Seven per cent of doctors are mad: Official
Don't trust NHS IT
British doctors are almost unanimous in not trusting the government to adequately secure patients' medical records.
A survey from the British Medical Association found that 93 per cent of doctors are "not confident patient data on the proposed NHS centralised database would be secure". Which makes you wonder which newspapers the other seven per cent of doctors read.
Eight out of ten doctors would not want their own medical records on the system, and nine out of ten did not feel they could assure their patients that their data would be safe.
Some doctors are already taking action by opting out themselves and encouraging their patients to do the same. TheBigOptOut.org, backed by No2ID, is providing information for GP surgeries keen to take a stand.
Today's example of government data security failure comes from GP's magazine Pulse which used Freedom of Information requests to find out how many NHS smartcards, used to access patient records, have gone missing. Some 4,147 cards have been lost or stolen out of a total of 438,314 issued. Eventually 1.2m cards will be issued.
Mike Small, EMEA director of security management strategy for CA, told the Reg: "If the government followed the same security guidelines which it requires its suppliers to follow we wouldn't have these problems - it's about management and execution not legislation. ®
Twice. The first time it took 6 months to get a replacement, the second time I still await one. It hasn't made a big difference, since the application it is intended to provide access to - Choose & Book - doesn't work (it does for 40% of GPs, I'm one of the other 60%).
The effective, working GP software was written initially by GPs, or developed by companies and other groups controlled by or heavily involving GPs.
And we have been looking after medical records since Hippocrates, and controlling automatically searchable ones since Cope-Chat. (Not Babbage, alas)
I'm a GP too...
Let's look at what happens in real-life. I send a patient into hospital as an emergency with a detailed paper printout from our comprehensive GP computer clinical records (we've been computerised for 20 years), which lists in a structured way their past medical history, recent medication, recent investigations, and recent consultations with me (their GP). The doctor in Casualty says - "I haven't got time to read that" and ignores it. That same patient during that admission gets prescribed drugs to which they are either intolerant or allergic. (The first section of the printout after their address lists Drug Allergies/Intolerances)
The reality is that:
a) A&E doctors are probably too busy to go and log on to the Spine to get the records of a patient (the "security" required means that it takes ages to log on - and do you think that the doctor will immediately log off the A&E workstation when they have accessed the patient's details - or will they leave it logged on to save time when dealing with the next patient in 10 minutes? Anyone see any problem with a doctor leaving an unattended A&E workstation logged into the Spine while they attend to a patient...?)
b) A lot of hospital doctors cannot be bothered to read anything sent in by GPs (patients have also described consultants in outpatients saying to them "I can't be bothered to read this [detailed letter sent by me] - tell me what's wrong with you")
c) The information on the Spine will not necessarily be up to date. A patient may have been seen by someone without the ability to update records on the Spine, and diagnosed as allergic to penicillin. Good clinical practice is to ask EVERY patient when prescribing a drug if they are allergic to anything. The unconscious patient requiring immediate antibiotic scenario is incredibly rare - and they are in the best possible place to deal with any allergic reaction anyway.
d) A simple diktat by the Government would allow access to e.g. pharmaceutical or Insurance companies to patient data (for a fee, of course). Once the data is on the spine, it ceases to be "owned" by the original creators of the data and can be used by the new data owners as they see fit with no real means of sanction from the original data owner. Apart from the fact that if your data on the Spine (most of which will originate from GP) was leaked to an inappropriate third party, you could probably successfully sue your GP for breech of confidentiality!
Not a single patient record from our GP practice in St Helens will be submitted to the Spine undwer any circumstances - I have been speaking out against the scheme ever since it was first proposed, as have many other GPs. Our voices have been completely ignored by central NHS management.
Dr Laurie Miles
I'm a GP too
There is no medical benefit whatsoever in having your whole health record online. If you have an odd illness, an alert bracelet will work just fine, and be far more reliable, even if they do look a bit naff.
But the bottom line is that the spine is the biggest Trojan in the history of computing. Doctors know there are minimal health benefits. Put simply, most of the time we don't need the full notes. What we need is a précis.
In Wales, already we have a cheap effective system, where key, non-confidential medical problems, and current medication for each patient is summarised, uploaded nightly, and accessible only by other doctors via a secure NHS only network. It's all that's needed for healthcare, and all I as a GP would need when treating a patient I don't know.
The Spine is about giving your full medical record away to private providers, to allow private companies to operate within the NHS, and to allow other agencies (social services certainly, police probably) to also have basic data on the UK population.
And on top of that, would you want your full medical record, available for anybody with an NHS connection to read. Because you know full well that in an organisation as massive as the NHS, there are bound to be at least a planeload of hapless idiots who hasn't got a clue how to secure their PC.
As for the anonymous coward. If your wife was a secretary in the NHS and you'd caught a dose of something suspicious needing a discrete clinic visit, or if you were running away from an abusive family, would you still be happy for your record to be on the spine? It's easy for the healthy and smug to say we have nothing to hide. You don't have anything to hide. But real life isn't like that.
As for paper notes and the Bahamas - you plainly have no clue about how modern General Practice works, and I find your suggestion that we'd breach our patient's confidentiality with a non healthcare professional crass and insulting. Perhaps you should pop over to Wales to see how a simple straightforward, integrated IT system works to quickly benefit patients. And any of the IT experts here would tell you that what the NHS needs is a series of databases that have a standard system of communicating securely with each other, and not one big, ridiculously expensive database that anybody with any knowledge of the history of government IT, knows full well is not going to work.
All the spine should be would be a protocol for existing IT software to intercommunicate.
The fact that it doesn't do this, and that the filesize is a lot biger than you'd expect confirms it's a Trojan.