Smart Healthcare: Security | SmartHealthcare.com

Government wants to 'improve' SCR opt-out

Tue, 27 Jul 2010 10:41:52 GMT

Health minister Simon Burns has said a review of England's electronic health records (EHRs) must lead to patients and doctors feeling 'ownership'

Burns said Scotland's experience of EHRs, with a system for use in emergencies covering almost the entire population, shows that they are worth introducing in England.

"However, effective use of the SCR depends on patients and doctors feeling an ownership of the records," the minister added in a parliamentary written answer on 26 July 2010.

"We believe the current processes that are in place need to be reviewed to ensure that both the information that patients receive, and the process by which they opt-out, are as clear and simple as possible. In addition, should patients choose to opt-out they must be able to do so as early in the process as is feasible," he said.

"We intend to review the content of the record and consider whether we can improve the process whereby patients can opt-out."

Burns confirmed that strategic health authorities have been told not to send out more information letters concerning SCRs until the review has been completed.

The statement came as Dr Paul Cundy, a GP and former chair of the British Medical Association's GP IT committee, recommended that his peers add a code to all patient records stopping them from being turned into SCRs, unless patients have clearly said they want to take part.

"For any patient who's not explicitly told them that they want to have a SCR, GPs should enter a 93C3 Read code into their notes," he said. "This will stop any uploads to the SCR and will enable the system to run on an explicit opt-in basis, which is what everyone has been demanding."

Dr Cundy said he will be adding the codes to his patients' records by the end of the month, without informing them that he is doing this. He said that the critical report on SCRs led by Professor Trisha Greenhalgh justified this, as it showed that SCRs are "positively unsafe".

"Hopefully we can now start constructive discussions as to how to rebuild the English SCR along the lines of the much more successful systems in Scotland and Wales," he added.

NHS reforms could unravel SCRs

Sade Laja — Mon, 19 Jul 2010 09:54:20 GMT

The government's white paper could lead to scrapping the current central patient database, but electronic health records are very much part of the coalition's plans

The paper, Equity and Excellence: Liberating the NHS, states that patients should have more control over electronic health records and be able to determine who else can access them, but the Department of Health has not yet outlined specific plans for a new system.

Health minister Simon Burns announced in June that summary care records (SCRs) were under review amidst concerns about data security. He outlined plans to move to "a focus of ownership of information". However, the white paper strongly advocates the sharing of patient information with third parties, which would include private sector companies.

"The patient will determine who else can access their records and will easily be able to see changes when they are made to their records. We will consult on arrangements, including appropriate confidentiality safeguards, later this year," says the paper.

Both coalition parties' vocal dislike of SCRs, which were developed under the National Programme for IT (NPfIT), point to the current system being replaced. The potential scrapping of the database means that the government would have to replace it with a stronger model with enhanced security measures. Victor Almeida, healthcare analyst at Kable, believes this could create opportunities for firms providing data and authentication, as well as those providing cloud computing services, as clinicians will want cheaper and simpler ways of handling patient data.

The abolition of primary care trusts (PCTs) and strategic health authorities as part of the reforms is also set to have a notable impact on the care records service (CRS), due to the increased controls that GPs will have. "About half of the CRS contracts are held by PCTs," points out Almeida. "It is likely that the majority of GP consortia will probably go for an alternative and more innovative solution from a supplier of their choice, although they will have the choice to keep their existing systems." He envisages that the care records service will move to a local level and trusts will decide which electronic health record applications they really need.

The government's openness to private sector involvement could also see the creation of a competitive environment involving companies that want to host patient information online. Prime minister David Cameron, while in opposition, praised the concept of personal health records including Microsoft HealthVault and Google Health as an alternative to central NHS databases.

When originally unveiled by the Tories in 2009, the idea triggered warnings from MPs that hackers would be able to access the personal details of patients – the same security criticisms that have dogged the current central database. The white paper revealed that a newly created NHS Commissioning Board will take responsibility for data security.

With health secretary Andrew Lansley calling for extensive data sharing alongside a need to cut bureaucracy and administrative costs, there are also some budget problems the government may face.

"GPs may also require data dissemination and data analysis support services, as they are not accustomed to the various requirements and funding and procurement," Almeida points out.

Critics of Lansley's plans have said that GPs may need to spend substantial amounts for adequate administrative support, which would include patient data and information services. But the government has said that although it wants to give patients more information and control over data, it wants to spend less doing it.

Despite the coalition's opposition to the current electronic database, shortly after the election the government announced that trusts and GPs would still continue to add names to the SCR system.

The British Medical Association (BMA) has consistently opposed SCRs and has said that the electronic records of many people have been uploaded without patients' knowledge.

A spokesperson for the association told SmartHealthcare.com that it would like the government to halt summary care records and put in place a model that places more weight on patient consent.

"In an ideal world, there would be a consent model in place that enables explicit consent, rather than indicating an opt out," the spokesperson said, adding that England has been too ambitious with electronic records and should look at the Scottish emergency care summary system, which only holds basic patient information.

A recent report by University College London found that 85% of people it surveyed had thrown away summary care record opt out letters due to the complicated nature of the forms.

With the government set to make an announcement within weeks about changes to NPfIT, GPs and NHS staff do not have much longer to wait to see how the coalition plans to tackle electronic health records.

Sade Laja

Patient from Hell: The roller-coaster ride of an exhibitionist

Dick Vinegar — Wed, 07 Jul 2010 08:00:00 GMT

The Patient from Hell goes from despair to hope at last month's Smart Healthcare Live conference and exhibition

As you know, I suspect all the time that NHS computer systems are not designed for patients, but for hospital administrators, cabinet ministers, DoH bureaucrats, hospital IT departments, pathology labs, consultants and GPs. Not for me, the geriatric patient.

So, I went to Smart Healthcare Live to see whether the speakers and the exhibitors were at all interested in my welfare, or just pushing their own agendas. I asked a lot of questions and got replies: some disquieting and a few encouraging.

It was a roller-coaster ride. I became elated and then downcast within half an hour, and then uplifted again. Let's deal with the downer bits first.

I have hoped for the last 15 years that telehealth and telecare are just around the corner, because I don't want to get MRSA in hospitals or swine flu in my GP's surgery. I want to be monitored for all my ailments in my own home. To me, this a no-brainer. The NHS must roll this out, now.

But no. The London borough of Newham, which has been taking part of a mass pilot for telecare, clearly felt that the business case had not been made. This is despite reporting several cases where telecare had stopped unnecessary admissions to hospital.

I asked a question, complaining that I had come across telecare pilots for about 15 years – mostly in northern snowbound countries where, if you don't have telecare in the winter, you die – but I wanted a roll-out, not just a pilot. The speaker said that pilots would continue, because the technology and cost of sensors and communications were forever changing. I found his attitude depressing. I need a roll-out now.

And there were no stands in the exhibition offering telecare solutions. It is probably a sensible decision by those companies that could supply kit, because they realise that there is no will in the NHS or among doctors to create a telecare world. Clearly, as an octogenarian, I will not see telecare helping me in my lifetime.

Attentive readers of this column will have read about the distress encountered by my contemporaries, waiting every morning by their front door for the life-or-death snail-mail letter from their hospital concerning a test or consultant's appointment to plop through their letter box, a week or two after the event. This when my contemporaries' natural mode of communication with everybody is email, arriving in minutes.

I was therefore incensed that there was no discussion at Smart Healthcare Live about what I consider a scandal: that in 2010, correspondence between doctor and patient should continue by snail-mail. How can the medical establishment, who are supposed to care for patients, defend this archaic mode of communication which causes such distress?

I was therefore taken aback by an argument I had on a stand at the exhibition with the manager of an identity and security specialist, who contended that a nationwide email system with 50m patients would be hopelessly insecure, and therefore unfeasible. I objected that I carried out secure transactions on Amazon and many other websites daily. Why could the NHS not do the same?

I had a good moment during the conference when, in his interview with SA Mathieson, the chief executive of NHS Direct Neil Chapman batted away the recent allegation by the chair of the BMA's GP committee Dr Laurence Buckman that the cost-effectiveness of NHS Direct "has so far not been properly evaluated".

Chapman pointed out that of the 5m patients each year who contact NHS Direct, 60% do not go on to face to face contacts with GPs and Hospital A&Es. The savings are immense. Chapman laments that many people in the NHS have an ingrained feeling that remote care is somehow second-rate, cheap and nasty. I suspect that this prejudice is what is holding up telecare as well.

The speaker who turned me on more than any other was Dr Paul Hodgkin of Patient Opinion. He contended that the patients can create more change in the NHS through their suggestions than NHS executives can do through their complex bureaucratic organisations. He hopes to generate 100,000 patient stories a year, 10% of which will result in improvements on the wards. These changes may be in the design of loo-seats in disabled toilets. But they are improvements, and they could change the culture of NHS staff towards innovation.

He believes that politically, his time has come, because what he is doing is an embodiment of the coalition government's Big Society. I hope he is right, and that the patients' voice will become the loudest in the land.

Dick Vinegar

ICO again criticises NHS over infosecurity

Fri, 18 Jun 2010 09:48:20 GMT

The Information Commissioner's Office has again warned the NHS that it is not doing enough to safeguard patients' data

The ICO said that NHS Stoke-on-Trent lost 2,000 paper physiotherapy files, and is not sure if they were destroyed or simply filed in the wrong place, reports The Register.

Basingstoke and North Hampshire foundation trust lost an Excel spreadsheet containing 917 pathology results - emailed from an insecure address. The sheet was not password-protected and the receiving department had no need for such a large quantity of medical records.

Both organisations have promised to try harder in future, and their chief executives have signed letters to that effect.

Mick Gorrill, head of enforcement at the ICO, said: "Everyone makes mistakes, but regrettably there are far too many within the NHS.

"Health bodies must implement the appropriate procedures when storing and transferring patients' sensitive personal information."

A quarter of all data breaches which are reported to the ICO come from the NHS.

Trusts unable to use Cerner data centres

Thu, 10 Jun 2010 15:22:33 GMT

Four South Central and three London trusts are unable to use a Cerner IT upgrade centre in Kansas due to data security fears

The trusts have been awaiting approval for the transfer of patient data to the US from the Department of Health since February, but are unable to do so until legal issues are resolved.

The DoH confirmed that permission for transferring the data has been delayed due to the election and the change of government.

"No decisions have been taken and different options are being considered," a spokesperson for the department said.

The three London trusts waiting for a decision are Barnet and Chase Farm Hospitals, Barts and the London and Royal Free Hampstead. NHS South Central strategic health authority has not named the four trusts involved and said it would not make any comment on the situation.

A spokesperson for NHS London told SmartHealthcare.com: "When a decision has been taken on the different options being considered, we will discuss with the three London trusts the best time and method for them to upgrade their electronic patient records system."

London trusts such as St George's Healthcare, Newham University Hospital and Kingston Hospitals have already implemented Cerner's Millennium software.

Companies outside the UK can sign up to the safe harbour scheme, which provides for the transfer of personal data from Europe to the US in compliance with EU data protection laws. At present, the transfer of data outside the UK or other EU countries is limited by data protection legislation to prevent transfers to countries without adequate data protection laws.

The US does not have equivalent data protection legislation and relies on a self regulatory system.

NHS is top sector for data losses

Tue, 01 Jun 2010 11:25:39 GMT

The NHS has reported 305 data breaches to the Information Commissioner's Office (ICO) since November 2007

The figure for the NHS compares to 288 for the private sector, 132 for local government and 18 for central government. "It could be because of reporting differences or the NHS could be more prone to data breaches because they are dealing with sensitive data," an ICO spokesperson said.

The greatest cause of NHS data breaches was theft of hardware, with 116 incidents where equipment containing personal data was stolen. A further 87 incidents involved health service organisations losing hardware containing personal information.

The figure also includes 43 incidents where information was wrongly disclosed; 17 where data was "lost in transit"; 13 cases involving the non-secure disposal of IT, and 17 because of technical or procedural failures.

In July 2009 five NHS trusts were reprimanded by the ICO for failing to encrypt data. They included London's Royal Free Hampstead trust, which lost an unencrypted CD containing data on 20,000 cardiology patients, and Hampshire Partnership trust, after an unencrypted laptop with data on 349 patients and 258 staff was stolen at a conference.

The ICO began published data breaches after the loss of 25m child benefit records by HM Revenue and Customs.

David Smith, the deputy information commissioner, said: "Extra vigilance is required so that people's personal information does not end up in the wrong hands.

"Organisations should have clear security and disclosure procedures that staff can understand, properly implement these and ensure that they are being followed by staff. Staff must be adequately trained not just in the value of personal information, but in how to protect it."

NHS hears warnings on information security

Steve Gold — Wed, 05 May 2010 08:00:00 GMT

The health service is generating a third of data breach reports, with SCRs and cloud computing threatening to make things worse

The audience at last week's Infosecurity Europe show held its collective breath when David Smith, the deputy commissioner for the Information Commissioner's Office (ICO), took the podium. The ICO recently increased its penalties 100-fold to £500,000 for those organisations reporting a serious loss of data – and health service organisations appear to be among those most likely to be hit.

Smith told the event, held in London on 27 April 2010, that NHS bodies are responsible for one third of around 30 serious data breaches reported to his office every month, although the overall figure has declined slightly in the last few months.

The picture is not as grim as it seems, as Smith said that not all private sector organisations declare their problems. "We're still seeing loss of personal data on unencrypted laptops in both (private and public) sectors," he said, adding that, despite the increase in penalties, the ICO is not try to catch people out, but is trying to help organisations which are trying to get it right.

But, he told his audience, the scale of data losses has significantly increased over the years. "We've gone from losing a few medical files on a few sheets of paper at a time, to losing millions of files on a single disk or USB stick," he said.

"Today, people are willing to share more; a culture of reducing costs and sharing has emerged," Smith added. "Data breaches are still happening, and are often due to insider wrongdoing, or theft and loss of data on portable devices. There are too many organisations ticking the boxes, without investing in real measures to keep up staff training and awareness. Contractors and processes must be checked."

So what should NHS IT professionals do if the worst happens? Smith said that, when and if a breach does occur, those affected should be notified as well as his office. "We don't want to know about every breach that happens, just the large-scale breaches where there is potential harm to individuals," he says, adding that, in most cases, the ICO will record the incident but not action it.

Summary justice

Reacting to Smith's comments, Justin Anderson, chief executive of NHS supplier Flexeye Technology, warned that the situation with data breaches could get worse if the Summary Care Records programme continues in its present form.

SCRs, he said, are potential security risks. He believes that any system that has to copy large amounts of information to a central database is outdated and costly, as well as difficult to introduce, since it poses significant security risks to the information it contains.

Anderson, whose approach to IT security is based on a governance, risk and compliance strategy, said that a better approach to controlling access to SCRs would be to use a rules-based system that authenticates and authorises access to 'views' of specific pieces of information.

"The problem is that most requests for patient information are specific," he said. "For example, the A&E department wants access to essential details such as name, date of birth, allergies and current medication, but doesn't need to know that the patient had measles when they were three years old.

"It's also similar to the way the web is constructed. It would be hard to imagine a world where Google copied all of the information on the web into a huge central data warehouse, so that people could search for specific pieces of information. It's simply not necessary today," he added.

Anderson said that Flexeye's IT security business model has changed to make it more attractive to public sector agencies such at the NHS, by reducing the front-end licence fees and moving to support plus maintenance contracts.

"This reduces the capex and increases the opex, allowing NHS trusts to pay for their IT security on a concurrent basis, rather than from capital expenditure," he said.

Heads not in the cloud

Anderson added that he does not see much potential for cloud computing in the NHS, mainly because the need to maintain security on patient data, which he believes is difficult to ensure in a cloud environment.

This sentiment was echoed by Hugh Njemanze, co-founder and chief technology officer of US based security management company ArcSight. He said that the current trend towards the cloud and sharing of data is not welcomed by his healthcare clients.

"Each appliance for our clients operates as an island. Sure, we'd like to use the data from the appliance to share threat information between our clients, but that's not something they will go for," he said. "Some of our clients are in the government sector, and there's no co-operation from them when it comes to data sharing."

The IT security industry veteran also had some interesting views on the apparent stampede among IT departments move their data into the cloud, largely due to economic imperatives.

The cloud, he says, has clear economic advantages, but just like the difference between buying or renting a home there are disadvantages as well. "We're not moving (our customers) into the cloud with our security offerings at the moment, but we are watching what is happening in the market. We're erring on the side of caution," he said.

Steve Gold

McKesson converts Paragon software for NHS

Tue, 27 Apr 2010 16:38:18 GMT

Several health IT vendors have used HC2010 to announce new products, pilots and partnerships, including Orion, Carefx, System C and Hytec

McKesson said on 27 April 2010 that it will launch a UK version of its Paragon hospital information system, a modular suite it already offers in the US covering clinical, patient and administrative functions.

Adrian Wookey, the firm's UK vice-president of service delivery, said the system would be "fully optimised" for NHS use, including development work to ensure compliance with the National Programme for IT's Spine system. "We are confident that compared to other systems coming to the market, McKesson's will be the most cost-effective solution available and will deliver the functionality that is required by our customers today," he said.

The Department of Health recently awarded McKesson a £36m four year deal to support existing implementations of its Totalcare and Star software packages in 26 trusts across England. It also provides services to all trusts in England and Wales, through running the NHS's shared HR and payroll service.

Orion Health, whose Concerto software is being piloted in Northern Ireland's health and social care trusts, said it was launching a software as a service (Saas) product at the show, to help trusts deal with decreasing budgets. No further information was immediately available.

Carefx said it is working with Cambridge University Hospitals Trust on a six month pilot of a system to check if a requested test has already been carried out recently, initially for blood tests. A clinician requesting such a test will be told if there is a recent result available, and asked if they still want to order a new one.

"This pilot will demonstrate the viability of using decision support in this way to help improve patient care, as well as reducing the number of pathology test requests across the trust," said Dianne Nixon, head of strategic systems at the trust.

Carefx has recently announced a partnership with NHS local service provider CSC to provide systems including a clinical information portal using the vendor's Fusionfx software.

System C used the show to launch integrated digital pen technology for its Medway suite of clinical software, initially for the maternity module. This lets midwives complete assessments using the technology in the community. The firm is working in association with Destiny, a provider of digital pens.

Hytec said it is launching a system to allow trusts to share information securely across the NHS N3 broadband network, including secure, authenticated remote access for GPs.

NHS computers hit by data-stealing malware

Fri, 23 Apr 2010 10:50:17 GMT

More than 1,100 computers across the health service are infected with malware that is easily detected by off-the-shelf security software, according to a vendor

Researchers from anti-virus provider Symantec have been monitoring the Qakbot worm since last May and have documented its behaviour, reports The Register. On 22 April 210, after infiltrating two of the six servers used to collect pilfered data from infected machines, they provided an update that didn't exactly instill confidence in the healthcare system.

"The logs show that there is a significant Qakbot infection on the National Health Service (NHS) network in the UK," the Symantec update states. "This threat has managed to infect over 1,100 separate computers that are spread across multiple subnets within the NHS. We have attempted to contact the affected parties and have no evidence to show that any customer or patient data has been stolen."

Over a two week period, the researchers observed 4 GB of stolen data being funnelled to the monitored servers. Because that represents a fraction of the servers used by Qakbot, the amount of pilfered information is likely much higher.

Qakbot spreads through webpages that install malware by exploiting patched vulnerabilities in Microsoft's Internet Explorer and Apple's QuickTime software. It is able to self-propagate on local networks through file shares. It "moves slowly and with caution, trying not to bring attention to its presence," according to the update.

The malware scours an infected machine's hard drive for internet search histories, banking and payment card information and logon credentials for some dozen websites and then uploads them to one of the six servers. It also records the contents of data stored by a browser's autocomplete feature.

"In a nutshell, if your computer is compromised, every bit of information you type into your browser will be stolen," Symantec researchers wrote. While Qakbot primarily targets home users, plenty of corporate and government machines are infected as well.

Tracking: an asset to the NHS?

Steve Gold — Wed, 21 Apr 2010 08:00:00 GMT

RFID and barcode tracking technology, both for equipment and for patients, is increasingly used by the health service

Medical and allied technology equipment is a major item of expenditure for most hospital trusts, with the appropriately-named minor capital budgets being liberally tapped for a variety of mobile equipment, ranging from the ubiquitous patient wheelchair all the way up to expensive portable X-ray and ultrasound machines.

Tracking those assets - in order to improve patient and staff convenience, as well as an improved return on investment (ROI), and, of course, helping to prevent theft - has become a lot easier, even in a busy clinical environment such as a hospital, health centre and clinic.

This is largely thanks to the widespread use of bar codes and growing use of RFID (radio frequency identification) systems, along with WiFi networks across hospital campuses.

It comes as a surprise, however, that the same supplier names keep popping up in the hospital kit and patient tracking systems, such as Airetrak, Aruba, Barcode Warehouse and Motorola.

Hospitals are tracking patients as well as equipment: being able to locate them as they move around wards also helps to ensure the best ROI from increasingly stretched NHS resources.

If the consultant, for example, is almost ready from Mrs Smith but she is still in X-ray, the receptionist can push her place back in the out-patient queue by 25 minutes exactly, if Mrs Smith's estimated time of arrival in outpatients is around 20 minutes.

This level of accuracy is only possible if the patient's location can be tracked and tied into the medical records, electronic health records and allied systems, generating an estimated treatment time which, when added the travel time back to outpatients, gives an accurate ETA.

Large taxi bill

According to Roger Wilmott, managing director of Airetrak, asset tracking can do a lot more than improve staff and equipment ROIs - it can also save a lot of grief at the sharp end of patient treatment.

"There was an incident recently at one PCT where a lad with a broken leg turned up in a taxi, accompanied by his parents, and it took the porter 45 minutes to locate a wheelchair to take him to A&E. The parents ended up with a large taxi bill and, understandably, complained to the trust," he says.

"The end result of this was that the PCT - which was looking into the technology anyway - implemented an asset tracking system to stop this sort of thing happening again," he adds.

Airetrak has been selling to the NHS for about five years and, in that time, has spoken to around 80% of trusts, most of which are now starting to understand the need for asset tracking and the ROI issues at stake.

"It's a bit like satnavs were ten years ago. Most people (in primary care trusts) are only now getting their heads around the technology," he says.

Airetrak's main focus in the NHS is on passive RFID technology, where the tag needs a scanner, and active, where the tag transmits its location to the network. As trusts install asset tracking systems, Wilmott says they are beginning to learn about the benefits of patient tracking systems as well.

"In five years time you're going to start to see people being tracked - and not just in hospital, but also in the workplace, as there are clear health and safety benefits. At the moment, it's very early days," he says.

The problem with patient tracking, he adds, is that there are a lot political and privacy hurdles to be crossed before we see a widespread deployment. Then there's the question of what happens if a patient removes their tag for any reason.

Barcode Warehouse, another asset tracking specialist which claims to support more than 40,000 hand held mobile computers for a portfolio of organisations, says it is working with around 160 trusts.

The firm has just deployed at thermal wristband system for Basildon & Thurrock University Hospitals (BTUH) NHS Foundation Trust that helps to reduce the risk of patient misidentification.

According to Michelle Smith, BTUH's project manager, it was important that the trust compiled with the National Patient Safety Agency guidelines on printed wristbands.

"The use of electronically printed wristbands greatly reduces the risk of mis-identifying patients and administrating incorrect medical care," she says, adding that handwritten wristbands are often difficult to read, as details begin to rub off the longer the patient stays in the hospital.

When a patient is admitted to a BTUH ward, clinical staff access patient information from the PAS (patient administration system) and print out a wristband that uses anti-microbial ink.

With 63,000 inpatients and day cases annually, plus a further 90,000 in A&E cases, the wristband system has had a rapid payback in terms of patient welfare and administration efficiencies.

Clive Fearn, Barcode Warehouse's marketing director, says that RFIDs are also useful in the patient care environment, in situations such as neo-natal care, where they can ensure that a baby is where she or he should be and helps to prevent any problems. Both barcode and RFID systems can also be extended from the hospital to the ambulance environment, which also helps to improve resource efficiencies.

On the wireless

Gloucester Hospitals NHS Foundation Trust recently deployed a WiFi network at both of its main sites – Gloucestershire Royal and Cheltenham General – supplied by Aruba Networks.

"Gloucester is just one of 30 NHS trusts that have deployed, or are deploying, our technology," says Bob Vickers, sales director at the firm. "It's still early days. We roll, for example, into a customer's office and explain what we can do. Assets can be tracked, and so can patients."

"And once the trust's staff realise the potential, they really start to see many different uses for the technology. Yes, hospitals can 'lose' a patient temporarily, but they always surface in another department. This is where WiFi tags really come into their own," he adds.

Once a trust installs a WiFi-based tracking system for assets and/or patients, they then start to realise other applications, such as voice over IP. Vickers points out that this can often require increasing the number of WiFi base stations, so before a system is installed, he says his team talk at some length to the trust about their future plans for the network.

"It all comes down to planning. You talk to the trust about what they want and then work out a solution, whether it's barcodes, RFID or WiFi, or a mixture of all technologies," he says. "You must, however, plan for expansion and enhancements, as it's only when the system goes in do trusts realise the potential for asset and patient tracking systems."

Steve Gold

Identity management: A game of smartcards

Cath Everett — Wed, 24 Mar 2010 09:00:00 GMT

Some NHS trusts are implementing their own staff identity management systems to fill gaps in the national system

NHS Connecting for Health's smartcard-based identity management system is intended to enable clinicians to access its Care Records Service securely. However, some trusts have decided they need something more.

Although the original goal was for iSoft's Lorenzo and Cerner's Millennium to provide an all-encompassing electronic patient records system, scaled-back ambitions and widespread implementation delays mean that trusts are now having to look at alternative means of securing access to the numerous supplementary applications that do not run against the national Spine database.

The national smartcard system, which enforces role-based access control, is based on software that sits on top of centralised spine-compliant applications such as Choose and Book and the Electronic Prescription Service. Such packages can only be accessed using the smartcard, but the same is not true of local third party applications, which require staff to employ multiple user name and passwords.

While this situation is less of an issue in locations such as GP surgeries where fewer applications are employed, it does present a challenge in hospitals where multiple systems are in use all of the time.

"You see some hospital colleagues with eight cards around their neck as it's about getting the software converted," says Dr Grant Ingrams, chair of the British Medical Association's (BMA) IT committee. "There are also issues about how you use it and I don't think all of the problems have been sorted out yet around what you do in busy areas."

The problem, he explains, is that smartcards are not the best mechanism to use in such environments as "they're slow".

"So if it's me sitting down for 10 or 12 hours as a GP seeing patients, it's not an issue. But if you think about A&E where several clinicians are trying to use one machine, you end up seeing cards left in and people remaining logged on," Ingrams adds.

He suggests that a quicker alternative might be to introduce the same kind of proximity dongles that are waved over readers in pubs and restaurants to provide access to systems. Another possible option would be installing enough computers so each clinician could have access to a machine at all times.

"In most places, it works OK, but where things are more rushed and hurried and more staff are coming and going, it needs a workaround," Ingrams says.

Showing persistence

Some trusts have tried to at get around the challenge of staff having multiple identities by introducing single sign-on (SSO) systems. These enable personnel either to employ a single user name and password or the single identity held on the smartcard in order to access both local and national software.

But the problem with this is that such systems neither provide session persistence nor are they aware of context. Paul Curley, consultant surgeon and clinical director at the Mid Yorkshire Hospitals NHS Trust, explains: "If you're working in application A to find blood results, but you want to look at X-ray results too, you can fire up application B, which may link to SSO so you won't have to remember your user name and password. But you'll still have to do another search on the same name as the system isn't context-aware."

Session persistence refers to the concept of logging out of a session for security reasons when attention needs to be turned elsewhere, but being able to log back in and pick up exactly where one left off. "It would be perfect in a busy A&E," Curley says.

To this end, Mid Yorkshire is currently trialling a mobile clinical computing system with Dell, Symantec and Trapeze Networks. The first part of the pilot involves evaluating a system that enables clinicians to roam "with an open profile across devices in the network without having to log off," Curley says.

Users log onto the network using version 5 of the NHS smartcard, which is contactless and uses an a RFID chip. This means that, rather than have to place their card into a reader, which slows the log-in process down, clinicians simply wave it at a device.

A session then becomes "locked" to them so that when they walk away, it cannot be accessed by a third party. "You don't have users leaving sessions open so it's a very important piece of the jigsaw," says Curley.

Another possible approach, however, says Derek Stowe, technical network and security manager at Rotherham Primary Care Trust, is to have the smartcard registration authority set a time limit for sessions of access through the cards.

"What you've got to remember is that, if someone puts their card in and logs onto the system but subsequently logs out, leaves their card in and someone else logs in in their place, it's all tracked," he explains. "In Rotherham, these things are taken very seriously and any misdemeanours are investigated thoroughly."

The trust has just implemented a Quest Software system to enable it automatically to provision, re-provision and de-provision users through Microsoft's Active Directory. The software has been integrated with its Electronic Staff Record (ESR) system, which managers can currently access using their smartcard to undertake such activities as authorising annual leave.

By the end of the year, however, all clinicians will be able to access their ESR using an NHS smartcard, letting them view their wage slips, register for continuing professional development and other job related activities.

National service

In terms of the national system, the Department of Health (DoH) says that more than 530,000 users have registered with the NHS Care Records Service Identity Management System to date. A total of 900,000 staff from across 600 NHS organisations are expected to have signed up by the end of June 2013.

The system already meets the standards built into the pan-government Employee Authentication Service (EAS) that was recently approved by the CIO Council and positioned as a "champion asset for government". This means that all public authorities now have to justify their decision if they chose not to use it.

"The EAS strategy permits organisations to implement their own internal identity management services according to their application and security needs," a DoH spokesperson said.

While NHS organisations may need to use the EAS to access applications in other departments or in local government, SSO systems could be useful in managing these multiple identities, the spokesperson added.

But the DoH is also "developing a long-term strategy to ensure the requirements of the NHS are built into any future (EAS) procurement". Although this more detailed national strategy is still a work in progress, in future the spokesperson expected that "all identity management systems will utilise a user's unique identity".

This is because having a unique identity that "can be understood across all systems will make significant improvements in our ability to identify user activity across many systems and services, thereby improving information governance", the spokesperson added.

Cath Everett

Security leads NHS to avoid flashy mobiles

Thu, 25 Feb 2010 15:11:19 GMT

Healthcare officials have warned that service providers expose their community staff to security risks if they issue them with obtrusive mobile devices

Several speakers at the SmartHealthcare.com Mobile and Wireless Healthcare conference, held in Birmingham on 24 February 2010, said that their choices of mobile equipment for community use had been influenced by the need to make hardware easy to disguise.

Tracy Andrew, head of information security and compliance for Berkshire Shared Services, said his organisation had chosen Dell's smaller D and E series laptops for this reason. "If they can be small and unobtrusive, that's better," he told the audience.

He added that the service, which provides IT for Berkshire East and Berkshire West Primary Care Trusts and mental health foundation trust Berkshire Healthcare, has to take account of high levels of crime in Slough and Reading.

Andrew said that £32 Pacsafe bags, which can be locked to a luggage rack or the inside of a car's boot with a laptop inside, provide "a fantastic return on investment" for such workers.

Tina Quinn, clinical and operational lead for Kirklees Community Healthcare Services, said unobtrusiveness was among the reasons that led her organisation to order 600 Panasonic Toughbooks for mobile working. "It's small enough to fit in a normal workbag. It goes into the workbag, and no-one's the wiser that they have the kit on them," she said. A low weight and long battery life were among Kirklees' other reasons for choosing the laptops.

Richard Sargent, ICT change control specialist at Portsmouth Hospitals NHS Trust, said that the trust's trial of BlackBerrys and Anoto digital pens for midwives followed the same logic. "There are some undesirable areas in Portsmouth. We didn't want to show they were carrying a laptop," he said.

The Portsmouth scheme, which allows midwives to record information on mothers to be both on paper and digitally at the same time, also includes an alarm function – if a midwife scores through the trust's logo on a form, the microphone on the BlackBerry is activated and an email sent to the senior midwife, who can listen and contact the police if necessary.

The project is about to go live, following a trial and a training period during which 130 midwives have been getting used to the system.

Another hospital stricken with Conficker virus

Fri, 19 Feb 2010 15:31:39 GMT

West Middlesex University Hospital NHS Trust has been infected by the virus, leaving hospital staff unable to book appointments via computer

The outbreak has been contained but some hospital IT systems remain unavailable, resulting in ongoing delays to patients and affecting the smooth running of the medical facility, reports The Register.

A hospital spokesperson said that the malware infection, identified as the Conficker-A, struck on the afternoon of 12 February 2010. "Most of the computers had to be cleaned, so we've had to rely on a pen and paper system to book appointments. Technicians worked over the weekend to clean up systems. Priority systems are running but the clean-up is likely to last until the end of the week."

The Hounslow Chronicle reported on 16 February that email and internet access was affected by the outbreak but net connections since largely been restored.

A notice on the Trust's website warns patients to expect delays. "We are currently isolating the virus and cleaning the system," it said. "This is causing some operational issues. We have implemented our business continuity plan and are operating manual systems as part of our standard procedure. We do have a number of computers working in several priority areas such as A&E, ITU, theatres and some out-patient departments.

"We have contacted all our partner organisations and are doing everything we can to get back to normal. We apologise for the inconvenience that has been caused so far but do ask the local community to refrain from contacting the hospital for non-urgent requests. A&E is open and accepting patients. If it is not an emergency, we would encourage the local community to contact their GP, visit their local pharmacy and use walk-in centres such as The Heart of Hounslow and Teddington Memorial Hospital where possible."

The hospital has 400 beds and employs 1,900 staff to serve the needs of 400,000 residents in the London boroughs of Hounslow and Richmond-upon-Thames.

It's unclear how the infection occurred at West Middlesex but recent UK public sector Conficker infections have been blamed on either infected USB drives or external laptops.

Victims of the malware in the last month alone have included Greater Manchester Police, Mid Cheshire NHS Trust and NHS Leeds. The malware infection at GMP had severe operational consequences after senior officers decided to disconnect force systems from the Police National Computer and court systems for five days while a clean-up operation took place.

David Harley, director of malware intelligence at net security firm Eset, and an NHS IT manager for five years, said that continued problems with Conficker were far from confined to the public sector, despite the number of outbreaks in hospitals and government facilities since the start of the year.

It could be that hospital and other public sector systems include servers running NT4 and PCs running very old versions of Windows. Security software packages no longer support these systems and this may well be a contributing factor in recent outbreaks of Conficker, Harley added.

"I wouldn't like to bet that there are no PCs at all sitting in medical centres and police stations that aren't running anti-virus because they run an OS that's no long supported by the organisation's scanner of choice, or hardware that can't take the extra load from an on-access scanner, or because there's inadequate system support to ensure that local security is maintained," he said.

Bureaucratic factors may be at work against the application strong security policies, according to Harley. "In the NHS, which is really an umbrella organisation comprising many semi-autonomous sites clustered around some common networking services, NHS Connecting for Health decided it wasn't in the business of network and end-point security, so it focused on confidentiality and the services it supplied nationally," he said.

No to SCRs: NO2ID's Phil Booth on Summary Care Records

Wed, 17 Feb 2010 09:00:00 GMT

NO2ID, which has played a major role in the campaign against identity cards, also opposes Summary Care Records

Beneath the headlines about the National Programme for IT – billions wasted, systems underperforming or failing to deliver – lies another story, one that will outlast any particular NHS IT system.

It's the push for control: control of your and your children's medical records – and their children's… and theirs.

This is a fundamental shift, and one that cuts to the heart of the patient-doctor relationship. Putting everything into one pot, no matter what protections you attempt to bolt on, makes compromises inevitable – as both Gordon Brown and Alex Salmond have been unfortunate enough to discover. NHS smartcards are being stolen, lost and abused. It was the same with passwords, and will be with any form of access control.

The creation of centralised systems that make sensitive personal information accessible to many, and not just those directly involved in providing care, undermines the confidence patients can have – must have – if they are to disclose things about themselves for their own treatment and well-being, and for the wider public health.

The myth is that the patient is at the heart of these systems; that they are for our convenience or safety, or purely administrative and not to serve Whitehall's explicit goal to 'overcome current barriers to information sharing' or the interests of a powerful medical research lobby.

In reality the vast majority of patients are highly motivated to look out for their own data and, being the person most likely to be affected, are the smart choice if you're trying to 'join systems up' – especially in the sorts of critical situations being used to sell the Summary Care Record. Those with potentially life-threatening conditions or allergies to particular medicines already wear Medicaid bracelets. Pregnant mothers carry their maternity records.

Like many massive, centralised government IT programmes, NPfIT initiatives are presented as if there were no alternatives. And a huge amount of effort is being expended to manufacture consent.

From 2006, NO2ID has helped campaign for patients' rights over the Summary Care Record. To exercise what control they could. Though the vast majority of GPs and the public opposed the uploading of patients' information without explicit consent, Connecting for Health pushed on regardless, uploading the details of anyone who failed to respond to a single letter.

No-one knows how many of the hundreds of thousands of patients whose details have been uploaded actually received or read the mailshot. No-one knows how many simply binned the envelope, thinking it was yet another mass-mailed circular. No-one knows how many who actually read the leaflet, heavily weighted against opting out, were dissuaded from acting when told they would have to confirm their decision in person.

Connecting for Health is using what are effectively inertia selling techniques, making those who might wish to opt out jump through unnecessary hoops. Which is why, with pre-election "purdah" almost upon us, it's multi-million pound inducement to ramp up the mass roll-out of SCR is all the more extraordinary. Surely the Department is not playing politics with patients' records, in the face of Conservative and Liberal Democrat proposals for more localised or decentralised approaches?

Let us hope that this time every mailout will contain the required opt out form, conveniently absent from previous mailings. Failing to include the form may seem trivial, but it will have significantly reduced the numbers taking action. For the only action patients can take on receiving the information is to opt out. Inaction implies consent.

A radical rethink is long overdue. It's not just about IT – it's never just about IT. But whatever systems get built, it is vital that they provide meaningful mechanisms of informed consent and put doctors and patients back in control.

Start-ups move into data and e-learning

Cath Everett — Wed, 10 Feb 2010 09:00:00 GMT

Two young enterprises are aiming to help health providers pseudonymise their data and teach staff about IV pumps

Just because an idea starts life in one area does not mean that it has to remain fixed there for ever. And so it is with start-ups and young companies. Some take concepts from one sector and simply transfer them to another, while others adopt an ink-blot approach and allow their idea to spread into new but related areas.

Two examples of just these tactics are Sapior and Virtual Tutor. Sapior opened its doors in 2000 providing data integration, data management software and consultancy for financial services organisations, but switched tack to focus on the NHS about six years ago.

Rob Navarro, the firm's managing director, explains that the company was "a fusion of my two interests in data management and data privacy". When writing a paper exploring how organisations could effectively share or reuse sensitive information, he realised that it was the health sector rather than financial services that really required a way to tackle the issue because of the "super-sensitive" nature of its data.

His own research indicated that in a large teaching hospital, each patient's health record was copied between 10 and 30 times – not for use in direct patient care but for secondary functions such as auditing, research and data analysis. The figure was closer to 10 when records were stored in clinics or specialist facilities.

"It was clear that the protection of patient data needed to be increased in line with increased reuse and so we wanted to fill that gap," Navarro said.

As a result, the company, which currently employs three people, developed a so-called pseudonymisation system, which replaces identifiers such as name, address or NHS number with pseudonyms to protect patient identities.

By the end of 2005, Sapior had signed a nine-year deal with BT, the primary contractor for the NHS Care Records Service. The firm's Redbridge ES offering was used to remove identifying data from between two and 10 million patient records per day held on the central Spine database, so that they could be employed anonymously in the Payment by Results scheme.

But Navarro realised that there was "a much bigger need for this kind of thing around the country, not just in the centre. There are many more sources of data to integrate and services to evaluate regionally than would never make their way into the centre".

As a result, the company developed a black-box "web-server-like appliance" to cater to this new market. The device sits on an organisation's network and ensures that health records are stored in databases and data warehouses in a de-identified state, although such information can be "re-identified" on demand as required.

The move coincided with the Pseudonymisation Implementation Project's mandate that all trusts must start de-identifying their data by 11 March this year for completion by 2011, and Sapior hopes to sign its first customer this quarter.

Licences and maintenance charges for a primary care or acute trust with 200,000 patients will be about £16,000, while one-off fees for implementation, which takes between four and six weeks, will cost about the same.

The offering will be sold primarily through the firm's partners. They include database vendors, IT services and information governance organisations which undertake the "people training piece", says Navarro.

Within three years, however, the aim is to start focusing on the social care market before moving to target local authorities. "It'll be like an ink blot moving from the centre where the first mandate appeared," Navarro explains.

Ink-blot approach

Another organisation that is taking an ink-blot approach is e-learning provider Virtual Tutor. The company was set up two and a half years ago by director Michael Ter-Berg after being spun out of City University in London.

It came into being after Ter-Berg, a seasoned healthcare technology entrepreneur, was introduced to Professor Maggie Nicol at City University's School of Community Health Sciences. She was looking for a simple way to deliver effective intra-venous (IV) pump training to clinicians in general and nurses in particular.

Ter-Berg explains the rationale: "IV pumps are the biggest area of medical device liability and more people are seriously hurt or killed with them than anything else. They're complex instruments that are used in intensive care, but the fact that they can be faulty or training can be inadequate means that they generate big clinical issues."

On this basis, he hired specialist e-learning software developer Exor to build and support an e-learning system based on input from Nicol as well as other clinicians and educationalists. Exor is now a shareholder in the company alongside City University and Ter-Berg.

Some 32 NHS trusts have already taken part in a four month trial, which started at the end of July using Graseby 3100 pumps, with the aim of adding support for Fresenius-based models by the end of March.

But while the offering is currently available on an ad hoc basis at a cost of about £1,000 a year for an unlimited site licence, active selling to nurse trainers and junior doctors is not scheduled to start until the middle of the year.

The service will be available in either standalone form or integrated into an existing learning management system and will be positioned as complimentary to the Department of Health's e-Learning for Healthcare scheme.

The latter targets a wide variety of areas and is intended to be "supportive" in nature, according to Ter-Berg, while Virtual IV Tutor is meant to provide more comprehensive and specialised training. But the eventual aim over time is to provide the "online training portal of choice for all medical devices", he adds.

Cath Everett