An NHS trust has adjusted policy in order to allow physicians to more efficiently utilize electronic health record systems by 'sharing smartcards'. This is the reality of a natural tension that exists between the need to deliver care efficiently and the need to protect data and make individuals accountable for their access to systems.
"An NHS trust board has approved the sharing of smartcards, in breach of security policy under the £12.4bn NHS National Programme for IT (NPfIT), because slow log-in times would restrict the time of doctors treating emergency patients.
Paul Cundy, spokesman for the British Medical Association's GP IT subcommittee, said the actions of the trust "drive a coach and horses through the so-called privacy in the new systems". He said, "This is precisely what we have long predicted and shows that security systems, although highly specified on paper, need to be tested against live environments before they can be said to be secure." But Duncan Robinson, director of IT at the trust, said it had decided specifically in Accident and Emergency to slightly depart from what he called security "guidelines" to allow the sharing of smartcards on certain PCs. He said the trust was concerned that logging on could take up to 90 seconds. Without smartcard sharing, if doctors using a secure PC are called away when accessing a file, they may have to log off and on again when they return to it."
Is it possible to have the best of both worlds or do we need to accept a reduced level of security - e.g. shared IDs in a controlled environment, in order to make sure that the systems can operated in a clinical setting?
To add your thoughts or comments, click on the 'Comments' link below.