An NHS trust has adjusted policy in order to allow physicians to more efficiently utilize electronic health record systems by 'sharing smartcards'. This is the reality of a natural tension that exists between the need to deliver care efficiently and the need to protect data and make individuals accountable for their access to systems.
"An NHS trust board has approved the sharing of smartcards, in breach of security policy under the £12.4bn NHS National Programme for IT (NPfIT), because slow log-in times would restrict the time of doctors treating emergency patients.
Paul Cundy, spokesman for the British Medical Association's GP IT subcommittee, said the actions of the trust "drive a coach and horses through the so-called privacy in the new systems". He said, "This is precisely what we have long predicted and shows that security systems, although highly specified on paper, need to be tested against live environments before they can be said to be secure." But Duncan Robinson, director of IT at the trust, said it had decided specifically in Accident and Emergency to slightly depart from what he called security "guidelines" to allow the sharing of smartcards on certain PCs. He said the trust was concerned that logging on could take up to 90 seconds. Without smartcard sharing, if doctors using a secure PC are called away when accessing a file, they may have to log off and on again when they return to it."
Link: NHS security dilemma as smartcards shared - 30/Jan/2007 - ComputerWeekly.com.
Is it possible to have the best of both worlds or do we need to accept a reduced level of security - e.g. shared IDs in a controlled environment, in order to make sure that the systems can operated in a clinical setting?
To add your thoughts or comments, click on the 'Comments' link below.
Alan wrote:
'Is it possible to have the best of both worlds or do we need to accept a reduced level of security - e.g. shared IDs in a controlled environment, in order to make sure that the systems can operated in a clinical setting?'
Hi Alan, I think this is probably the wrong question. Should the question not be 'How do we ensure that the introduction of information technology does not erode the confidentiality of the relationship we have with our patient, of the trust in that relationship'.
The benefits of anything that is allowed to erode confidentiality (the cornerstone of medical practice) should have to be proven by very stringent tests before we let it out in the wild.
Anything else risks changing the practice of medicine (for the worse).
Pharmanet is an example. I have written before of the person I know of who seeks their meds outside of BC because of the problem of the village pharmacist finding out when s/he gets a prescription for anything else in the future. Health care should not be compromised in this way.
Posted by: Jel Coward | January 31, 2007 at 05:57 PM