The Problem with Paper: Security

Date posted
3 December 2014
Reading time
8 Minutes
Colin Truesdale

The Problem with Paper: Security

Up until now, most of the spotlight regarding paper's failings has been placed on the impracticality of it - the difficulty in storing and sharing the information held within. Now, there is more attention on the danger to patients, in terms of quality of care and the confidentiality of that care. According to Cable.co.uk one fifth of data security breaches are caused by paper's insecurity - either being lost / stolen or disclosed incorrectly. As I have travelled the country, talking to many NHS Trusts over the years with Kainos Evolve?, I have heard countless stories of paper records being inappropriately accessed - in some cases it is as simple as a trolley of records left in a corridor, in others it is serious failings during transportation of records between locations. If anything, the rising use of offsite storage of inactive records is causing bigger issues when they arise, versus onsite storage (although obviously the cost factor is a significant issue here). When you break the Cable figures down, the main culprits for information governance breaches of this type are loss / theft, information "disclosed in error" or sending information via post or fax that is either for the wrong patient, or to the wrong recipient. Electronic Medical Records will go a long way to help mitigate the Information Governance risks inherent with paper-based care provision, but the challenge here is to make sure that all the bases are covered, whilst not creating a Change Management mountain. The areas of risk highlighted within the Cable report are diverse, and require several different aspects of EMR systems to help solve the issues presented: ?? Inappropriate access to sensitive information: With Access Control Lists, appropriate access is maintained, you must have the rights to access the information, even at the level of a single document or section within the patient record. As the EMR increasingly becomes a single source of information for the patient, across a range of specialties, sensitive information (e.g. Sexual or Mental Health records) will be included. It is therefore imperative that only those in the appropriate role can access that information. ?? Insecure sending - wrong patient / wrong recipients: At a conference recently, a presenter from a large NHS Trust said that at any one time, 20% of required paper-based information is missing, or has been sent to the wrong internal recipients. Within an EMR, sending is highly controlled, can only be performed by suitably privileged users, who must select the recipient from a pre-defined list, or is an automated action following the completion of a task such as a Discharge process. Auditing will ensure that any incorrect / inappropriate sending is traceable. ?? Transportation of records: Within a campus, transportation is obviously removed from the scenario - everyone has online, simultaneous access to the record. The bigger challenge comes for those providing community care. Today, community care is provided using records that are either insecurely held in the boot of a car, or are incomplete, as taking the entire record with the carer is impractical. Mobile access therefore brings a massive positive change for these carers, with the ability to securely synchronise the patient record to the device for subsequent access. The ability to securely remove the record from the device in the case of loss or theft must also be added to the requirements list. I have seen a real change in the market here in the last 18 months. Trusts procuring EMR systems today will now include mobility requirements by default, whereas previously this wasn't the case. I think that's an indication of the right solutions (physical device and EMR platforms) now being available and practical for community use. So, thankfully the correct steps are being put in place. With the announcement this week of further funding available ( £1.5b), targeted around efficiencies and those Trusts who are delivering on their commitments towards a Paperless NHS in 2018, activity and focus on this area will be increasing in future months. Busy times ahead for us in Evolve, but as the market leaders in the EMR space, we know that we have the right solution and people to really help make a difference in the quality and IG security of patient care.

About the author

Colin Truesdale