How can confidentiality of digital patient records be ensured?
As reported last week, the benefits of better data are clear and NHS Lothian, as the example, does not intend to place unnecessary restrictions on clinical staff needing to access critical information to save lives and to respond to the needs of the 800,000-strong patient population. However the public is growing concerned about how their information is shared and how access to it is controlled.
With this in mind, NHS Lothian is the first of 14 health boards in Scotland to bring in automated privacy monitoring. Suspected breaches can be stopped before they can escalate into serious incidents, and better internal intelligence means staff can be addressed on awareness and cultural issues head on.
Through automated privacy monitoring algorithms can be used to proactively trace potential improper accesses. Very large amounts of data from multiple systems can be processed in just a few hours each month and anything that needs to be investigated further can be flagged up quickly.
Opportunities to misuse access to patient data and the temptation to peer into personal information have the potential to grow as electronic records are shared more widely within health boards. But NHS Lothian can now identify patterns that highlight when staff may be looking at the records of colleagues, family members or neighbours along with other inappropriate accesses.
In essence, NHS Lothian can now monitor whether access to records is potentially being abused. And we have already significantly reduced the number of suspected breaches.
Technology alone is not the answer. Preventing inappropriate access to medical records is a human issue and key to achieving safety for patient information has been senior level buy-in – a steering group was established with NHS Lothian's Caldicott Guardian, senior human resources staff, members of the information governance team and union representatives to agree on a consistent approach for dealing with suspected breaches and the people involved.
Alistair McLeod, Clinical Applications and Integration Manager at NHS Lothian writes: “Without this broad senior support, there was a risk that potential disciplinary action taken against staff on the back of our intelligence could have been inconsistent. Now when we identify suspected breaches through our automated monitoring system we can be sure that line managers and HR teams will investigate correctly and consistently.
“Effective intelligence has allowed us to issue warnings to staff who have breached policy. And a large-scale communications campaign has been targeted at all staff to remind them of their obligations. Every individual has been written to as part of this campaign, messages have been placed in payslips, data protection slides are included on clinical application training courses and annual roadshows are being delivered to larger sites.”
All health boards across Scotland are set to implement automated privacy monitoring. At NHS Lothian the biggest benefit has been to patients. They can be reassured that their information is protected with the knowledge that only people who need to access their information are doing so correctly and appropriately. As data are shared increasingly throughout NHS organisations this is something that every health board and trust should consider.