NHS national programme for IT criticised over system's security
and lack of confidentiality.
Whitehall officials are facing a series of new disclosures over
the NHS IT programme as they try to rebuild confidence in the
multibillion-pound scheme.
They had to deal last week with criticisms over IT security and
the lack of confidentiality of patient information, and with a
failure of the data spine "backbone" after doctors were told the
service was back to normal.
It has also emerged that a planned reorganisation of the NHS by
the government is likely to lead to significant changes in
contracts and plans of the national programme for IT (NPfIT).
Last week staff in GP surgeries were able to use their
smartcards to read the personal details of patients who were not
under their care. The central "Choose and Book" system imposed no
block on how much information staff could see, whatever their
roles.
Although the systems do not yet contain medical records, they
hold sensitive information on some disabilities and online
appointments made with consultants. The personal records also
showed patient passwords, and allowed the user to alter a field
which indicates whether the patient refuses consent for their
records to be shared nationally.
Information between patients and doctors is regarded by the
British Medical Association as sensitive and confidential. Even the
existence of an appointment with the GP is classed as sensitive
information. But staff in GP surgeries last week looked up details
of patients not registered with their practices.
In the past, GPs have been assured by officials that the system
would impose restrictions on what information staff could view or
change according to the role assigned on their smartcards.
Paul Cundy, a spokesman for the BMA's GP committee, said he was
concerned about the apparent lack of restrictions on viewing
patient details in the Personal Demographics Service and Choose and
Book screens, part of the NPfIT systems.
GP Paul Thornton, who has written a paper on the NPfIT and the
need for patient records to remain confidential, said, "Proper
access controls are crucially important for protecting patient
information and despite the reassurances of ministers, they are not
yet in place."
A spokesman for Connecting for Health, which runs the NPfIT,
said, "There have not been security lapses. Only staff with the
right role allocated to them can access the Patient Demographic
Service with a smartcard and their own unique password."
He said access to demographic data was crucial for health
professionals to ensure they are able to identify the patient
correctly and access and record information on the patient they are
treating. Further access rights are required to see clinical
information.
But doctors were critical of Connecting for Health's response.
They said their trade associations have not agreed that any
employee with a smartcard can access patient demographic
information.
Nor, they said, has it been agreed that anyone with a smartcard
can access details of patient appointments, their passwords,
information on some disabilities, or change the "consent" field to
sharing records.
The Information Commissioner's Office, which polices the Data
Protection Act, said it was aware of concerns among GPs over
alleged security weaknesses in the systems and its staff were in
talks with Connecting for Health.
Meanwhile, the national data spine, a backbone of new national
systems, suffered a protracted failure last week after Connecting
for Health said the service had returned to normal following
serious faults in December and early January.
A Connecting for Health memo seen by Computer Weekly dated 30
January said users nationally could not authenticate smartcards and
therefore could not access any spine-enabled systems. BT, the
spine's supplier, was investigating the cause.
These failures are hitting confidence in the systems that have
been delivered. A report for the January board meeting of Southwark
NHS Primary Care Trust, for example, said there had been some
successes with implementing Choose and Book systems.
But the lack of availability of systems had "damaged GPs'
confidence in the system". The paper said problems were
continuing.
The government's planned organisational changes in the NHS,
under the banner of a "patient-led NHS" are also likely to have
serious implications for the NPfIT.
A paper presented to the board of West Midlands South Strategic
Health Authority, dated 25 January 2006, said, "The proposed
organisational changes and mergers to implement 'Commissioning a
Patient-Led NHS' will require significant rework of current NPfIT
plans and contracts."