web conversions

Can the UK medical database become electronic and can the concerns of the public and medical professionals over security be overcome?

The UK Government have recently announced plans that will allow British citizens to be able to access their own health data from April 2015. The plans could mark the start of a revolution in how health data may be used, marking a move away from the current approachin which a patient’s medical records are solely kept by the agency providing the care. Currently patient information can only be shared via letter, email, fax or phone resulting in unnecessary delays in providing access to the data and also limiting the information exchange between different care providers. Instead “Summary Care Records” will offer electronic data that will summarise a patients important health records making access to essential information easy and efficient for all. Crucially this will help medical staff make speedy and informed decisions in serious situations regarding the patient and thus eliminating an element of risk in the decision process. A mental health patient for example who presents at A&E may easily be mis-diagnosed or incorrectly treated if the person’s state of mind is not correctly understood.

Benefits of the system

The opportunities created by this seismic shift in health data policy are enormous and range from providing new medical advice services online to health apps, prescription reminders, condition monitoring and dynamic appointment scheduling all of which combine to effectively create a new world of personalised medicine. The information that will be available covers everything from a patient’s National Health Service (NHS) number, date of birth, medical diagnoses, previous treatment, current prescribd medicines, family history, blood test results, genetic tests medical imagingand much more.

The new system will provide the patient with an improved level of independence and assist clinicians and medical professionals in dealing with general enquiries and tasks in a much more efficient manner. For example the ability for the user to order repeat prescriptions or access test results online will help to reduce the need for an appointment with a General Practitioner (GP) thus freeing up the GP’s valuable time. Giving an individual access to their medical data will also allow for any inaccuracies in the information to more easily be identified.

Moving medical information so that it is available online will allow people to access to essential data they may need when away from home or even overseas. Moreover there is the ability to link an individual’s health data to wearables technology for accurate real-time monitoring of such things as blood sugar or blood pressure which can be used to monitor when medication such as insulin is required.

This new approach to personal health data menagement will also allow for the potential of online consultancy. Currently GP’s are unable to consult online due to constraints over access to sensitive personal information but with the new electronic system this would allow for some level of online consultancy helping to streamline the consultation system as a whole. Research led by GPs shows that if 30 percent of patients were to use this system at least twice a year, a practice with 10,000 patients would save 4,680 doctor appointments and 7,950 telephone calls per year.

Finally, the benefits of sharing data more easily could assist in medical research, potentiallyleading to advances and breakthroughs in areas that previously proved difficult. It could prevent and control outbreaks of communicable diseases and viruses through early detection which is currently extremely difficult and more open access to clinical data will also assist in research into rare diseases.

The opportunities

Despite the clear benefits for this scheme there is already resistance from many medical professionals, such as GP’s, who believe that the potential for misuse of this data is a real threat to patient confidentiality. There are growing concerns that such sensitive information could be a “a honeypot for hackers” or even misused by companies who want to target their products or discriminate against certain groups of clients – such as insurance companies.

The biggest challenge may well rest in shifting culture and mindset amongst health professionals, who will be key to encouraging patients to take advantage of online services and open data. This will come from assurance that the system is extremely secure in the same way online banking is now very widely used despite initial concerns surrounding security. When online banking systems were first launched in 2011 within the first 6months losses due to fraud totalled £16.9 million, according to Financial Fraud Action UK. The difference however between online banking data and a person’s medical data is that money can be reimbursed easily by the bank with little long term damage however once health information is out there it’s impossible to get back. Once exposed the implications are huge for the individual such as damage to their reputation, impact on their health through stress or needing to tell their friends and family before they are ready.

A further challenge will be to persuade patients (particularly amongst older patients who may not be as technology literate as some younger patients) to embrace the change and utilise the benefits presented by the change. It will be important to educate patients and gain consumer buy-in and it is important to ensure that the system is user friendly.

Proposed solution

This system needs to be easy to use and secure at the same time, so I feel the best way to do this is to have a limited platform that uses successful element from online banking systems. Firstly to make sure the person is correctly identified the initial step should be to register in person at your GP surgery using photo ID and from here they will be given a personal medical card as well as a personal username, password, PIN and card reading device for the initial setup online. If the individual needs help with this system, whether they are disabled, elderly or even below the age where a guardian is required they will need to register this trusted person following the same process. The carer or family member will then get their own password, PIN, card and card easing device to allow for dual access.

An initial guide for basic online protection should be provided as many people using this system will not have used online banking nor may they have much online experience. This guide should outline basic principles such as protecting users login details and explaining the card device system.

The card and device system works much in the way the PINSentry or SecureKey devices. Once the user has logged on to the online system with their user name and password they will then be required to insert their personal medical card in to the reader and type in their allocated PIN, this will give the user a unique number which they can type in to the website and this will direct them to their secure site. This 2 factor authentication system creates a much more secure environment as it creates an extra layer of security against password theft. Furthermore, the system should also ask for the password to be updated every few months to further combat password theft.

I propose that the user interface should be extremely simple with only a few key areas that are easy to navigate through. I believe that the level of information that is accessible should be limited so that only the top level information can be read. The patient should also be able to schedule appointments, access test results and send questions or queries to their doctor or nurse. Despite the simplicity of the system the information is still sensitive so all data should be made read-only online so nothing can be edited in error or downloaded on to a computer which isn’t secure. The exception to this could be that patients should be able to edit basic personal information such as their address and contact details.

The initial proposed designs for the system include the ability for individual patients to converse with their doctors via email. Unfortunately I don’t believe this to be secure enough and as the information is so sensitive I disagree with this feature. I propose that instead offering an email system to contact a doctor they should be able to book a slot for an online chat by logging in to their secure database, making an appointment and then conversing online.

Finally, this system requires a form of intelligent fraud detection software that can identify the user’s regular operating patterns and if it detects deviations from this it can flag these to a central database. From there a notification can be made to the GP’s office and this can be followed up with the patient. If the steps proposed above are implemented then this will allow medical professionals and the general public to access their personal medical information freely, easily and most importantly when it is required urgently.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s