NHS trusts and boards continue to hold many millions of paper patient records, which are expensive to store and retrieve. Many have set up digitisation projects to save money and to boost working with other organisations; in 2013 the health secretary, Jeremy Hunt, called for the English NHS to go paperless by April 2018. Although this target is unlikely to be met, many health service organisations across the UK store new records digitally and a few have digitised their paper backlog as well.
But this has led to concerns about the security of digitised records. The NHS has particular difficulties in protecting personal information, according to the Information Commissioner’s Office (ICO), partly due to the quantity of sensitive data it holds and partly down to the size and complexity of some of its constituent organisations.
In February, the ICO gained the power it had requested to impose compulsory audits on health service providers. “All of the trusts approached have agreed to an audit with the ICO. As a result we have not had to issue a formal request for a compulsory audit,” says Kai Winterbottom, the organisation’s group manager for good practice.
However, several NHS organisations have been criticised by the ICO following voluntary audits – and these show that paper records present their own security problems. “The greater volume of individual cases reported to our enforcement team clearly identifies the loss or theft of paperwork as the main category of personal data breaches,” says Winterbottom.
Recent cases have included NHS Grampian staff abandoning paperwork in public areas of its hospital and a local supermarket, and a folder of highly sensitive data from North Tees and Hartlepool NHS foundation trust turning up at a bus stop. There have been several cases of information being posted by NHS organisations to wrong addresses.
Winterbottom adds that there are fewer cases involving digital record security, but that a single breach can affect a lot of people. The ICO recommends the use of privacy impact assessments as part of the planning for new systems as a way to spot any information security issues before they arise.
Cardiff and Vale university health board uses Civica’s Paris electronic patient record system for services including those provided in people’s homes – a particularly tricky place to ensure data is secure. However, the digital records replaced paper ones that were left with patients. “They might treat it very well, but they might not. We weren’t in complete control of the record,” says the board’s mental health and community services programme manager, Mark Cahalane. It also meant that staff had little or no information on a patient before visiting, potentially compromising their personal security.
Now, staff access records before and during visits using netbooks, a cheap type of laptop computer. “We get our provider to downspec them, saving some cost by doing so,” says Cahalane. “We specifically make the devices as ugly as possible.” The idea is to give the netbooks – which are unpopular compared with tablet computers – little or no resale value, making them unattractive to steal.
They also have the equivalent of a “no tools left in this vehicle overnight” sign, Cahalane says, with a notice saying they are useless except for health board staff. This is not an exaggeration: the only thing the netbooks can do is connect to Cardiff and Vale’s systems through a secure mobile link, requiring a username, a password, a standard PIN and a temporary one from a key-fob number generator. If someone had to leave a patient for safety reasons with no time to take the netbook, a call to a service desk would cut off access remotely, although this has not yet happened. Also, any device left unused for 15 minutes is automatically disconnected.
No patient data is held on the netbook’s hard drive and it cannot be saved to memory sticks. Instead, everything is accessed remotely over the secure mobile link: patient records, staff email, Microsoft Office, internet and intranet access and CEquip, the system used to order equipment such as beds and commodes, meaning staff can choose items in consultation with patients.
“You know how safe you are, and secondarily you know what you’re going there to do. You present yourself as a far more professional service,” Cahalane says. Furthermore, by removing the need to return to an office to write reports and make orders, the board reckons community nurses make one more visit every day, a 16% efficiency gain.
NHS organisations are responsible for the security of patient data, but will normally rely on suppliers to ensure this. Andy Ostler, head of Brother’s Omnijoin business unit, says this can be made easier by choosing from the government’s G-Cloud directory, as a listing requires checks on product security, and looking for compliance with the international security standard ISO27001.
The NHS will increasingly have to secure patient data on hardware it does not manage – in particular, devices owned by patients themselves. Omnijoin is working on a project in which a group of GPs will allow patients to use their mobile devices to access records, book consultations and in some cases hold consultations over a secure video link. “You need to ensure high levels of encryption,” says Ostler, and carry out extensive tests to ensure the service works on different types of network, such as 3G and 4G, as well as on different devices.
Content on this page is paid for and produced to a brief agreed with Brother, sponsor of the Healthcare Professionals Network practice hub
