eHealth Governance, Security and Privacy a UK Perspective


Published on

Dr Rod Muir
Consultant in Public Health
Information Services
NHS National Services Scotland

Published in: Business, Health & Medicine
1 Comment
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Good morning
  • eHealth Governance, Security and Privacy a UK Perspective

    1. 1. eHealth Governance, Security and Privacy a UK Perspective <ul><li>Dr Rod Muir </li></ul><ul><li>Consultant in Public Health </li></ul><ul><li>Information Services </li></ul><ul><li>NHS National Services Scotland </li></ul>HINZ Rotorua 31 st October 2007
    2. 7. What I intend to cover <ul><li>NHSScotland </li></ul><ul><li>NHSScotland ‘eHealth Strategy’: progress </li></ul><ul><li>Primary and Secondary uses of health information </li></ul><ul><li>Governance </li></ul><ul><ul><li>Information Governance: 2002-2007 </li></ul></ul><ul><ul><li>What we plan to tackle in the next five years </li></ul></ul>
    3. 8. My areas of interest <ul><li>Secondary Uses of health information </li></ul><ul><li>Ethical; legal; practical; and social issues arising from health IT </li></ul>
    4. 9. Information Services: the organisation <ul><li>Part of NHS in Scotland </li></ul><ul><li>National health information </li></ul><ul><ul><li>National datasets: collection; analysis; exploitation </li></ul></ul><ul><ul><li>Information support for </li></ul></ul><ul><ul><ul><li>policy; management; clinicians </li></ul></ul></ul><ul><ul><ul><li>operational management, audit and research </li></ul></ul></ul><ul><ul><li>Information systems; eHealth procurement and commissioning; coding, data definitions; terms etc </li></ul></ul><ul><ul><li>Information governance </li></ul></ul>
    5. 10. NHS Scotland: demography <ul><li>Pop 5.1 million. </li></ul><ul><li>14 Health Boards. </li></ul><ul><li>Ageing population. </li></ul><ul><li>Inward migration.. </li></ul><ul><li>Health and Community Care Budget £10b. </li></ul><ul><li>33% of Scottish Government total. </li></ul>
    6. 11. NHS Scotland: politics <ul><li>Dismantling health market </li></ul><ul><li>Focus on life circumstances and prevention </li></ul><ul><li>Local community based services </li></ul><ul><li>Move away from acute sector </li></ul><ul><li>Scottish devolution </li></ul><ul><li>New Scottish Nationalist Party -led administration </li></ul><ul><li>UK health policies and models are diverging </li></ul>
    7. 12. NHS Scotland: IT <ul><li>All GP’s computerised and connected to web and NHS net </li></ul><ul><li>Community pharmacists and dentists now being connected </li></ul><ul><li>Electronic prescribing being rolled out nationally </li></ul><ul><li>40% referrals electronic </li></ul><ul><li>Most test ordering and results now electronic </li></ul><ul><li>Well established Secondary Uses service </li></ul><ul><li>Wide range of IT developments at various stages </li></ul>
    8. 13. NHSScotland national datasets <ul><li>National datasets: in patient; outpatient; day case </li></ul><ul><li>Primary care data (6% representative sample) </li></ul><ul><li>Comprehensive prescribing data warehouse </li></ul><ul><li>Clinical audits [renal; hip fracture; CHD/ stroke; trauma etc] [linked] </li></ul><ul><li>General Register Office – vital events; census; </li></ul><ul><li>Progressively linked [NHS data warehouse] </li></ul>
    9. 14. Primary and secondary uses <ul><li>Primary uses </li></ul><ul><ul><li>Joined up care for individuals </li></ul></ul><ul><li>Secondary uses </li></ul><ul><ul><li>All the rest </li></ul></ul>
    10. 15. Etc etc Epidemiology Surveillance Secondary Uses Screening Planning Research Targets Monitoring performance /progress
    11. 16. % patients treated surgically but documented as unfit for theatre within 24 safe operating hours Fig. 2: Percentage of patients treated surgically but documented as unfit for theatre within 24 safe operating hours of ward admission Percentage of patients treated surgically but documented as unfit for theatre within 24 safe operating hours of ward admission Scottish Hip Fracture Audit Report 2007
    12. 17. NHSScotland eHealth strategy <ul><li>National Approach </li></ul><ul><li>Convergence </li></ul><ul><li>Build, fill gaps </li></ul><ul><li>National Procurements </li></ul><ul><li>Co-operation, working together </li></ul><ul><li>Robust information governance </li></ul>Key principles
    13. 18. NHS Scotland ‘eHealth’ strategy <ul><li>Currently over 60 national software applications </li></ul><ul><li>Gaps identified: notably </li></ul><ul><ul><li>Primary Care </li></ul></ul><ul><ul><li>PAS </li></ul></ul><ul><ul><li>Hospital Medicines Administration </li></ul></ul><ul><ul><li>Decision support </li></ul></ul>
    14. 19. Big potential procurements <ul><li>IPACC </li></ul><ul><ul><li>Breadth – community and primary care </li></ul></ul><ul><ul><li>OBC completed in June </li></ul></ul><ul><ul><li>Replace current GP system (GPASS) </li></ul></ul><ul><ul><li>Specification complete January 2008 </li></ul></ul><ul><li>PMS ( PAS replacement) </li></ul><ul><ul><li>Breadth – PAS plus clinical systems </li></ul></ul><ul><ul><li>OBC completed in June </li></ul></ul><ul><ul><li>Specification work complete January 2008 </li></ul></ul>
    15. 20. Other Areas Under Development or Proposed <ul><li>Community Dental Services PAS </li></ul><ul><li>Theatres </li></ul><ul><li>Sexual Health (NASH) </li></ul><ul><li>Cervical Cytology Call/ Recall (SCCRS) </li></ul><ul><li>Child health </li></ul><ul><li>Chemotherapy </li></ul>
    16. 21. Other Areas Under Development or Proposed (2) <ul><li>PACS/ RIS </li></ul><ul><li>Scottish Care Information (SCI) Programme </li></ul><ul><li>Emergency Care Summary (ECS) </li></ul><ul><li>Community Health Index (CHI) </li></ul><ul><li>User Authentication/ ID management/ Electronic HR System (EHRS)/Access Control </li></ul><ul><li>ePharmacy </li></ul>
    17. 22. Other Major Developments <ul><li>Emergency Care Summary (ECS) </li></ul><ul><li>Scottish Health Information Service </li></ul><ul><li>User Authentication/ ID management/ Electronic HR System (EHRS)/Access Control </li></ul><ul><li>ePharmacy </li></ul><ul><li>Hospital Electronic Prescribing Management </li></ul>
    18. 23. Emergency Care Summary (ECS) <ul><li>Equivalent of Summary Care Record(SCR) in England </li></ul><ul><li>Rolled out in short period in Scotland </li></ul><ul><li>Only a handful of GPs resisted </li></ul><ul><li>BMA didn’t appear to notice </li></ul><ul><li>Up and running; well used and well received </li></ul><ul><li>BMA want a halt on SCR roll out in England pending an evaluation </li></ul>
    19. 24. Scottish Health Information Service (SHIS) <ul><li>Secondary Uses Service </li></ul>
    20. 25. NHSScotland Data Warehouse QOF ( GP ) DENTAL A&E ( EDIS ) Prescribing ( ACUTE ) SCI Referrals Workforce ( SWISS ) Blood Transfusion Waiting Times SPARRA ( predictive) Others ……… . Common Dimensions – Business Objects GRO ( DEATHS ) SMR 01 ( ACUTE ) SMR 04 ( MENTAL Health) Prescribing ( Primary care) SMR 06 ( CANCER) National Health Targets Benchmarking/ Clinical Governance Navigator
    21. 26. eHealth Programme Executive Team eHealth Programme Director Strategy Design Authority Programmes Change and Benefits
    22. 27. eHealth Programme Executive Team Director eHealth User Skills Development Change and Benefits Communications Service Redesign Benefits Identification & Delivery Strategy Definition of Project Brief Market Intelligence & Evaluation Strategy Maintenance and Delivery Technical Standards & Architecture Design Authority Applications Standards & Architecture Confidentiality & Governance Security & Authentication Programmes Programme Management National Projects Staff Skills , Project Commissioning
    23. 28. Information Governance <ul><li>Low trust environment </li></ul><ul><li>Climate of suspicion </li></ul><ul><li>‘ Surveillance society’ </li></ul><ul><li>Accountability; transparency; performance management </li></ul><ul><li>Personal autonomy above all </li></ul>
    24. 29. Legal Framework <ul><li>Common Law </li></ul><ul><li>Data Protection Act 1998 </li></ul><ul><li>Freedom of Information (Scotland) Act 2002 </li></ul><ul><li>Adults with Incapacity Act </li></ul><ul><li>etc etc etc… </li></ul><ul><li> loads of professional guidance; Codes of Conduct; Information Sharing protocols… </li></ul>
    25. 30. <ul><li>National awareness campaign </li></ul><ul><li>Independent body to advise on privacy and the public interest </li></ul><ul><li>Central ‘anonymisation service’/ for secondary uses </li></ul><ul><li>Targets for Privacy/ Confidentiality Issues </li></ul><ul><li>No change in the law (for now) </li></ul>Confidentiality and Security Advisory Group for Scotland (CSAGS) April 2002
    26. 31. Current Privacy Safeguards <ul><li>Notification with Information Commissioner </li></ul><ul><li>Data Protection Officers/ Information Governance leads </li></ul><ul><li>Patient Privacy Guardians; </li></ul><ul><li>IT security officers </li></ul><ul><li>Staff training/ contracts </li></ul>
    27. 32. Current Privacy safeguards (2) <ul><li>Privacy Advisory Committee </li></ul><ul><li>MREC/ LREC </li></ul><ul><li>Advisory Groups </li></ul><ul><ul><li>Community Health Index (NHS Number) </li></ul></ul><ul><ul><li>National Health Service Central Register Governance Board </li></ul></ul><ul><li>Privacy Impact Assessment </li></ul>
    28. 33. Information Governance Framework <ul><li>SCOPE </li></ul><ul><li>Data protection </li></ul><ul><li>Patient confidentiality </li></ul><ul><li>IT security </li></ul><ul><li>Freedom of Information </li></ul><ul><li>Records management </li></ul><ul><li>Data quality </li></ul>
    29. 34. Information Governance Framework <ul><li>National networks </li></ul><ul><li>National standards </li></ul><ul><li>Self reporting/ toolkit </li></ul><ul><li>National ‘inspection’ </li></ul><ul><li>eLibrary portal on Information Governance </li></ul><ul><li>Education modules and bursaries </li></ul><ul><ul><li>Masters; Diploma; Certificate level </li></ul></ul><ul><ul><li>www. elib . scot . nhs . uk / </li></ul></ul>
    30. 35. But…problems remain <ul><li>Public/ patient awareness/ public debate </li></ul><ul><li>Definition/ meaning of personal data/ anonymisation </li></ul><ul><li>Informed consent </li></ul><ul><li>Consent ‘model’ - opt-out/ opt in </li></ul><ul><li>Authentication/ staff ID/ access controls </li></ul><ul><li>Ownership/ leadership/ difficult policy decisions </li></ul>
    31. 36. <ul><li>Get consent </li></ul><ul><li>Anonymise </li></ul><ul><li>Establish a “public interest mandate” for processing personal health data </li></ul><ul><li>Change the law </li></ul>
    32. 37. The solutions: effecting change in the next five years <ul><li>Engagement </li></ul><ul><li>Education </li></ul><ul><li>Engineering </li></ul><ul><li>Enforcement </li></ul>
    33. 38. Engagement <ul><li>Public debate </li></ul><ul><li>Demonstrate benefits </li></ul><ul><li>Balance: autonomy v societal benefit </li></ul><ul><li>Leadership </li></ul><ul><li>Public Interest Mandate </li></ul><ul><li>Involve Information Commissioner </li></ul><ul><li>Privacy Impact Assessment </li></ul><ul><li>Involve the research community </li></ul>
    34. 39. Education <ul><li>Care givers </li></ul><ul><li>Culture change </li></ul><ul><li>Core skills </li></ul><ul><li>Research </li></ul>
    35. 40. Engineering <ul><li>‘ Need to know’ access </li></ul><ul><li>Authentication </li></ul><ul><li>Audit trails </li></ul>
    36. 41. Enforcement <ul><li>Clear rules </li></ul><ul><li>Clear guidance </li></ul><ul><li>Change the law? </li></ul><ul><li>Effective penalties </li></ul><ul><li>Visible policing </li></ul>
    37. 42. Engagement: taking the patients with us <ul><li>Patient safety </li></ul><ul><ul><li>Scottish Patient Safety Alliance </li></ul></ul>
    38. 43. Engagement: taking the patients with us <ul><li>Patient safety </li></ul><ul><ul><li>Scottish Patient safety Alliance </li></ul></ul><ul><li>Joined up care </li></ul><ul><ul><li>Most illness is now chronic.. </li></ul></ul><ul><ul><li>..multiple providers </li></ul></ul><ul><ul><li>..complex pathways of care </li></ul></ul>
    39. 44. Engagement: taking the patients with us <ul><li>Patient safety </li></ul><ul><ul><li>Scottish Patient Safety Alliance </li></ul></ul><ul><li>Joined up care </li></ul><ul><ul><li>Most illness is now long term.. </li></ul></ul><ul><li>Better outcomes </li></ul><ul><ul><li>Measuring and improving quality </li></ul></ul><ul><ul><li>Better information for patients </li></ul></ul>
    40. 45. Engagement: taking the patients with us <ul><li>Patient safety </li></ul><ul><li>Joined up care </li></ul><ul><li>Better outcomes </li></ul><ul><li>Effective Public Health Programmes </li></ul>
    41. 46. In summary <ul><li>Information governance – can’t ignore it – but so far getting much less attention than it needs </li></ul><ul><li>IT developments are posing ethical, legal and social dilemmas </li></ul><ul><li>Lot of progress in last five years.. </li></ul><ul><li>..but still playing catch up </li></ul><ul><li>We understand the problems – time for solutions </li></ul>
    42. 47. Who needs electronic health records?
    43. 48. Thanks for listening.. We all do