Four-fifths of doctors say electronic record insecure

03 Jan 2008

Four-fifths of doctors are concerned that current plans for patients' health records to be available from a central database – the summary care record - will make them insecure, according to a survey for the Times.

Asked what level of confidence they had that central health records will be secure, 80% of GP respondents said they not confident or they were very worried. In addition, 77% of consultant respondents also gave the same answers.

Over half (57%) of respondents said that they felt that local NHS organisations will not be able to maintain the privacy of patient data within their area.

Doctors.net.uk, a medical network website, carried out the survey for the Times newspaper, between Christmas Eve and Boxing Day asking 11 questions on attitudes towards the National Programme for IT – including who should have access, how secure the system is and how confident they are that the new systems will work.

However, the 640 respondents did express their support for NPfIT, with 70% saying they were confident that centrally available patient data will improve patient care.

The majority of respondents, 54%, agreed that patients should have some control over their own personal record, however, 67% were against patients having full control of their electronic record.

A BMA spokesperson told E-Health Insider: “This poll shows how low confidence in the NPfIT [the National Programme for IT] really is. The government will not regain the confidence of the public or the profession unless it can demonstrate that its systems are safe.

“We await the review of the pilot schemes with interest but believe before the scheme is rolled out every patient must be given full and clear information about the proposals so that they can make up their own minds about whether to go ahead or not.”

The latest survey shows that consultants are more strongly in favour of NPfIT than GPs, with 78% agreeing or strongly agreeing that care will be improved, against 53% of GPs.

“The poll shows big cultural differences between primary and secondary care. We view this survey as a clear call to action that front line clinicians need to be embraced before any more systems are rolled out,” Dr Shaibal Roy, operations director of Doctors.net.uk, told EHI.

“GPs have had electronic records for two decades, and the key difference this poll shows is that doctors more experienced with IT are more concerned about it. They all agree that electronic records in GPs’ surgeries are important, but do we need to share them is the main issue.”

Asked ‘Do you think you will be able to rely on the accuracy of centrally available shared patient information?’, the answers were mixed – 35% said yes, but 33% answered no and 32% were unsure.

The poll also asked doctors whether they thought that a patient’s record should be accessible to private healthcare providers. Responses were evenly divided, 43% saying that they should and 41% that they should not.

Asked if they thought that the medical profession was prepared for the transition to electronic records, only 29% said they thought it was, against 66% who said it isn’t.

To date, around 20 GP surgeries in Bolton and Bury have added 110,000 patients' details to the system, part of the £12bn NHS IT upgrade project. A national roll-out is planned from late 2008, once an evaluation of the pilot sites is completed.

Dr Roy told EHI that more needs to be done to assure both medical staff and patients that the electronic system will be secure and accurate at all times.

“When I talk to colleagues in Europe, where they don’t have any systems as ambitious as this, they are astonished that people in the UK aren’t keener on NPfIT. This really needs to change if NPfIT is to succeed.”

The Times poll findings follow a survey last February by the website which found that a resounding 91% were not optimistic that NPfIT will change the NHS and that 76% thought NPfIT had been a “frustrating project”.

The latest Times survey also echoes the concerns highlighted by the larger annual Medix UK tracking survey, sponsored by E-Health Insider. In the 2007 survey of over 1,000 clinicians three-quarters of GPs, and more than half of the non-GPs, felt the new care records service would make confidentiality worse.

Related article

Survey shows waning support for NPfIT

Joe Fernandez

Reader's Comments

Irresponsible reporting?

03 Jan 08 16:07

How much of these opinions are based on poor and inaccurate information gleaned from tabloid exaggeration? What comparisons are being made between the intended security and the current, disgusting situation? Let us examine some examples of the security in the modern NHS: 1 No requests for ID when we visited a hospital to discuss the software the LSP was testing, despite our having to walk unescorted through patient areas to reach the offices.

2 Medical records left out in the open during visiting hours.

3 No proof of ID requested when visiting a GP, even when the receptionist doesn't know you.

4 Unencrypted backups of medical systems sent to software suppliers, whose staff may not have been cleared to view such data, through the post.

5 I was waiting in my GP's reception, when the receptionists were talking about a fourteen year old's pregnancy test results; everyone in that room knew the result before the girl or her family did. The GP didn't really care when I mentioned it to her, and neither did the HA.

6 Screenshots of PCS software emailed on unsigned emails, with PI data clearly visible

7 Personal, unencrypted USB flash drives used to record consultations during the day, and then lost!

8 Sharing of smartcards, or leaving them in unattended machines for anyone to use.

With these examples, and who knows how many more unreported security breaches, how can people raise their hands and say the centralised system is insecure? Time for the old line, physician heal thyself. I wish NPfIT/CfH would sort out the education process, telling clinicians and the public what's really going on, rather than allowing all these scaremongers to obfuscate the real issues.

Re: irresponsible reporting

03 Jan 08 17:01

The eight points mentioned are clearly highly unsatisfactory. However:

1. Go and work in front line care in a busy clinical environment and you may begin to understand why some of these things occur (this is intended as an explanation, not an excuse).

2. Don't believe for a moment that most of these things will change simply due to NPfIT as currently planned. And remedying these important security shortcomings may have as yet undetermined negative effects on patient care - not least because the failings often occur due to shortage of clinical time - which is a finite resource in the NHS (unlike - perhaps - funding for IT programmes?).

Responsibility

03 Jan 08 17:11

The 8 examples given above are not specific to local or national solutions, but illustrate the difficulties of security in an organisation which invites the public into their buildings (actually because that is the point of UK healthcare - treating patients without an iris scan or requiring a bank-card at every encounter).

The risks with NPfIT solutions are partly with the centralisation of data, which, given a complex logon process, leads to PCs left logged in on their smartcard, and opportunities to view information from afar.

Fortunately the systems are generally so slow and cumbersome that a casual browser is unlikely to get very far.

Of greater concern is the data mining opportunities for agencies and companies that Government may permit to scan the database.

And the massive delays in delivering the detailed care record to hospitals, progressively stripped of most of the integration benefits claimed for this grand scheme.

"Frustrating project" is a major underestimation.

Irresponsible reporting?

03 Jan 08 23:23

Re point 8 I can waste 10 mins trying to log on in a morning with my smart card. Once logged on I am guilty of leaving my card in the card reader all day as I haven't the time to keep faffing around logging on and logging off, but if the software worked I would.

Appalling security at every NHS site I've vistied.

04 Jan 08 10:06

I've visited a lot of hospitals in my work and only once have I been asked to provide any ID which was in a Gymea wing, which at least shows some depts are on form. I've been let into medical records offices time and time again just by saying I'm from IT. I've seen medical records lying about in numerous offices which I've been left alone with. I've been left to wander about hospitals in both patient treatment areas and offices with no supervision at all. I could quite easily have got up to anything I like time and time again. Fortunately like most staff in the NHS and the suppliers I'm honest and wouldn't do such things, but not everyone is 100% legit. It's only a matter of time before a journalist walks into a hospital and walks out with some patient notes or worse. If proper security measures are in place this should be impossible, (or as near to impossible as can be).

re;Appalling security at every NHS site I've visited.

04 Jan 08 11:48

Security in any walk of life has a tendency to inconvenience well intentioned legitimate users more than the malicious.

I worked in the NHS for over ten years in clinical and non-clinical roles (mostly in secondary care) before making good my escape. I learned that every NHS artifact - be it a paper form, policy, manager or computer system is either with you or against you getting your job done - that is ensuring the patient leaves hospital in better shape than they came into it!

Staff route around any obstruction to their delivery of care. They are also increasingly pressured - they are not filing their nails reciting "computer says No". A patient's good experience in the NHS depends on the computer user saying "yes".

If role based access does not allow (say) a ward clerk to do something on the PAS they routinely would do with the paper records then 'enabled' staff would typically not hesitate to share their login - especially if they otherwise had to pick up the work! Of course if the software could be near effortlessly and instantly reconfigured then login sharing would hard to excuse - but it rarely works that way.

Indeed in the National Program fixing software shortcomings which staff are obliged to work around may involve persuading the LSP to raise a Contract Change Notice with CfH - hardly effortless and instant!

If NHS staff are working around system security then either the technology, model, implementation or wider organisational failure is to blame NOT the staff. If suppliers, LSPs and CfH can't sort this out then they should be handed their notice - not the nurse sharing a smartcard.

Irresponsible reporting -- Not at all

mjcbrown@yahoo.com

05 Jan 08 10:16

TThe Judicial Enquiry of the Krever Commission in Ontario in the late 70's early 80's showed that the principal attempts to breach the confidentiality of centrally held medical records came from the Candian Police, reportedly for immigration matters. Those attempts were 20 to 30 times more common than the next most common source - divorce lawyers. Under the present English law police will have unrestricted access - on the say of a Secretary of State. Finding the paper based notes that you want is usually a job in itself. With electronically held data, specific searches and trawls through data become simple anonymous and finally routine.