Have the Tories got the answer to the NHS IT problem?
Well – sort of.
As a tax paying citizen, I am horrified at the £12.7 billion costs (and rising) of the current NHS National Programme for IT (NPfIT) programme. As an individual, I have no confidence, along with 90% of the population, that my personal information and medical records will be secure. But, as a patient, I recognise that my ‘brown manila file’, currently in a pile in a corridor somewhere, is not the answer.
I understand that the NHS have declared that personal medical records (a big, expensive and necessary job to computerise these files) held on their central database will be available not only to medical professionals but also sold to private organisations. This is what Philip Virgo wrote on his ‘When IT meets Politics’ blog back in October 2008
"Stop whinging and respond to the consultation on "Additional Uses of Patient Data". Once I have "joined", I get my number/password/security device and can visit the website: to volunteers for research panels, join patient groups, make donations to medical charities, get discounts on health care clubs and insurance, etc. etc. - but my data is owned by me, under my control and I decide who sees and uses it: the approach of PAOGA and its clients, rather than that of the Secretary of State, who claims to "own" my medical record."
The NHS have also declared that patients will have the right to 'opt out' which poses the question – “Where to?” I asked Richard Grainger [then in charge of the NPfIT] this question back in 2002 when the NHS IT project started and he, grudgingly – for that was his way - admitted that I could ‘opt out’ and get a jiffy bag full of unintelligible paperwork. I know this to be true as I has previously had reason to request a copy of my mother’s medical records and was shocked at the state of the paperwork provided.
I have been extolling the benefits and virtues, ethical and financial, of what is now called VRM (Vendor Relationship Management) as the reciprocal to enterprise-centric CRM for some years now. During that time the 'trust' of the consumer/citizen/patient has been severely shaken by the continuous reporting of personal data loss and abuse in both the public and private sectors with little evidence of any accountability beyond a weak apology and promise to 'tighten up the rules'. I sincerely hope that a new government will provide the Information Commissioner’s Office sufficient resources to strictly enforce the Data Protection Act.
This loss of 'trust' will encourage many individuals to seek an alternative for securely managing their valuable personal information, including medical records, and that is what Shadow Health Minister, Stephen O’Brien is proposing following the independent review of NHS IT, chaired by Dr Glyn Hayes. What has been reported seems to address my ambition to take responsibility and manage my personal information ‘under my control, with my consent, for my benefit’.
Given the record of security of current data held on government silos (not encrypted but ‘password protected, copies stored and transported on CDs, memory sticks and laptops with no audit trail of responsibility) undermines the concern expressed by the government. Cloud Computing allows properly architected applications to enforce data encryption, stored and in transmission, as well as automating backup and IAM (Identity Access Management) audit trails – who accessed what data, when and why? I know which I trust more.
As a citizen/individual/patient, what I would like is the ability to:
- Maintain and synchronise a copy of my NHS medical data in my Personal Cloud.
- Be able to add other health provider data such as BUPA, Dentist, Chiropractor, etc.
- Include health related information such as diets and exercise regimes.
- Be able to publish my ‘In Case of Emergency’ details as appropriate including Allergies, Medication, GP & Next of Kin contact details, Blood and Organ Donor wishes and permissions.
- Allow trusted professionals, such as my GP and Dentist, to write to my data in a format that I can read or share but NOT necessarily change.
- Share relevant health data with appropriate third parties such as insurance companies, employers, etc.
- Offer access to my anonymous medical records to medical research companies and charities if appropriate.
- Offer access to my anonymous medical records to commercial organisations, such as pharmaceutical companies, in exchange for a fee (which I may choose to donate to a charity).
- Know that I have access to my medical records and recent/current prescriptions at anytime, anywhere.
- Grant access to my next of kin and carers (e.g. an elderly patient to their children).
- Know that I have an audit trail of all, changes, updates, permissions and accesses to my records.
- Know that my data, documents and records are automatically and uniquely encrypted, protected and stored in accordance with my privacy requirements and that compliance with my rights under DPA are enforced.
- I don’t wish to appear xenophobic about this but I would not be comfortable having my medical records stored outside of the UK under their Terms & Conditions over which I have no legal right of access or protection of the Data Protection Act or European Human Rights Directives.
"Graham's significant point is that giant US based conglomerates are not beholden to us or to our puny laws, whether British or European. They write the terms and conditions, and we get the choice. We accept what they write in its entirety, or not:. . . nor all thy Piety nor Wit Shall lure it back to cancel half a Line, Nor all thy Tears wash out a Word of it. Cameron is not yet in power, but it would be a foolish man who bet against him. He and his advisors need to be made aware that companies like PAOGA can keep this data secure and in our own hands, not left to the whim of foreign corporations and governments The first duty of any government is to protect its own citizens. I do not believe that duty will be best served by handing over our personal data to a foreign power."
Graham Sadd, Chairman & CEO of PAOGA, has been researching and developing ‘user-driven’ VRM applications respecting individuals’ privacy for many years.