In 1997 Computer Weekly(1) reported, Sir Bobby Robson’s electronic health records were viewed illicitly by NHS staff, in Dec 2008 The Daily Record(2) reported on a doctor working for NHS Fife who had snooped on the medical records of BBC celebrities and Celtic and Rangers football players. In Nov 2009 eHealth Insider(3) reported more than 350 patients in Hull had their electronic medical records accessed inappropriately and now in 2010 Computer World UK(4) reports an NHS data quality manager has pleaded guilty to illegally accessing female patient records on 431 occasions and records relating to family, friends and colleagues on an additional 336 occasions.
The latest NHS privacy invasion incidents from a patient perspective are all the more alarming, in the fact that these privacy breaches are reported to have occurred over a number of months before being detected, a total of 8 months in the last case.
Technological Approaches Available
It is accepted that manual forensic auditing of the wide range of health system hosts of patient medical information, is complex. There are some that suggest without the aid of technology, forensic auditing of the level mandated by the Information Governance toolkit, requires a commitment of resources well beyond that which is available.
However, technology capable of reducing complexity, resource effort and cost required to accomplish audits across all electronic health record instances is now available.
The immediate short term deliverable is that organisations become not just “forensically ready”, but instead “forensically capable”. Employing a technological approach enables organisations to more easily demonstrate a reliable and proactive approach being taken in their management of private and sensitive electronic information (addressing IG toolkit requirement 8-206).
Return on Investment
The business benefits and return on investment achieved can be significant, with information governance / privacy issues pro-actively detected, providing the opportunity for resolution quickly before they become a major issue for the individual and the trust concerned.
As well as freeing up resources to focus on other requirements that are less easily addressed, one of the primary and most important information governance requirements has just become the easiest to achieve and administer.
It does not end there, additional benefits and return on investment is achieved through the substantial support provided towards increasing attainment levels of other information governance requirements, as well as lending support to development of the organisational understanding of staff use, and value of existing information assets.
With a more thorough understanding of the use of information assets, organisations can quickly address information governance risk issues and requirements to facilitate better use of systems supporting the development of these assets, with an objective of securing future cost savings and efficiency gains.
This last point is all the more significant in these financially difficult times given that the recent publication of the “Information on the Quality of Services – Final Report”, released to the government by the National Quality Board, which highlighted;
“40% of health budgeting areas, representing £20bn of annual expenditure, are without any nationally collected quality information”.
This is a vast amount of annual public expenditure, within which, there will be significant opportunities for savings and efficiency gains within every trust.
This is a good example of a technology solution that delivers substantial benefits and return on investment that should be high up on the top of the list of investments being considered by all trusts going forward.