London
Healthcare Trust Gives GPs Secure Remote
Access to Patient Data
Kensington
and Chelsea Primary Care Trust (PCT)
is the NHS body charged with making
improvements to local health services
across the Royal Borough of Kensington
and Chelsea in central London . It serves
a population of 190,000 people. The
PCT works with general practitioner
(GP) practices, the local authority,
and hospital trusts to enhance the efficiency
of local health services, and to make
them more accountable to the patients
and communities they serve.
PCTs
bring together GP services and community
health services such as health visiting
and district nursing, thereby delivering
better integration of services. GP systems
now have to meet stringent standards
in IT to ensure that they will integrate
with those installed under the National
Programme for IT in the NHS. Following
full implementation of a government
directive from 2003, the PCT has taken
control of the delivery of IT services
to the 44 GP practices within its jurisdiction,
as well as 15 other primary care sites.
To provide a support and management
service, suppliers require electronic
access to the systems that reside within
the GP practices through the NHS broadband
network N3.
But
N3 is an “untrusted environment” with
a nationwide user base of 1 million
in which there is a key concern about
the security of person identifiable
data (PID). PID contains sufficient
information to be able to identify it
as belonging to a specific patient.
Government guidance from 2003 dictates
that PID “must not be transmitted in
the clear across N3,” hereby requiring
all access to PID through N3 to be adequately
protected from the untrusted environment.
A
second challenge was related to management
and support. GP Systems of Choice, a
national initiative to give GPs a choice
of clinical systems, has given PCTs
responsibility for delivering management
and support services to GPs. The PCT
also wanted GPs and practice staff to
have remote access to their practice
systems.
Hytec
was involved in finding a solution for
Kensington and Chelsea PCT to best manage
and audit all GP system access through
secure, encrypted communications. Its
client base includes the IT departments
of local authorities, residential social
landlords, and emergency services, as
well as NHS trusts and PCTs. Alan Hunt,
Technical Director, Hytec Information
Security, says: “After detailed discussions
with Hytec and a range of stakeholders
in the borough, the PCT decided to proceed
with a pilot study to fully evaluate
two viable options—from Cisco and Microsoft—to
resolve the GP site access and security
issues identified in our analysis."
Solution
In
August 2006, the two options were both
tested in a live GP site environment
in collaboration with the relevant GP
systems supplier and N3. The first option
was to implement a Cisco PIX firewall
at each GP site in the borough. The
other used Windows Server® 2003
running Microsoft Internet Security
and Acceleration Server 2006, although
initially it was trialled with Microsoft
Internet Security and Acceleration Server
2004. The PCT technical requirements
are outlined as follows:
-
Establish
secure communications between the
GP sites and the PCT through N3
to ensure safe transfer of PID between
the PCT and GP practices.
-
Compliance
with information governance standards
from NHS Connecting for Health,
the agency in charge of “digitising”
the NHS.
-
Extend
the reach of the PCT Active Directory®
directory service into the GP sites
to ensure the efficient deployment
of PCT technology systems that
will support GP practice-based commissioning,
which is being developed on Microsoft
Office SharePoint® Portal Server
2003.
-
Provide
a route for centralised support
and administration of the GP sites'
ICT systems from the PCT by PCT
technicians and their service partners.
-
Offer
a pathway and mechanism for the
ongoing management and deployment
of antivirus and software updates.
-
Deliver
a method of reliable backup and
restore of GP systems, which in
Kensington and Chelsea come from
three different vendors, controlled
by the PCT.
Alan
Hunt says: "The Microsoft solution
delivered all of the PCT's identified
requirements, but it also did more than
just provide the information for the
security regime that was required between
the N3 network and the GP, and now onto
the PCT. It also created a point of
presence that could connect into the
GP site, which could be controlled by
the PCT.”
Notable
deficiencies in the PlX firewall solution,
according to Hytec, included lack of
remote access functions, lack of onsite
GP systems backups, and the inability
to extend the PCT domain into the GP
site.
In
a second phase of the project, the PCT
plans to examine routing all access
to the Internet from GP sites through
the PCT blue code system, which then
monitors and filters all Internet access
and reduces spyware and software attacks.
Benefits
GPs
in Kensington and Chelsea now enjoy
far better and more responsive rr support.
They no longer need to wait for individual
engineers to visit their practice to
handle antivirus or software updates.
Routine work that formerly took hours
now only takes minutes. GPs and
practice managers can access their desktops
with the flexibility to access PID from
remote locations without security worries.
Remote
Working Helps GPs Improve Patient Care
With
the Microsoft solution, GPs working
in Kensington and Chelsea can access
systems within their practices from
remote locations in a secure manner
either through the Internet or wireless
technology.
PCT
IM&T Manager lftikhar Din, says:
With remote access, GPs do not need
to return to their practices to consult
patient data or clinical notes—as a
result, they can spend more time with
their patients. They can enjoy much
greater flexibility secure in the knowledge
that patient confidentiality is not
at risk.”
Alan
Hunt adds: ‘if the Cisco solution had
been selected, this service would have
required additional funding. As things
stand, the Microsoft solution is providing
many benefits in addition to the installation
of a simple firewall, and that's where
the added value lies.”
Technicians
Manage Software and Antivirus Updates
Centrally
The
GP systems within the jurisdiction of
the PCT were previously managed by 10
engineers visiting each of the practices
on a regular basis to implement software
and antivirus updates. Although located
in a geographically compact urban borough,
the support desk system generated inefficiencies,
cross borough travel, and often resulted
in unnecessary downtime.
Iftikhar
Din says: "All computers controlled
by the PCT in GP practices are now being
centrally managed from a central site.
It is much easier to make sure that
the antivirus software and all other
relevant upgrades are up to date. What
used to take hours, plus time to organise
and travel time, now takes minutes."
All
GP Practices Achieve Highest Level of
Compliance
The
PCT is striving, through the Microsoft
project, to bring every GP practice
up to the same high level where IT tools
and security of patient data is concerned.
Iftikhar Din says: "With the GPs
linked into the PCT core network, we
can decide what updates go to which
practices. All this is done remotely
without downtime and we can also inventory
the software at the GP practices so
we know exactly what is out there."
GP
practices in Kensington and Chelsea
serve a highly mobile population and
patients and staff often move between
practices. Iftikhar Din says: "Every
practice when the implementation work
is completed will have a standard configuration
on its site. We are standardising the
infrastructure so if practitioners or
nurses move between practices they will
find exactly the same ICT tools wherever
they work."
Data
Quality and Training improves at Doctors'
Surgeries
The
improvement of data quality at GP surgeries
in Kensington and Chelsea, as a result
of the Hytec-led project, is helping
the PCT meet national targets within
the NHS. The value of high quality patient-held
information has never been so important
to the NHS.
Iftikhar
Din says: "Data quality is crucial
and the availability of complete, accurate,
and timely data is important in supporting
all the current NHS strategies, including
the modernisation agenda, national service
frameworks, clinical audit and governance,
and clinical and performance indicators."
Good
quality data is vital to the performance
and management of the activities of
a PCT and Kensington and Chelsea is
no exception. It is also helping the
PCT to assess the ICT training needs
of GP practices and benchmark their
levels of computer literacy.
GPs
Gain Overview of Patient Journey Through
PCT
GPs
are now connected to the PCT community
information system, which is hosted
centrally, and, as a result, have an
overview of their patients' journeys
through the different services at the
PCT.
Iftikhar
Din says: "We are now getting a
read-only view on the community information
system so that GPs will be able to track
where their patients have been. So we've
got a project where a GP can input an
NHS patient number and view all the
activity for that NHS number on Our
community system."
Previously,
all such searches were performed manually
and often required an IT technician
to visit the practice to manage the
search. "GPs were getting fed up
with having to request searches in different
departments and often made overlapping
searches," says Iftikhar Din "Now,
we only need to make an information
request once, instead of many times."
|
