This article from the Times Online highlights the current status of Summary Care Records (SCRs) and how the British Medical Association (BMA) has expressed concerns that they believe that patient medical records are being uploaded too quickly.

SCRs will eventually link about 30,000 GPs and 300 hospitals to provide better coordinated patient care through online appointment systems, electronic prescriptions and faster computer links. Under the National Programme for IT, the aim is to create electronic records for 50 million people in England. So far, about 12 million patients in England have been sent leaflets with details about the new SCR system.

The system is designed so patients can opt-out if they do not wish for their information to be shared. However, the BMA is saying that the scheme is being rolled out too quickly and patients are not being given enough information to enable them to make an informed choice.

Hamish Meldrum, chairman of the BMA said: “The break-neck speed with which this programme is being implemented is of huge concern.....If the process continues to be rushed, not only will the rights of patients be damaged, but the limited confidence of the public and the medical profession in NHS IT will be further eroded.”

In December, the Department of Health (DoH) announced the acceleration for rolling out the system, but it has since been criticised for concerns over its security and a lack of enthusiasm from GPs.

In a separate article from Silicon.com, they highlight how the DoH has spent over £700,000 on a project to study the impact of introducing SCRs with the results of the study due to help informed the wider rollout of the system.

However, despite the fact that the BMA claim they were given assurances by the DoH that a national roll out would not proceed until the study's findings were published, it appears that the DoH are continuing with the mass roll, giving Strategic Health Authorities until March 2011 to create their records.

Whilst SCRs have the potential to save patients lives by enabling doctors unfamiliar with a patient to see an overview of their medical details - for example an out-of-hours doctor - not enough is being done to communicate the benefits of the system and this could prove disastrous for the success of this scheme.

In an independent survey of patients in areas where the SCRs have been piloted, it was found that seven out of ten patients were unaware that SCRs were being created.

To read the articles in full, please click the links below:

Times Online

Silicon.com

In this latest whitepaper from software giant Symantec, it highlights the main security trends that organisations must be aware of in order to protect their equipment and IT infrastructures. These threats include:

Anti-virus is not enough
Malicious programmes are being created at a faster rate than good programmes which are designed to protect your systems.

Social engineering as the primary attack vector
More attackers are targeting the end user, attempting to trick them into divulging sensitive information.

Social networking third party applications will be the target of fraud
We are continuing to see huge growth in the popularity of social media sites. Some of the applications available on these sites are designed to obtain your personal information or gain access to your computer.

Fast flux botnets increase
This is a technique used by attackers to hide phishing and malicious websites and it's becoming more commonplace across the Internet.

URL shortening services will become the phishers best friend
When faced with a 'short URL' it's impossible to know where you will be directed to. This means that phishers can easily disguise their malicious sites and lead users astray.

This whitepaper isn't supposed to scare users into thinking they're constantly under attack from Internet fraudsters; it's designed to make you more aware of the security threats so you can put in place appropriate processes to protect your network.

Many of these processes will involve the end users themselves - for example being wary of suspicious emails, not giving out personal information online and not clicking on URL's if you don't know the site they're taking you to - others will stem from the IT department who will need to have appropriate anti-virus and encryption software in place.

To read the whitepaper in full, please click here

The BJHC&IM has highlighted the results of a recent survey, of 1,200 people across Britain, by Dictate IT.

The survey found that whilst 89% of the public believe that it is possible to increase efficiency within the NHS, 70% think that information technology in NHS trusts contributes towards better care for patients.

To read the story in full, please click here

NHS Chief Executive David Nicholson has introduced Board Exchange, a new online environment which provides NHS trust boards with access to principles, tools and resources that will help members share ideas and best practices to the benefit of patients and the local community.

In this video, David Nicholson introduces the new Healthy NHS Board principles and talks about how they have the potential to improve board performance. Meanwhile, Elisabeth Buggins, Steve Barnett, Yvonne Nugent and programme managers Gerry McSorley and Geoff Wedgwood, talk about how Board Exchange will bring together the latest thinking and best practices in a way that gives every board member the chance to participate and learn.

To watch the video, please click here

This week we announced the newest members of our healthcare team – Keith Eyles and Tim Henstock. The latest additions will be responsible for account development at Hytec, presenting information security, mobilisation, systems integration and managed services solutions that enable health trusts to benefit from the Information Sharing Agenda.

Our Managing Director, David Bryant, said: “The addition of Keith and Tim to Hytec's healthcare account team will enable us to extend our coverage and reach more trusts.  Their market and technology experience will also be invaluable in delivering solutions that support both clinical staff and PCT professionals in their day-to-day work." 

To read the release in full, please click here

We asked a local GP: "Are you worried about data security?" This is what she said:

"Data security concerns me because I don’t think we have adequate systems in place to protect patient information."

"It’s often the case that we leave patient information visible on computer screens, so when the cleaner or whoever else has access to the surgery comes along, they can read a patient’s medical record."

"Another big problem is communicating information with the hospital. If a referral is urgent, we have to fax the information to a secretary in the hospital. This fax includes the patient’s name and details – all it takes is for us to dial one wrong digit and the confidential information could go anywhere. We don’t even get an acknowledgement to say the hospital has received the fax. We’re constrained by PCT policy as we have to make urgent referrals on the day we see the patient, but the hospitals won’t accept or there is no system for electronic referrals."

"I also have a real issue with the PCT doing audits and accessing patient identifiable information. The PCT prescribing lead often comes to the surgery to audit us. When she comes to assess us for QOF, she wants to see our mental health parameters. I don’t think she should be able to view patients’ records and see confidential information – but the PCT insists on auditing our QOF data. We have a device that we have to physically put over our screen to block out the patient’s name and protect their privacy. The whole system is ridiculous."

"I know smartcards are supposed to be the answer to all of this. I have one but I don’t use it because at the moment my computer isn’t even equipped to take it."

Have you seen the latest feature on security and information governance in E-Health Insider?

Following months of data security breaches, reporter Daloni Carlisle investigates possible solutions to help healthcare organisations fulfil their obligations to keep patient's details safe.

In this special feature, Hytec's Director of Information Security Alan Hunt gives his advice on data security along with other industry experts.

To read the article in full, please click here

This weeks Computer Weekly (page 21) highlights a common security issue - passwords.

A recent survey of 32 million passwords by security firm Imperva has highlighted the most common passwords we choose to protect our data. The top 10 are:

• 123456
• 12345
• 123456789
• Password
• iloveyou
• princess
• rockyou
• 1234567
• 12345678
• abc123

Using a weak password, like the ones listed above, will leave your information vulnerable and prone to attack. By following these five simple steps, you can be sure that your data is safe and protected.

Step 1) Always use strong passwords. A strong password:

• Is at least seven characters long
• Does not contain your user name, real name, or company name
• Does not contain a complete dictionary word
• Is significantly different from any other passwords you use
• Contains uppercase letters, lowercase letters, numbers and symbols

Step 2) Never write your password down or share it with anyone

Step 3) Don't use the same password for everything

Step 4) If you believe someone knows your password, change it immediately

Step 5) Don't allow your computer or Internet browser to save passwords for you

To read the story, please click here

This article from the BJHC&IM highlights how hospital data centres may not be ready for the rapidly increasing demand for data storage that more patients and the move to digital information are creating.

An international survey of small and medium hospitals, by the HIMSS Analytics and sponsored by Dell, asked IT executives to assess the readiness of their hospital data centres to support new information demands such as electronic medical records.

The results showed that as well as demand on the data data centres increasing between 20% - 50% over the next two years, the UK IT executives face a number of challenges if they are to efficiently manage new information demands. These include:

• A lack of security standards
• Declining budgets - 50% of IT executives indicated that their IT budgets would decrease in the next two years
• Administrative efficiency as the top IT priority - rather than technology at the point of care
• Scaling and management of storage

Jamie Coffin, Vice President of Dell Healthcare and Life Sciences commented: “We must ensure that all hospitals — large and small, new and existing — are equipped with the right IT infrastructure to support information demands today and in the future. We cannot simply throw servers and storage at information demand or complexity will over-run IT budgets and leave little support for the strategic HIT priorities which support healthcare reform and business initiatives.”

To read this story in full, please click here

To read the story in full, please click here

"NHS Connecting for Health (CfH) has said organisations still using Microsoft Internet Explorer 6 should move to IE7, following security concerns about the older browser."

This story from E-Health Insider explains how flaws in IE6 have led to attacks from hackers, leaving computer systems vulnerable and exposed.

CfH issued guidance telling trusts to obtain a patch update to resolve the issue in the short term. The guidance continued by recommending that "Organisations still using Internet Explorer 6 on the affected platforms upgrade to Internet Explorer 7. Internet Explorer 7 has been warranted to work correctly with Spine applications such as the Clinical Spine Application and provides additional security features over Internet Explorer 6.”

If you are unsure of how to deal with this security threat, CfH are advising all trusts to contact the Department of Health Informatics Directorate Infrastructure Security Team.

To read the story in full, please click here

Charles Gutteridge will today begin his appointment as the UK's first national Clinical Director for Informatics.

Having previously worked as Medical Director and Caldicott Guardian at Barts and the London NHS Trust, he has now been appointed to provide a clinical perspective on how new technology should be introduced in the NHS under the National Programme for IT.

The role, which was previously overseen by Director General of IT Richard Granger, is now performed by four people within the Department of Health (DoH):
 - Christine Connelly, CIO
 - Tim Donohoe, Head of Programmes and Operations
 - Carol Clarke, Head of Resources, Services and Governance, and
 - Charles Gutteridge, Clinical Director for Informatics

Charles describes his role as encouraging "dialogue between clinical staff, patients and informatics providers," adding, "My colleagues know that good, accessible information enormously raises the quality of treatment and diagnosis we can provide to the public."

To read the story in full, please click here

Earlier this week, Justice Minister Michael Wills laid a statutory instrument before Parliament setting a £500,000 fine for companies that fail to protect sensitive personal data. Under the legislation, the Information Commissioner's Office (ICO) can fine companies if "the data breach resulted from a deliberate act or negligence and is likely to cause damage or distress to an individual."

Between 2007 and 2009, 209 NHS health trusts and bodies suffered data security breaches. At present, the ICO only has the power to serve companies with an enforcement notice requiring them to improve data security or face legal action. Unless Parliament objects to the proposal, the legislation will come into effect from the 6th April, and companies failing to comply will be forced to pay the £500k fine.

To read the story in full on Silicon.com, please click here

In this article from the BJHC&IM, the results of a recent study into social networking and collaborative applications such as Microsoft SharePoint are revealed.

Over the last 6 months, use of social media has increased dramatically:

• Twitter usage by 250%
• Facebook usage by 192%
• SharePoint usage increased 17-fold, and
• Blogging and wiki editing increased by a factor of 39

However, as more people use these web-based applications, security risks increase. However, many organisations now have outdated IT infrastructures or usage policies that fail to protect them from these growing risks.

The survey revealed that of the 255 web applications in use, 70% are capable of transferring information. Of these 70%, 64% have known vulnerabilities, 28% are known to propagate malware, and 16% can tunnel other applications. Whilst most are not necessarily malicious, some are specifically targeting social networking sites such as Facebook and are designed to hijack your accounts to steal your personal information.

Whilst some organisations are taking a blanket approach and banning all social media, this is not always the right approach as collaborative technologies can also deliver many business benefits. The key to managing the risks associated with social media is to ensure that your systems are designed with security in mind, that your security software is up-to-date and that you have an appropriate usage policy.

To read the story in full, please click here

Have you seen our latest article in the BJHC&IM: "Secure information systems are the foundation for co-ordinating health and social care"?

Below is an extract:

"By 2022, 20% of the English population will be aged over 65 and by 2027 the number of people aged over 85 will have increased by 60%. As well as putting more demands on our healthcare system, this increases pressure on social care organisations as they face growing numbers of patients with complex conditions such as dementia and chronic illnesses associated with old age."

Hytec's Director of Information Security Alan Hunt continues by outlining some of the current initiatives for co-ordinated care, and explains how safer information sharing is a key factor.

British Journal of Healthcare & Information Management - Click here to read the article in full

Have you seen our article published in Management in Practice?

In the article Hytec's Director of Information Security, Alan Hunt, highlights several IT security dangers that you should be aware of, and best practice for overcoming them, including:

1) Good Practice Guidelines
2) Information Governance Toolkit
3) Connecting to N3
4) Mobile and remote working
5) Role-based access
6) Allowing others to connect to your network
7) Safe computing
8) Storing data on devices
9) Caldicott Guardians
10) Further advice

To read the article in full, please click here

In recent months there have been several stories reported about data security breaches with thousands of patients’ records being lost or stolen. Information security is no longer just about technical compliance; it’s an issue of public concern. In particular, the Information Commissioners Office (ICO) is looking to fine organisations that fail to adhere to the Data Protection Act.

The Data Protection Act says: “Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.”

However, the ICO states that: “There is no ‘one size fits all’ solution to information security. The security measures that are appropriate for an organisation will depend on its circumstances.”

Therefore to help you, we are highlighting some key areas for you to address. The following exerts on information security are taken from Principle 7 in the ICO’s “Guide to Data Protection”.

What needs to be protected by information security arrangements?
The requirements of the Data Protection Act go beyond the way information is stored or transmitted. The seventh data protection principle relates to the security of every aspect of your processing of personal data.

So the security measures you put in place should seek to ensure that:

What kind of security measures might be appropriate?
The Data Protection Act does not define the security measures you should have in place. However, particular security requirements that apply within particular industries may impose certain standards. (e.g. the Department of Health’s ‘Good Practice Guidelines’)

Physical and technological security, and management and organisational security measures are likely to be essential.

Management and organisational measures
Carrying out an information risk assessment is an example of an organisational security measure.

Not every organisation will need a formal information security policy, however all organisations will need to be clear about related matters such as the following:

Staff
It is vital that your staff understand the importance of protecting personal data; that they are familiar with your organisation’s security policy, and that they put its security procedures into practice.

Physical security
Physical security includes things like the quality of the doors and locks, and whether premises are protected by alarms, security lighting or CCTV. It also includes how you control access to premises, supervise visitors, dispose of paper waste, and keep portable equipment secure.

Computer security
Your computer security needs to be appropriate to the size and use of your organisation’s systems and your security measures must be appropriate to your business practices. For example, if you have staff who work from home, you should put measures in place to ensure that this does not compromise security.

Computer security is constantly evolving, and is a complex technical area. Depending on how sophisticated your systems are and the technical expertise of your staff, you may need specialist information security advice.

If you have any questions relating to security in your practice, one of our security consultants will be happy to assist you. Please call 01865 887 428.

Alternatively, to read the guide in full, please click here

The Department of Health has today issued new guidance entitled: "Responsibilities and operational requirements for the correct use of Choose and Book".

94% of GP practices now use Choose and Book as their standard method of referral.

Health Minister Mike O'Brien said: "We know that Choose and Book works well for many thousands of people every day, giving patients much greater involvement in the decisions about their healthcare. When properly implemented, Choose and Book can provide significant benefits not only for patients, but also for referrers, providers and the wider NHS by delivering choice, certainty, security and reliability."

The guidance covers 10 areas as well as a summary of responsibilities:

• Clinicians using the system themselves
• Free choice
• Promoting the use of Choose and Book
• Acting on behalf of referring clinicians
• Technical support
• Referrals to named clinicians
• Clinicians reviewing referrals online
• Training
• Availability of appointment slots on Choose and Book
• Directory of services

 To read the guidance in full, please click here

With blogging and social networking sites becoming increasingly popular, Connecting for Health (CfH) has issued new guidance in the Information Governance Toolkit for NHS organisations outlining how to use social media safely.

CfH cites the following risks associated with using social media:

Another day, another data security breech. This report from E-Health Insider tells how a laptop containing over 600 medical records, was stolen from the Scottish Ambulance Service. The records contained details of patients’ names, addresses and treatment.

Whilst the service has an encryption policy in place, staff had failed to follow procedures; on this occasion, the only security in place was password protection.

One of the most important factors in IT security is people. Everyone is responsible for keeping patient records safe, so you must ensure that all staff are trained and familiar with your data protection, and IT security policies. By ensuring your staff adhere to these procedures, you can be sure that your data remains safe and your patients’ privacy protected.

To read the full story, please click here

This article from Management in Practice highlights the dangers of failing to implement appropriate security measures to protect patients' data.

Great Yarmouth and Waveney PCT and Gloucestershire PCT were found to have breached the Data Protection Act by the Information Commissioner's Office (ICO) following the loss of over 3,000 patient records.

In Great Yarmouth and Waveney PCT, the ICO identified the following breeches:

Mick Gorrill, Assistant Information Commissioner at the ICO, said, “Both of these cases have put thousands of patients’ sensitive personal information at risk. Personal information is valuable and keeping it safe and secure should be at the heart of good corporate governance.”

The ICO has now started formal undertakings with both PCTs.

To read the article in full, please click here

The NHS IT programme moves one step closer to reality as the BBC announce millions of patient records are to go online this week

Following several pilot studies over the last few years, the Princess Street Group Practice in Southwark, London, will be the first organisation in the city's upgrade to upload their records on the 19th November.

Summary Care Records contain details of patient's medications, allergies, adverse reactions and other key information. They aim to enable data to be shared more easily, allowing doctors to "rely on accurate information rather than patient recollection."

Whilst many critics have raised concerns about data security, due to the sensitive nature of the information, many others have praised the system and believe it will help the industry to provide better patient care:

Director of The Patients Association, Katherine Murphy said the system had "great potential for making care safer."

Health Minister, Mike O'Brien said, "Having the right information at the right time can make all the difference to patients' experience of urgent care."

To read the full story click here

This article from the BBC highlights the frustration of the Information Commissioner’s Office (ICO) due to the increasing number of incidents relating to the loss or theft of personal data during the past year, citing “NHS hospitals holding private medical records were among the worst offenders.”

In the last year there have been 434 organisations (including 200 hospitals) reporting data security breaches – a 64% increase compared to last year. The ICO has stated that from 2010, organisations that break the rules will face fines of up to £500,000.

Deputy information commissioner David Smith said, "Unacceptable amounts of data are being stolen, lost in transit or mislaid by staff. Far too much personal data is still being unnecessarily downloaded from secure servers on to unencrypted laptops, USB sticks, and other portable media."

Everyone is responsible for protecting patient data and there are several simple steps that can be taken to ensure information remains secure, including:

Have you seen the latest case study from fellow OLM Group company, Pavilion?

Pavilion is the leading publisher and event organiser for professionals delivering public services. One of its information services is 'CareKnowledge.com'; a social care knowledge portal used by 15,000 social care professionals, providing the latest information on best practice, as well as insight, commentary, special reports and features.

This case study features a project Pavilion undertook with Stockport Council’s Adult Social Care Directorate, that challenged Pavilion to implement a new communication and engagement programme for its staff.

CareKnowledge was deployed and now allows staff to access department information and sector initiatives in an informal manner through blogs, podcasts, ‘taking head’ videos and audio clips. The service enables two way communications by allowing staff to offer their thoughts and debate with colleagues. The service has proved successful and usage has increased by 70%.

Read the case study here

This article from Practice Business reports on the latest survey from the Care Quality Commission (CQC). The survey of 280 GP practices found that there are worrying gaps between practice and hospital communication; most notably that:

CQC chief executive Cynthia Bower (right) said, "It is important that basic systems to share essential patient details are working effectively to get the right information to clinicians at the right time to minimise these (medication related patient safety incidents) risks."

Our experience from working with IT within the public sector has shown that most organisations are reluctant to share information because of their fears over data security and privacy. However, these issues are easily resolved and should not form a barrier to information sharing:

Sharing data between GPs and hospitals is essential to effective patient care. The N3 network was created to help facilitate better communication between healthcare organisations. And there are many solutions available to help protect the security and privacy of the information as it is shared.

As specialists in IT security we are happy to answer any questions and offer advice on how to ensure your patient data is secure; just call 01865 887 428.

To read the article in full, please click here 

The chairman of the Royal College of General Practitioners (RCGP) has this week called for GPs to have 'complete information' on patients' medication when leaving hospital.

In response to the Care Quality Commission's (CQC) finding that some patients are at risk from mixing medicines on discharge, the RCGP's Professor Steve Field called for a move to "improve communication between hospital specialists and GPs." 

N3 provides the infrastructure to enable primary and secondary care to work better together. While hospitals and GP surgeries use different clinical applications, there are few technical barriers to sharing information once users have taken the necessary steps to protect patient identifiable data. We have recently completed a proof of concept project with a London polyclinic that demonstrates how easily information can be shared between disparate systems to give clinicians a 360 degree view of patient care. Watch out for more details soon...

Read the RCGP's comments here 

This week Connecting for Health has issued the following guidance: "Managing inappropriate access to patients’ demographic information using National Programme for IT and local systems and services."

The PDS (Personal Demographics Sewrvice) is a national electronic database of patients' demographic information - for example their NHS number, address and contact details - and underpins electronic care records across the NHS.

Whilst the PDS is already accessed by GPs and healthcare professionals through systems such as Choose and Book and the Electronic Prescription Service, this latest guidance sets out who should be accessing the system, why, and the consequences of accessing patient information inappropriately.

In a GP surgery, it is the Practice Managers responsibility to ensure that information is accessed correctly in accordance with the legislation. However all individuals working within the NHS have a contractual obligation to comply with the NHS Code of Conduct for Confidentiality.

Anyone accessing the PDS inappropriately will be guilty of professional misconduct and could face the following action:

• Criminal action under the Data Protection Act
• Civil action for breach of confidentiality
• Disciplinary action under terms of contract of employment
• Preventing the user from ongoing access to computer systems – this sanction is available to primary care trusts under the terms of GMS/PMS contract with practice
• Action by General Medical Council for breach of patient confidentiality

To read the legislation in full, please click here

In this week's Pulse, the focus is again on the Conservatives health plans to move away from centrally managed IT systems and operate on a local basis. As shadow health minister Stephen O’Brien (right) said, "We can secure a better deal for both patients and the tax payer if records were held locally."

Networking within the current PCT areas would allow healthcare organisations to share information and deliver better co-ordinated care to patients. However, before any systems are put in place it's important to build a secure foundation on which the IT infrastructure can operate.

The following three core technologies must be in place to build a secure foundation:
1) Authentication: checks that a bona fide user is attempting to access the network.
2) Encryption: protects data transferred across the network.
3) Firewall: protects data at rest on equipment connected to the network.

Ensuring a secure foundation will ensure patient data is safe, private and accurate and this will ultimately lead to better overall patient care.

To read the story in full please click here

In this week's E-Health Insider the results of a poll aimed at testing support for the Conservative Party's plans were published.

When asked about what they thought of the current system for delivering and maintaining electronic health records in England many respondents’ comments reflected that whilst the idea is welcomed, the implementation was poorly executed. For example, "NPfIT is a GOOD idea BADLY implemented," and "good concept, badly managed."

Although the completion of the NPfIT may be several years away, there are several interim solutions that healthcare organisations can put in place now to enhance their operations. 86% of respondents believed that interoperable systems were the best way to deliver electronic health records, rather than through centrally purchased common systems.

To be successful the focus needs to be on integrating current systems on a local level, for example within a PCT, to provide patients with better co-ordinated care and meet the specific needs of the local community.

To read the story in full, please click here

In this week’s issue of Pulse, they discussed the announcement from health secretary, Andy Burnham, that restrictions on GP practice catchment areas will be scrapped by autumn 2010.

Whilst this initiative will provide patients with greater choice over where they are treated, many doctors are concerned over the logistics of controlling a system where patients can visit multiple practices in different PCT areas.

The key to making the system work and enable healthcare professionals to offer high standards of care is through enabling greater communication and more effective information sharing.

The N3 network has specifically been designed to share patient data. Furthermore, the creation of COINS across the network means that health and social care organisations are better connected. Having the correct IT infrastructure in place will allow doctors easier access to a patient’s medical history, and in turn this will lead to consistent, high levels of care regardless of where the patient is treated.

To read the article in full, please click here.