A surprising feature of the UK government’s 115 page electronic health record strategy is that its Power of Information document mentions ‘security’ just once – and even then suggests it should not get in the way since it “can lead to a culture that is overly risk averse and reluctant to share information at all, even where it would improve our care.” In a similar vein, although security is discussed in some detail in the associated Impact Assessment document, the word ‘privacy’ does not appear at all. But the privacy and security of personal health records is paramount to the data subjects – the patients.
We have reached a tipping point, suggests health security company FairWarning in a new study called Make or Break – Digital Healthcare and Privacy Reach the Tipping Point. “Electronic healthcare is among the most important advances of our times,” suggests Kurt Long, CEO and founder of FairWarning. But he adds, “Given the rapid and dramatic changes, it is vital for healthcare leaders to make sure they also become leaders in privacy protection. It plays a vital role in ensuring that patients build trust and receive the care they deserve, plus it helps to protect the reputations of healthcare providers.
“Privacy and security form the bedrock on which the NHS can progress,” he continues. “The loss in confidence in electronic healthcare could undermine the drive to deliver many initiatives such as those outlined in the information strategy, including the roll out of tele-health and tele-care technology to millions of patients and the target for all patients in England to be able to access their GP records electronically by 2015.” FairWarning’s study discusses these issues in greater detail; and certainly demonstrates that the public has great concern.
“The greatest threat is not from lost or stolen laptops and mobile devices, but from staff abusing their legitimate access rights to read electronic records they have no right to see. This can lead to identity theft, fraud and many other forms of criminality. Details of celebrity patients can also be leaked to the media,” notes the report. A separate independent survey, quoted within this report, shows a public already concerned about the existing system. It revealed widespread fears about privacy, and a demand for firm action against senior management in hospitals where breaches take place. These concerns will only increase as knowledge of the extent of the new health proposals become better understood.
We are, as the FairWarning report suggests, at the tipping point. Failure to grasp the privacy nettle will, in FairWarning’s words, lead to a loss of faith in the NHS, which would in turn discourage patients “from seeking help or giving full details of their condition... Greater patient rights, harsher penalties and tougher legislation must all be factored into the challenges faced by NHS senior management. It is in the clear interests of all UK healthcare organisations to adopt privacy measures which will protect them, their reputations, their patients and their staff from the severe harm caused by the misuse of patient records.”