the pros and cons of data digitisation and sharing, click here or continue reading below.

Despite the controls already in place, it would be wrong to think the data security measures in primary care are as tight as they can be – something that Hunt acknowledged when he said: “The NHS has not yet won the public’s trust in an area that is vital for the future of patient care. Nothing matters more to us than our health, and people rightly say we must be able to assure the security of confidential medical information.”

For O’Hanlon the biggest security risk “is around people”. He says: “It is really important that all of us in the health service understand our responsibilities for data security – whether that is logging out of clinical systems when popping for a coffee, avoiding sending emails containing patient data, mentioning personal details over a reception desk or printing visit details and leaving them behind in the patient’s home.”

Practice manager Campbell says medical records should always be “written or entered at the time a consultation or encounter takes place” with “a software embargo on writing up notes after the event”. He also believes information about a patient’s health and healthcare should only be known “to those who are directly providing treatment and care” and that “in no way should anonymised data be able to be pinpointed to a patient. It should be encrypted and should be capable of reversing the encryption”. Looking further afield, he says that if access is requested to a record to support an insurance claim or a medical negligence claim it “should be restricted to the incident and time constrained”.

Further investment in hardware and software should be planned, according to optometrist Hampson, who says: “All patient data should only be communicated via secure mechanisms such as NHS mail or via system to system communications using secure networks such as N3 (or its replacement). For this to happen there must be an investment in such connectivity to ensure all of primary care has access to these connections.”

Palmer suggests The Information Governance (IG) Toolkit as “a yearly reminder for organisations to review their information governance”, and more training is also on O’Hanlon’s wishlist. He says: “We must ensure that regular, proper training is given and that IG is embedded in all discussions and decisions – not seen as an awkward barrier that gets in the way later on.”

Join us tomorrow for the last instalment of our weekly feature about the digitisation of patient data