When the government published its consultation on plans to bring about an Information Revolution in the NHS, one of the most common responses was that they could threaten patient confidentiality.
From the British Medical Association to the Medical Protection Society to the King’s Fund, the same theme emerged. The notion of sharing data was an inherent threat that should be dealt with right at the start.
Take this from Dr Stephanie Bown of the MPS. “Information can be used to support communication, improve knowledge and to promote shared decision making – but it is essential that an information revolution does not compromise patient confidentiality. Appropriate safeguards should be addressed at the outset.”
Bringing sharing and governance together
“Information sharing” implies systems integration to allow information to pass between different IT set-ups and applications and to be displayed to a wider range of users.
“Patient confidentiality” implies measures to ensure data security and good information governance; making sure that only approved users see the information. Increasingly, the two are coming to bear on each other.
Jon Payne, sales engineering manager at InterSystems, explains: “If you are moving information within a trust, all the users are known and understood and there is no leakage of information outside the trust.
“Data security and information governance are, by and large, well understood and well implemented. But as soon as you start moving information outside a single organisation then the requirements start ratcheting up and the issues become more complex to unravel.”
It is not just the Information Revolution – with its aspirations for the NHS to make much greater use of information collected in electronic patient record and for patients to control their own data – that is driving this complexity. The organisational changes now underway in the health service are adding their own layers.
Primary care trusts are already merging into clusters, and community units are merging with mental health trusts and acute units; which may also be under pressure to achieve foundation status.
In the slightly longer term, new demands for information sharing are likely to come from GP commissioning consortia, local authorities and private providers. So a new look at the data security and information governance around systems integration is needed.
Changing the culture
The consensus from the technology community is that the tools exist to answer data security demands; it is the information governance piece that will prove trickier. What’s required, they say, is a culture change around information sharing and IG.
Chris Smith from iSoft cites the N3 network as an example. It’s not universally loved and not without its problems, perhaps, but it is secure and increasingly accessible by other organisations such as social care (through the GCSX Interconnect project, which is now offering all local authorities the opportunity to use N3 to exchange information with the NHS spine and local NHS organisations).
“The issue is whether the healthcare network might expand more rapidly than the existing infrastructure will allow. It must remain fit for purpose and not an obstacle,” he says.
Payne adds encryption and SSL certificate authentication to the list. These are well used in systems integration already – for example both are used by InterSystems Ensemble Trust Integration Engine, which is used (among other things) to connect applications within a trust to CSC’s LSP data centre. The Interoperability Toolkit also relies on certificate authentication.
The complexity begins to arise with considerations of access to shared information, consent for sharing, auditing to make sure an organisation can track where information goes, who has seen it, for what purpose and whether they were entitled to view it. As Payne says: “Once information starts to flow, it quickly becomes like a cat’s cradle.”
Smith adds: “This governance piece is likely to be more challenging. It is essentially about trust. Do I understand what people are going to do with information and do I trust them to collect it in a timely manner and can I trace where it has been used and seen? A lot of that is about persuading people.”
Both argue that the Interoperability Toolkit’s operating guidance offers some useful thinking. Developed by NHS Connecting for Health and published alongside ITK standards in September 2010, it takes the generic Information Governance guidance and interprets this for NHS organisations implementing the ITK.
It includes a number of self-assessment checklists and ideas about where individual IG controls should be applied and under what circumstances. While very generic, the checklists are intended to make the deploying trust think about the risks and IG controls for their particular scenario.
Smith says that too often trusts consider risks rather than benefits. He likens it to health and safety – there are lots of people pointing out the “what ifs” and the dangers but fewer arguing the benefits for sharing information or evaluating the cost of not doing so.
He thinks this is changing and predicts that there will be a pragmatic response in which the governance will follow the lines of business benefit.
He explains: “The interesting thing about the ITK operating guidance is that it spells out what you need to start thinking about in terms of data security and information governance. It basically says that the further away from source the data moves, and particularly if it leaves your organisation, then the greater the potential clinical impact and the more things you need to consider.
“But while it sets out a really quite prescriptive model of how you could implement security and IG, it also says that if you are just sending out patient appointment reminders by SMS then you do not really need to think about high levels because it is not contentious and it is not being distributed widely.”
There are, broadly, two approaches to data sharing from different systems. In one, data is pulled into a warehouse and from there requested by users. In the other, clinical portal technology and record locator services request information from individual systems. The two have different IG implications.
John Gobron, general manager for Microsoft’s Health Solutions Group in the UK, where the company is marketing Amalga and HealthVault, says: “In a data warehouse you are able to provide governance rules that can be location based, situational based or individual based.
“Instead of having 100 different governance policies depending on the application, you can have one set of rules. We are making a lot of investments in that direction.”
Wayne Parslow, vice president of Carefx, meanwhile, considers the implications of the portal approach. He calls for a shift away from system-centric IG to an approach that is focused around the patient and their situation.
“For example, if a patient is unconscious in the A&E and a clinician needs to know whether they are allergic to a particular drug, they need a set of rules and appropriate audit that allow them to break the glass and access information they do not normally have,” he says.
“Information systems cannot be viewed as individual systems but as a cloud and IG needs to be extracted to the circumstances under which information is required.”
Paul Briault, head of public sector for RSA, the security division of EMC, calls for a more strategic overview. Yes, he says, trusts can buy a piece of kit that will solve an immediate security risk.
“But once the data is encrypted it is locked down, people tend to look at putting controls in place within certain datasets, but have not looked enterprise-wide. This is being to become more and more important. We need to think about this not as systems integration, but as service integration.”
The Department of Health is certainly alive to this debate – although has no plans to update guidance just yet. A spokesperson told EHI: “We have published good practice guidance and codes of practice that clearly set out the core principles of good information governance.
“We are meeting regularly with information governance staff across the NHS to ensure that changing working practices, new technologies and organisational reform are reflected in any new or tailored guidance that is produced.”