Is Failure to Digitise Making the NHS Less Secure?
MP’s and security experts are urging the NHS to speed up its digital transformation after the recent revelation that 700,000 patient letters meant for GP’s were lost between 2011 and 2016.
The letters, which contained 500,000 items of confidential medical correspondence, were mislaid after being mistakenly stored in a warehouse by NHS Business Services, the company tasked with their delivery.
The controversy has reignited concerns over the lack of progress made by the government towards the digitisation of the NHS.
In a discussion that took place in the Commons on February 27th, MPs and industry experts claimed that it could have been avoided had the records been stored online.
Egress co-founder and CEO Tony Pepper blamed it specifically on the NHS’ reliance on physical, rather than digital, data:
Physical data is inherently less secure than digital
“Physical data is inherently less secure than digital – it’s difficult to trace, goes missing easily and is often open to interference,” he said. “While digital records have their own set of challenges, with the right foresight and security and compliance mechanisms in place, it’s far less likely to go missing or be subject on this scale to the same issues of human error.”
The NHS’ reliance on paper has been a long-standing concern to experts who believe that digitisation is long overdue. The organisation was first tasked with digitising patient records as far back as 1992, but has made ‘limited progress’ in doing so.
This was the conclusion of a recent review into the digitisation of NHS records carried out by the University of York. Commenting on the review, Dr Arabella Scantlebury, Research Fellow at the University’s Department of Health Sciences, said: “There have been attempts to implement electronic records since 1992, but as so many have failed, it is time to ask why?”
…the price tag for the aborted project came to £11 billion for the taxpayer
As mentioned by Dr Scantlebury, the digitisation programme has been marked by failure – and costly failure at that. In 2011 the government was forced to abandon its “disastrous” National Programme for IT that would have introduced an integrated electronic record system for the NHS. Criticised for taking a ‘one size fits all’ approach to digitisation, the price tag for the aborted project came to £11 billion for the taxpayer.
Upon accepting his position as Health Secretary in 2013, Jeremy Hunt reignited hopes for a digital transformation by pledging to create a “paperless NHS,” by 2018. £1 billion pounds and three years later, the plan was deserted when an expert from the University of California concluded that current hospital IT systems could not support the move.
As the Government fails to make headway on the NHS’ digital transformation, the question is being asked: is the lack of progress towards digitisation putting patients at risk?
Incidents such as the latest development with NHS Business Solutions suggest that this might well be the case.
The NHS has warned that over 500 patients may have suffered “serious harm” resulting from the failure to deliver thousands of items of medical correspondence that included blood test, cancer screening, and biopsy results.
NHS England’s National Director for Patients and Information also claimed at the NHS Innovation Expo Conference in 2015 that cutting the reliance on paper would make patients safer.
“Every day, care is held up and patients are kept waiting while an army of people transport and store huge quantities of paper round our healthcare system,” he said. “This approach is past its sell by date. We need to consign to the dustbin of history the industry in referral letters, the outdated use of fax machines and the trolleys groaning with patients’ notes.”
But whilst many believe that the digitisation of patient records would alleviate some of the risk, a move towards online data storage has the potential to create a whole host of new problems that need to be addressed.
One of the largest obstacles currently standing in the way of complete digitization is the issue of cybersecurity. Before patient records can be hosted online, the NHS needs to be sure that it can protect confidential information from cyber attacks.
Cyber security is already a huge concern for the NHS, which has been subject to a number of high-profile attacks in the last few months. One of the most concerning incidents took place in October, when an attack carried out against three hospitals forced management to shut down computer systems resulting in thousands of cancelled operations and appointments.
Despite believing that online records “would almost have guaranteed that this [the recent postal error] would never have happened,” healthcare specialist Zak Suleman told parliament on February 27th that ardent cyber-security measures needed to be made so the process could move forward.
“To simply ‘digitise’ one of the biggest institutions in the UK is a complex overhaul and the government must ensure, above all else, that all data is kept safe and secure,” he claimed.
There is evidence to suggest that this is something the government is making a concerted effort to address.
Jeremy Hunt assured the commons that whilst concerns over cyber security were inhibiting progress towards digitisation, the government was looking into systems “even more robust” than those used by banks for the protection of patient information
NHS Digital also launched CareCERT, the Care Computer Emergency Response Team, in late 2015 to help health and care organisations improve their cyber security defences.
In a blog post written for National Health Executive, NHS Digital Head Dan Taylor stressed the risks which accompanied digitisation and argued that there needed to be a collaborative response across the organisation.
“Alongside the benefits of digitisation there are risks, and with risks come responsibilities,” he said. “these responsibilities aren’t just for your IT or security team, they belong to every member of staff in your organisation.”
Whilst there is no doubt that digitisation poses risk, the recent postal error highlights that the risk of failing to digitise our health system is even greater. It is important that we don’t hide behind the cyber threat and undermine efforts to modernise the NHS and embrace the benefits and efficiency of digital.