Monday, 27 September 2010

Technology to end “NHS Privacy Invasion” headlines

In 1997 Computer Weekly(1) reported, Sir Bobby Robson's electronic health records were viewed illicitly by NHS staff, in Dec 2008 The Daily Record(2) reported on a doctor working for NHS Fife who had snooped on the medical records of BBC celebrities and Celtic and Rangers football players. In Nov 2009 eHealth Insider(3) reported more than 350 patients in Hull had their electronic medical records accessed inappropriately and now in 2010 Computer World UK(4) reports an NHS data quality manager has pleaded guilty to illegally accessing female patient records on 431 occasions and records relating to family, friends and colleagues on an additional 336 occasions.

The latest incidents from a patient perspective are all the more alarming, in the fact that these privacy breaches are reported to have occurred over a number of months before being detected, a total of 8 months in the last case.

It is accepted that manual forensic auditing of the wide range of health system hosts of patient medical information, is complex. There are some that suggest without the aid of technology, forensic auditing of the level mandated by the Information Governance toolkit, requires a commitment of resources well beyond that which is available.

However, technology capable of reducing complexity, resource effort and cost required to accomplish audits across all electronic health record instances is now available with Imprivata PrivacyAlert!

The immediate short term deliverable is that organisations become not just “forensically ready”, but instead “forensically capable”. The solution once deployed, can be rapidly utilised to easily demonstrate a reliable and proactive approach being taken by NHS trusts in their management of private and sensitive electronic information (addressing IG toolkit requirement 8-206).

The business benefits and return on investment achieved is significant, with information governance / privacy issues proactively detected, providing the opportunity for resolution quickly before they become a major issue for the individual and the trust concerned.

As well as freeing up resources to focus on other requirements that are less easily addressed, one of the primary and most important information governance requirements has just become the easiest to achieve and administer.

It does not end there, additional benefits and return on investment is achieved through the substantial support provided towards increasing attainment levels of other information governance requirements, as well as lending support to development of the organisational understanding of staff use, and value of existing information assets.

With a more thorough understanding of the use of information assets, organisations can quickly address information governance risk issues and requirements to facilitate better use of systems supporting the development of these assets, with an objective of securing future cost savings and efficiency gains.

This last point is all the more significant in these financially difficult times given that the recent publication of the “Information on the Quality of Services - Final Report”, released to the government by the National Quality Board, which highlighted;

“40% of health budgeting areas, representing £20bn of annual expenditure, are without any nationally collected quality information”.

This is a vast amount of annual public expenditure, within which, there will be significant opportunities for savings and efficiency gains within every trust.

This is a good example of a technology solution that delivers substantial benefits and return on investment that should be high up on the top of the list of investments being considered by all trusts going forward.

The above is an extract from an eCulture Solutions whitepaper, that explores a great many aspects of information governance and business requirements that would benefit from adoption of this technology. The paper is available from the following link:

http://www.eculturesolutions.com/resources.html

References

(1) http://www.computerweekly.com/blogs/tony_collins/2007/09/bobby-robsons-medical-records-1.html

(2) http://www.dailyrecord.co.uk/news/scottish-news/2008/12/04/probe-after-doctor-snoops-on-medical-records-of-bbc-and-old-firm-stars-86908-20944310/

(3) http://www.ehiprimarycare.com/News/5389/hundreds_of_records_breached_in_hull

(4) http://www.computerworlduk.com/news/security/3240512/nhs-it-manager-guilty-of-snooping-on-patient-records/

Thursday, 16 September 2010

We should be thanking social networking providers?

Staff and organisation culture has often been identified to be an inhibiting factor of efforts to develop Information Governance capability.

Some suggest cultural issues stem from the fact that the majority of the workforce has had to adapt and learn to use computers and information systems, largely on evolved basis of trial and error?

Training historically has focused on addressing the “hands on” use of the technology only, it is only recently that a greater focus has given to developing a greater social understanding of the implications i.e. governance and privacy concerns.

Looking ahead the new social networking generation of school leavers coming into the workplace, is likely to have a profound and positive effect on culture, in regard to staff being more acutely aware of the social implications of technology, and thus the value of supporting development of information governance capability.

Equally this same generation of new service users, will likely challenge organisations like no other before it, to demonstrate that their data and privacy is being managed properly. We should expect an increase in Data Protection Act “subject access requests”, as this generation matures into concerning adults!

For this we have to thank those that have supported making investment to secure mainstream use of technology in our education system, leading to the subsequent production of this computer literate element of society.

But I think we should reserve our greatest thanks for the social networking sites that have arguably made the greatest contribution towards the development of concerns and awareness of privacy issues, taking this generation beyond computer literate, to perhaps becoming technology savvy.

However, should we not also be concerned that development of societies awareness and appreciation of information governance and privacy still appears to be on a trial and error basis?