Patients can carry records on secure smartcard

Tags: A consultant Data GP Information iS London personal health records Security statistics Surgery UK US

09 Feb 2007

Patients in London can now have their medical histories handy wherever they are, by uploading them onto a new USB plug-in smartcard called the Health eCard.

Buying the card should enable patients to show their records to any medical professional, saving time and improving consultations when their notes are not available.

Jul Kornbluth, managing director of HealtheSystems, which developed the card, told E-Health Insider that he decided to build it after he read an EHI story about an Australian paperless hospital two years ago.

He said: “When I read the piece, I realised that there should be a way for patients to be able to access their medical records. If you have your history handy, it can save a lot of repetition [of the history] to every hospital consultant you need to see.” He said having the records available could also prevent x-rays and other tests needing to be re-taken when notes hadn’t arrived.

“We really felt something should be done. Although personal health records is a big initiative at present, it seemed to us that other projects [to deliver them] had gone to sleep and were complicated. The Health eCard empowers patients and enables them to get involved in their own healthcare.”

The team worked hard to ensure that the card had watertight security and hired the security team who worked on the Eurofighter project to build the security system.

GP surgeries are given two small boxes, one that holds the surgery card, capable of holding up to 50,000 records on it and another to store cards to sell to patient, which links to the patient’s records through their unique ID number.

The master records card also acts as a firewall ensuring no viruses can affect the GP system and prevents patients from altering their own records.

Both patient and doctor view the data via a special secure reader/writer which encrypts the data and ensures it does not stay on a PCs memory. The card is protected using a pass phrase which only the patient should know – only when that is entered can a record be viewed. If an incorrect phrase is entered too many times, the card will stop working and a new one will have to be purchased.

The card works in any PC that has a USB port. It is also compatible with all current GP systems.

The system was ‘alpha’-tested at one GP surgery. Kornbluth told EHI: “In our initial testing, we found that a variety of people wanted to buy a card, from 80-year-olds to families, and there was a huge rush on the first day from travellers to obtain it.”

Loading records onto the card takes up to two minutes, which includes the GP receptionist verifying the patient’s identity. Patients must produce proof of identity such as their passport or driving licence before the receptionist will enter their unique ID into the system and start the 30-second download.

“We have worked extensively with doctors to analyse how to present all data, in a way that is understandable to the patient. So we grouped all the blood pressure readings together and lipid statistics and so on. It empowers the patient to let them know what is happening with their health.”

GPs are entitled to charge a £10 download fee to card-holders under the Data Protection Act, agreed by the General Medical Council as a non-NHS fee. The total price of the card should be “no more than a can of petrol” says Mr Kornbluth.

Dr David Krasner, medical director at HealtheSystems Ltd, explains: “As a working GP, I am aware of many situations where it would be a major advantage to my patients to have immediate access to all the medical information that is stored about them on my surgery computer.

“For instance, patients who are visited by an out-of-hours doctor who does not know them, or are seen in a hospital out-patient department where their notes have gone missing, or need to see a doctor urgently out of town or abroad, could use their Health eCard to recreate their records instantly and achieve maximum benefit from a consultation that might otherwise have been frustratingly incomplete or, worse, unsafe.

“Patients with chronic conditions such as diabetes and hypertension could use their Health eCard to learn about and keep track of their conditions and become more positively engaged in their healthcare. Whenever they need to see a consultant, all their information would be immediately to hand on the card.

“In an emergency, immediate access to the data stored on the card could be of crucial importance.”

HealtheSystems hopes to roll out the system nationally in March and are writing to surgeries in the UK to inform them about it. Kornbluth says the card should not cost patients “more than a tank of petrol.”

Readers Comments

A much cheaper solution

09 Feb 07 09:25

than NPfIT.

William

At last!

09 Feb 07 10:38

At last a sensible solution instead of the expensive, complicated and largely unnecessary NPfIT/CfH. If this route had been taken in the first place we would probably have had something that worked by now without the patient distrust that has been generated. Time to kill off this expensive centralised patient record and CfH with it. CEC

Supplimentary health record

09 Feb 07 13:09

As a supplimentary health record this is fine, but you can't expect every patient to carry around their own USB stick. They'll get lost or forgotten or people simply won't want to splash out the cash.

The original high level aims of NPfIT are still the best. In practice however.....?

And the hospitals will read it how ?

09 Feb 07 14:10

I suspect that the NPfIT approach has already cost more than a can of petrol per citizen.

A problem with the PACS Images on a CD, which is one way that patients can take their data between healthcare sites, is that it needs reader software on the CD, and it also relies on the PC not having policies set up to stop the use of insertable media, or the installation of unknown programs.

Likewise, this article does not highlight how a Hospital department faced with a patient wielding a USB record, can reliably use it.

Is it good ? It could be. But unless it is universal (and that probably means free at point of delivery), it seems something of a gimmick.

Master Record

09 Feb 07 14:43

In the event a USB stick being lost, stolen, broken, the data corrupted, or any other reason a new stick might be required, where would the master record be held so that a replacement might be issued with valid, up to date data?

If indeed the patient travels around the country, this would cause problems if the stick was lost between different health providers. If indeed there is a central server holding the patient records, then surely this negates the requirement for CfH to go any further than they have done with master records?

Do the maths! Can or a tank? IG anyone?

nhstechie@btinternet.com

09 Feb 07 15:29

This looks like a good supplement for a small cohort of patients with long-term conditions but expensive if we were to cover everyone. Just a few concerns over costs and confidentiality though.

Costs? "Shouldn't cost patients more than a tank of petrol". It cost me £40 to fill my tank yesterday. There are about 54 million registered patients in the English NHS. A tank would cost £40 x 54,000,000 = £2,160,000,000 A £10 can would cost £10 x 54,000,000 = £540,000,000 A £10 GP download fee would cost £10 x 54,000,000 = £540,000,000 - presumably we'd need more than one download per year? I've "lost" 2 memory sticks in the past 12 months - if everyone lost just one every two years the cost would be phenomenol.

Patient confidentiality? The record can only shows you what the GP had on his system the last time you downloaded. How would it be updated with information showing, say lab results, new appointments, discharge summaries? Who would be responsible if A&E based emergency care on outdated information? Does the cost include full encyrption to meet the stringent IG standards so rightly demanded by the BMA, or would an opportunist thief be able to download my most intimate details and post them on the internet for everyone to read? Slightly worried about a box containing 50,000 records - how can I be sure that this can only be accessed by people I want to see my records? How can I be sure people won't walk into the surgery, claim to be me and get a clone card containing my information for either £10 or £45? What happens if the box is stolen (as GP system servers often are)?

Engagement (OK, a slightly tongue in cheek response to the comments rather than the article) Before we agree to replace NPfIT with these cards, perhaps we should consult more widely on the subject and give every clinician and patient in the country an opportunity to comment and make their views known?

Consultation

09 Feb 07 16:24

Interesting comment NHSTechie - what proportion of NHS staff and citizens had any say in the mess that CfH are imposing ?

And by the nature and unofficial source, this is an opt-in system, so patients could take an informed choice to balance security against health, something the spine encumbered systems do not.

I don't think it a particularly good idea. But a USB based device rather than a smartcard has the advantage for the patient that they are more likely to be able to read it at home !

Consultation - don't make me larf

09 Feb 07 16:25

Interesting comment NHSTechie - what proportion of NHS staff and citizens had any say in the mess that CfH are imposing ?

And by the nature and unofficial source, this is an opt-in system, so patients could take an informed choice to balance security against health, something the spine encumbered systems do not.

I don't think it a particularly good idea. But a USB based device rather than a smartcard has the advantage for the patient that they are more likely to be able to read it at home !

Master Record,maths & consultation

09 Feb 07 20:42

No patient record is perfect. The present paper one has all the well known drawbacks. A USB stick or smartcard does not solve all the problems. The current NPfIT/CfH is horribly expensive, complicated and has failed to inspire trust. The one thing that is certain is that we cannot rely on paper forever. The Master Record - this should be held by the GP and gets updated at each visit. Patient takes USB stick/Smartcard to each hospital out patient appointment or other visit and it gets updated there. NHSTechie is quite right 54 million X £10 is a lot of money but the current program has been forecast to cost anywhere between 12 & 20 billion - an even bigger sum of money! What has been forgotten is that the chances are that not everyone will choose to carry their medical record this way or will find it useful. I would probably choose to carry a USB device because I take regular medicines and so would my wife. Our three children on the other hand have no significant medical history or allergies so for them it would be pointless. Of course if they develop a medical problem in the future they can change their minds. So all 54 million of us will not use the system either from choice or simply we don't need to. The big plus is a sense of individual involvement in our own health. Of course patients are going to loose cards or USB devices but how about some imagination? Incorporate into a watch, a bracelet, a keyfob or a necklace. Not difficult and it need not be expensive. The NHS has a huge volume purchasing opportunity. 50 million USB devices is a pretty big order.- CEC

Overdue

09 Feb 07 23:14

Part of the 2003 vision and available then and now. We have the benefits of technoligical progress.

GP2USB GP2PDF?

10 Feb 07 00:49

hope this may help reduce the governance burden for the rest of us, if appropriate. If this company get beyond alpha tests I hope they will also meet the stringent standards we set in medical informatics in the UK. A box in every GP surgery will be RFA99 accredited, maintained by ... fed information from all the 15+ GP systems, and every bit as secure as the practice servers? What utility has the card though if the point of care has to have a reader (lucrative to sell these to every point of care - but unlikely to happen) so without a 'reader' what is the strategy, what penetration is needed to make it work for the patient, or are there standards for encrypted but overridable access in case of A&E unconsciousl presentation, again penetration is important: for 0.1% coverage will the 99.9% be challenged or searched for their card when in an ambulance? The fact this is a snapshot of with no legal status held in a (pdf? / Txt? / HL7 V3 with SNOMED CT ...?) will anyone make much use of this clinically or is it as a previous correspondent suggests a gimic. Even if it is, it may be a trail blazer for all sorts of things, after all the ipod started life as the walkman. Didn't someone tell me GPs were rather too busy to do additional work though? If our trendy clients do buy these they will do a lot of good for public acceptance for NPfIT, so that finally the barriers for governance will be set by real issues not the sceptres from SciFi hackers. Looking forward to finally getting beyond the 'other' GP summary, to the real work of portable records moving between interopearable systems supporting real clincal benefits! GP2GP is only now starting, GP2USB should not be seen as a technical advance. I would want to see a company URL to review their history, instant legacy would not be helpful.

Consultation - don't make me larf II

nhstechie@btinternet.com

10 Feb 07 08:58

... I did say that last bit of my posting was tongue in cheek, I guess bitter irony doesn't come across so well in a posting! ;-)

However many people you consult with, the chances are that a significant number of the 1 million+ people employed by the NHS will feel they weren't consulted with adequately. That said, even Richard Granger has admitted in public that CfH mishandled engagement.

The people who should feel aggrieved are those of us (including some distinguished BCS and BMA members) who made the effort to make their views known at an early stage - only to be see their views ignored and the problems they foresaw sadly come to pass.

URL

11 Feb 07 09:29

The previous poster was asking for the URL. http://www.healthecard.co.uk/ Got from the advertisment received at the surgery. I love the Referal letter automatically generated - but I suppose it is a slight advance on the "Dear Doctor, please see and advise" one!

Urls for company

someonewhocares2006@hushmail.com

12 Feb 07 07:55

http://www.healthecard.co.uk/ website registered to a person, not a company, company only formed last year...

Technical problems?

mary.hawking@nhs.net

12 Feb 07 09:40

I asked about this on another list - and there seem to be a number of problems , even other than implementation: does anyone have any other information? 1. "on a smart card .. plug in to any PC" Although the website (and advertisments) show a card with a USB terminal attached, this apparently does not exist: you need a smart card reader of some sort. 2. what really interested me was the information that the practice could upload all the patients' onto a smart card . "you create a 'unique secret pass-phase' for your surgery Health eCard. One card can hold the details of all your patients". I *wanted* this feature - again , no-one thinks it exists. 3. general opinion is that working on the Eurofighter - and even the Security Systems for the Euro-fighter - doesn't necessarily qualify you to design security for medical records...

Surely the approach being developed by Amir Hannan ( and previously repoted in EHI) of remote web-access is better? -Up to date (not just date of last download) -doesn't depend on remembering to take smartcard - and not lose it! - more secure

Only downside - he doesn't claim this system could generate those farcical referral letters! ;->

Could the developer be asked to post a reply to all the problems outlined in the responses, and BT be asked to comment?

Small is beautiful

12 Feb 07 11:03

Looking at the http://www.healthecard.co.uk/ site it is easy to be patronising. However what is patently clear is they have a clear set of clinical use cases and an implementable functional specification. What price these for NCRS? Achieving this does not involve consulting millions of users - just a small team of people who have a clue who are not primarily answerable to politicians.

The demos are using Version 2 Read codes to store clinical data. SNOMED is maybe wonderful in theory but still isn't used in UK GP systems. Finally I doubt they seriously considered HL7 Version 3.. else we wouldn't have seen anything for another decade ;-)

healtheCard may not have everything right but arguably they have everything right that NPfIT had wrong.

The Common Cold

12 Feb 07 15:49

I can't think of a better way of delivering a computer virus or trojan horse into a GP system. The GP even connects the device for you.

Re: Small is beautiful

12 Feb 07 16:17

One of the reasons for the persistence of early Read Code versions (eg v2) for around 20 years now is that they remain small enough to be implementable. For this reason, they continue to support primary care systems and - as we can see from the Healh eCard - are still being incorporated into new clinical applications.

It would not be at all surprising if - in another 20 years when NCRS, SNOMED, HL7 etc are likely to be long-forgotten - people were still carrying their Read Code based smartcards!

Has it been tried elsewhere?

14 Feb 07 11:33

Yes, a similar system was tried out in Australia and sadly significant numbers of patients failed to have their card with them at the critical times when such data would be helpful to their care.

Note from suppliers

16 Feb 07 16:30

From Jul Kornbluth, Joint MD of the HealtheCard

I have been asked to comment on the many postings above. On seeing them, Dr Krasner?s (my partner) short answer was 'Blimey'. My even shorter answer was 'Wow' Neither of us expected to stir up quite so much excitement. So let us try to deal with as much as possible, starting with the principles, and then dealing with the technical questions. Firstly we do not see the HealtheCard as an attempt to undermine or replace the Spine. We see it as an additional service complementing it. In fact we see benefits in the Spine that the card might never provide, in particular anonymised epidemiological studies and the long term consequences of certain treatments. However what the HealtheCard does provide is much improved patient involvement in their own healthcare. Another study in Australia to the one quoted above showed that patients who had their own records were substantially more likely to follow treatment plans and take the medication prescribed. This would lead to earlier attainment of targets by their surgery as well . Everyone a winner. The HealtheCard also means the 4 million people with homes abroad or travelling the world on business or pleasure will have their medical records in their pocket.

At the same time our overriding concern has been that all the data should be totally secure, something that Internet access can never provide. I wonder how many staff have access to medical data in the various central databases who are not even registered and provided with a NHS smart cards creating audit trails. Our next release of the software will also enable patients to store their digital images etc, data that will not be readily available via their GP's webserver.

Our solution might actually take the heat out of the Spine debate and by giving patients a choice on how their records are stored, enable the work on the spine to proceed out of the glare of all the negative publicity, and with less pressure to produce results quickly.

In terms of economics, please see CEC above. (thank you CEC). But if the card were to be adopted widely, it could ? and will - be dramatically cheaper. And the cost of downloads could become a service that GPs might be able to supply at much lower or no cost. Indeed if there would not be the charging element allowed by the contract, we could enable downloads after the initial one to be totally automatic, done by the patient without any intervention required by surgery staff. Cost to the surgery ? Nil. The founder of HealtheSystem wanted to make the cards free of charge too, but actually if people have to pay for it, they might look after it a lot better and not lose it too often! And the form factor ? credit card size ? means patients can always have it available, in their wallet. By charging for the card we are also able to provide our Writer boxes free of charge to surgeries. So the costs to the GP really are negligible.

We consulted a number of GPs and quite a few patients with medical issues during the design of the card, and we believe that we have a solution which is both robust and informative.

In the next release of the card, due in time for the release date in March the card will have additional systems built in which will secure the card even if the location does not have our two small boxes which control the type and flow of data and encrypt the downloads. We can secure the card so that only data stored though our system can be written to it. At that stage it will be 100% safe for any Consultant or hospital to insert the card into a USB port without fear of viruses being planted intentionally or unintentionally by a patient. We will also have an Emergency Access service in place by March which will enable patients to register their pass phrase with us in case of emergencies, something GP2GP GP2PDF worries about above. The automatic referral letter we create has a lot of details, including three years of test results and six months of consultations, so that secondary care clinicians actually have a good idea about their patient. And in future they will be able to update their systems without re-entering details.

Lastly let me assure Mary Hawking that the items she worries about do exist, we have them here and I would be happy to show them to her. But let me stress again that we are not planning to replace the spine, ours is a complementary service to involve patients in their healthcare above all else.

nothing new under the sun

smaskey@doctors.org.uk

16 Feb 07 21:45

The West London hospital - as was - ran a trial of a pt held obstetric record system using an early smart card in 1988! Access was slow & clunky - this was back in the days when you had a choice of OS on PC's - but clinicians said they had better access to records because the patients didn't forget or lose them (despite the fabled spongiform brain of pregnancy). Apart from slow access, I dont recall any major problems. Others might.