BMA chair says smart card policy 'preposterous'

Tags: A BMA CfH Data emergency iS Patient safety Safety Security South US

15 Feb 2007

Connecting for Health's policy of requiring doctors to repeatedly log-in with a smart card every time they use a computer system has been described as ‘preposterous’, by the chairman of the British Medical Association.

Speaking exclusively to E-Health Insider Mr Johnson said: “The idea that we have to log in and out of each terminal we use is complete nonsense. There is no reason why patients should be left waiting whilst staff log onto a system.”

Mr Johnson, who is also chair of the BMA’s Working Party on NHS IT, was commenting on whether he thought South Warwickshire NHS Trust were right to allow clinicians to share smartcards in the Accident and Emergency department due to the 60 – 90 seconds it took to log into there new patient administration system. http://www.e-health-insider.com/news/item.cfm?ID=2449

Johnson felt that the sharing of smartcards was “totally unacceptable” and they should be replaced with individual authentication methods such as lapels or devices that are pressed onto a reader when accessing confidential data.

He acknowledged that leaving the system open to anyone could lead to security flaws, but felt that new technology could make accessing patient records quicker for staff who need it.

“It is interesting, as we want it to be secure, after all we don’t really want cleaners getting access to our records, but I feel that as more and more smart technology is coming up, we can ensure that all security arrangements are in place and staff can quickly and safely gain access to any information.”

Mr Johnson felt that the use of smartcards for clinicians gave patients the impression that anybody could use them and risked hospitals appearing to be a “big brother state”. He suggested that the use of biometric technologies would mean authority levels were clearer to observers.

“For example, if you look at a pharmacy department, there are so many people doing different sorts of jobs. A patient seeing that would be happier knowing that only an actual dispenser was seeing their records and making the appropriate medication whilst the labelling staff were just accessing the labelling components and printing the right labels for the right medication.

“As well as reassuring the patient, this is less hassle for staff, so for me, having to log in and out each time the system is used is just meaningless.”

He said he also strongly favoured the creation of Role Based Access Controls (RBAC) to limit who sees what data and says work with Connecting for Health to create a firm set of job roles within a healthcare environment that will determine staff access rights.

“The BMA supports the development of access controls and moves towards a simpler model with fewer roles. We are working with CfH to come to a suitable agreement on a set list of job roles, areas of work and activities that will help to simplify these controls.

“It is imperative to us that patient safety is maintained at the highest possible level but any such controls do not impinge on working practices, and we are urging CfH to ensure that when the RBAC is agreed, it is piloted with doctors and all concerns are taken into account before implementation.”

E-Health Insider's full exclusive interview with James Johnson will be published this week.

Link

South Warwickshire authorises shared smartcard use

Readers Comments

better late than never, heh?

15 Feb 07 13:01

role based access, security, smartcards; surely this isn't anything new and therefore weren't the BMA involved from the beginning?

BMA involved?

15 Feb 07 17:35

Given Mr.Graingers view that the BMA can be compared to the National Union of Mineworkers probably unlikely they were asked for their views.

Not just doctors

15 Feb 07 21:04

Remember also all the oher professions who have a need to access some level of clinical data - Physio's, Nurses, Radiographers, the list is long. Take a busy Radiology department as an example, The Radiographers need to access previous imaging for the patient, previous reports, for in patients undergoing interventional procedures recent lab results and consents etc, Radiographer discharging requires access to a&e care plans. Now multiply that across multple diagnostic depatments, and the therapies, and nursing and .... This is not a simple role based level of granularity, I doubt any doctor has the slightest idea what goes on within these areas. I fear that what will happen is there will be a blanket "Oh they dont need access" review by some execsor consultants, then sooner or later someone will be harmed due to lack of informton being available to these key workers.

How do you know who has accessed what?

15 Feb 07 21:15

The whole point of every user on a computer system having their own access (smartcard or not) is that you can identify who has accessed what information at what date/time. Did the clinician read the medical alert before treament is a legal question often asked. Most systems these days can answer that question.

I have heard of Jeckyl and Hyde

15 Feb 07 21:29

I have heard of doctors who abhor smart cards on doctoring days, then advocate them on IT days .......

BMA Involved

gji@nhs.net

15 Feb 07 22:11

Before we were cut out of discussions, we were considering proximity dongles or thumb print readers etc, and I was shocked to be told the NPfIT had gone for Chip and Pin, which any person with any awareness of human factors would know would be abused on a daily basis to allow the job to get done.

He also strongly favoured the creation of Role Based Access Controls (RBAC)?

15 Feb 07 23:34

Funny, could have sworn RBAC was well in place already. LRS is a whole other story, though.

'A Doctor' knows, but who knows best?

16 Feb 07 00:00

Fewer roles means either more or less constraint to records. No logins means either less security or less reliable security (ever used biometric logins with gloves on?) Hot swap between users may mean hanging sessions? how long before their important data changes are lost? If IT suppliers can't do smartcard in less than xxx seconds, why would they be capable of sorting it with retinal scans!? Would the real experts please tell us what the answer is please.

BMA involved? Yes.

16 Feb 07 00:41

The BMA have been involved in this for quite some time - though they may not always have seen eye to eye with NPfIT/CfH.

GPSOC is a direct result of that engagement. See http://www.connectingforhealth.nhs.uk/search?SearchableText=bma

Smart cards not that smart

nick.hall@gp-m92024.nhs.uk

16 Feb 07 08:23

It doesn't take ages for pub and restaurant staff to use terminals with personal access so why does it take us ages to log on using NHS IT? The system is nowhere near flexible enough. Community nurses, midwives and other peripatetic workers will need multiple access rights and these will have to be changable within the GP practices by GP staff. Hospital Bank nursing staff etc will need the same flexibility. Smart cards will also need to be issued to workers outside the NHS: hospice staff and social workers for instance

8 seconds

Neil.Bhatia@nhs.net

16 Feb 07 11:06

It takes me 8 seconds (I've timed it) to login with my smartcard, from sticking the card in to the reader to being "logged in".

Identity Agent 10.00.05a has made it much much faster to log in. 60-90 seconds shouldn't ever happen - and is unworkable, obviously.

Demeaning and defamatory

stewart.smith@cd-tr.wales.nhs.uk

16 Feb 07 13:09

I will limit my remarks to the scurrilous comment "after all we don’t really want cleaners getting access to our records". How dare you - Physician, heal thyself.

Dr Ingrams comment

16 Feb 07 16:01

I'd be interested to hear more from Dr Ingrams about the BMA/doctors being cut out of discussions. Was that really the case? Shocking if true and also a shame that their preferred approach was ignored. Was the smartcard approach really so vigourously opposed?

Not just smartcard issue

16 Feb 07 20:11

It is not just Doctors who need access, many support staff are entrusted with sensitive data, and simplistic, nationally forced RBAC cuts across the local knowledge and trust of individuals.

But the Smartcards are not to blame alone. Pubs use swipe-cards quickly, and Smartcards could work on a proximity basis (so long as you resolve who is closest !).

The problem is more about the end to end user experience of the handshaking between the myriad remote systems, and the apparent failure of CfH, despite much prompting, to recognise that users need this to be slick.

And rather than negotiating additional layers of complexity with the likes of Microsoft, CfH should be working to eliminate steps to cut the access times. Biometrics are not a panacea.

A more elegant solution

sjrickaby@vodafone.net

17 Feb 07 14:05

As a Radiographer and a Systems Manager I have to login in to a variety of systems at least 30 to 40 times a day, which is a pain. What I'd love to see implemented is a system of RFID keyboards, wristbands and compatible software.

See:

http://www.pcmag.com/article2/0,1895,2005450,00.asp

I'm not saying it would be easy to develop, but it would be incredible easy to use. You could leave all the applications running and not have to worry about security at all. The system would simply detect your presence before you typed anything.

bma cut out - nonsense

18 Feb 07 11:44

Grant Ingrams is disingenuous in suggesting that the BMA has been cut out of system development. There are many stakekeholder engagement opportunities ranging from the BMA IT working warty, the National Advisory group and countless others to which the BMA and other stakeholders have representatives. The development of new ways of using devices to speed identity management has been driven jointly by the professions and the technologists, biometrics having been considered. The rate limiting factor in stakeholder engagement is always clinician time and ability to meet and consult. Gillian Braunold NCL General Practice

make your blooming minds up!

nhstechie@btinternet.com

18 Feb 07 17:41

I find this absolutely fascinating, if not more than a little frustrating. Back in 2003, I sat through what felt like a very long day at an Information/Clinical Governance conference organised by the NHS IA in which a very senior protagonist from the BMA was arguing strongly for an extremely complex role based access model which:

a) differentiated between various grades of doctors, consultants and lesser mortals such as AHPs and nurses

b) allowed access to be restricted to only those clinicians directly involved in the direct care of an individual patient

Many of the techies present (and a fair few clinicians) argued that this would be extremely difficult to develop and would require a fundamental shift in working practices if exactly the problems Mr Johnson describes weren't to be introduced.

The BMA view prevailed and feedback to this effect was given to the technical architects from NPfIT who were there as part of the consultation process. The RBAC and sealed envelope proposals were the result!

Some people have very short memories and the BMA seems to flip-flop between the two extreme views on a daily basis.

Stakeholder time ..

colin@clinformation.com

19 Feb 07 10:08

I'd take issue with Gillian Braunold's suggestion that clinican time was "always" the rate-limiting factor in effective engagement. There has to be the will on the part of any programme to consult with its stakeholders and to be open to criticism. There was little evidence of this in the early days of NPfIT when meeting deadlines for agreeing LSP contracts appeared to be the over-riding concern.

I'd argue, that what's now being solicited by CfH is not meangingful engagement, but simply an invitation to help sort out a succession of emerging serious issues against the backdrop of a fait accompli in terms of systems specification.

Hardly surprising, then, that busy professionals don't always see this as a high priority.

Dr Braunold's comments

23 Feb 07 12:50

Similar to Colin, I disagree with Dr. Braunold's claim that clinician time & availability are the limiting factor.

From the initial development of the spec to the negotiation of the contracts, there has been far too little involvement of clinicians who know informatics. I took part in a working party of the NHSIA in 2003 but the entire effort was disbanded within a few weeks.

And as my description of the CRDB meeting etc show, CfH were deaf to various concerns & criticisms of their approach, right at the design stage. I asked enough questions of Cyril Chantler, Richard Granger et al at the time.

A cursory read of my blog demonstrate that I have been banging the drum about the lack of clinical involvement for at-least the past 3 years.

At this stage, asking us to pull your irons out of the fire but still proffering no serious co-operation shows how out of touch the entire apparatus is. I do not see the current systems as worth very much & will be going back to the drawing board.