Paul Wooding
With the furore around data protection and privacy online, driven by the recent high profile Google and Facebook breaches, inevitably, the summary care record programme is back under the microscope.
The new coalition government has agreed and outlined what they don't want to do, including the national ID card scheme and the national contact database system. However, there has been no guidance to-date on who should be responsible for public health data, which has now been migrated online.
At the same time, citizens' attitudes to the role of the NHS in caretaking their medical records is in flux. Historically, patients have been seen as the subjects of the data, rather than the owners.
This is already changing. Now hundreds of start-up businesses are developing online tools to let citizens manage their own health information, and websites like HealthDataRights.org allow people to sign up to assert their rights to their own health data.
Patients have become more discerning about healthcare choices and the opportunity to search for information online, to do for themselves what institutions cannot.
This is forcing questions to be raised.
Trust is the crux of this dilemma; who can we trust with our medical data? Who ultimately should be its custodian?
Large volumes of data
Involvement of a commercial body like Google or Microsoft is strongly opposed because of the perceived motivation behind this. This has closed the door to others, like utility companies and mobile phone operators, who are old hands at handling large volumes of data.
Similarly the banks, who could provide an efficient national programme, are out of the running as they struggle to disassociate themselves from the economic meltdown which has damaged public trust.
This, plus the lack of direction from the government leaves very few candidates to step up to the plate.
A localised, federated system would seem logical but its critics suggest that it cannot provide the level of efficiency a national system could. This leaves two options – citizens themselves or the NHS. If the citizen alone is the custodian, how can that data be properly monitored by the national health system?
The NHS is the largest employer in the UK, has extensive experience of maintaining and safeguarding personal data and, despite the cuts it is facing, understands which investments will deliver real value to its stakeholders, the UK citizens.
Taking this into account, the only logical contender to handle this data is the NHS itself.
To empower the NHS to deliver in this role however, there are a couple of key steps and standardisations that need to take place.
First, we need a policy to be outlined that is strong enough to take a firm line on what needs to be done, and realistic enough to take into consideration the needs and concerns of a variety of stakeholders.
Secondly, we need an IT solution that is flexible and scalable enough to meet the needs of the NHS. And finally, clinical coding systems and principal treatment codes need to be standardised. Without this any national system will have limited use other than for demographic insights.
The policy needs to be determined from government or high within the NHS itself. This may take significant time but the technology to enable this can be addressed now.
An on-demand system of interlinked IT processes (such as an internal cloud), will provide the NHS with a system where data is effectively managed, safely stored, shared and immediately available to those who need it, which delivers value to all.
With this approach the NHS would work like a knowledge bank with a safe deposit box, where you have a key, they have a key, but you need both to open it. The technology is available and the benefits are clear so the only question that remains is do we trust the NHS to take on this challenge?
Paul Wooding is UK head of public sector, NetApp
From Flip Chart Fairy Tales
From Bubb's Blog
From Whitehall Watch
