Better information governance should be top priority for an NHS trust that aims to improve operational efficiencies and safeguard patient information, according to Roy Shubhabrata, vice president of product strategy for EMEA at healthcare IT company, Caradigm
Compliance is a key reason for organisations to invest in better IT and management solutions, many of which tend to focus on one area alone - password management
Good information governance will become increasingly crucial for hospital trusts over the coming months and years.
Patient data should always be held under a ‘lock and key’ system where the key is only available to the right person. Healthcare specific IT solutions exist to manage and provision access to data in a manner that provides strong authentication capabilities and auditing features. These systems can support hospitals in delivering high-quality patient care while upholding information governance.
Trusts are facing enormous financial pressures, including budget cuts. While information governance and IT may not always seem to be the obvious answer, efficiency and higher productivity levels, coupled with a ‘safety first’ approach, is conducive to safer services.
Simon Stevens, the new chief executive of NHS England, and formerly a vice president for UnitedHealth - the world’s-largest private health company in the US - has been quick to draw on his experience and highlight best practices.
He stated at the end of May that the NHS could learn from the way the US had introduced hospital records, which had been a ‘huge misfire’ in this country with a £12billion central scheme eventually abandoned.
Compliance is a key reason for organisations to invest in better IT and management solutions, many of which tend to focus on one area alone - password management.
In fact, good IT systems and information security policies should ensure that users no longer have to wait for accounts to be created and that NHS trusts no longer have users sharing passwords, using generic accounts or staff enjoy having access rights that are no longer relevant to their role.
Good IT systems and information security policies should ensure that users no longer have to wait for accounts to be created and that NHS trusts no longer have users sharing passwords, using generic accounts or staff enjoy having access rights that are no longer relevant to their role
Information governance practices have been criticised in this country by Dame Fiona Caldicott since the NHS reforms took place in April 2013. The latest report labels current information governance arrangements as having become worse, less stringent, and it has led to confusion as a result of the volume of reconfigurations and staff changes across the NHS.
The cost of inadequate governance
The NHS Litigation Authority manages approximately 10,000 hospital cases per year - costing the NHS millions of pounds. But the NHS, in the future, will not be alone in managing an increase of privacy breach claims. If we take a look across the Atlantic, the US Health Insurance Portability and Accountability Act of 1996 (HIPAA) includes provisions that address patient data confidentiality breaches. Under certain circumstances, a breach, whether unintentional or intentional, can result in fines between $100 and $1.5m.
Laws in the UK are likely to become more stringent, but will they follow the US model of practice?
Changes to information governance may prove a challenge for some trusts. However, establishing stricter laws relating to information governance and data protection is the right approach. Patients must have more trust in how the NHS handles their personal health information.
The NHS has to make up £20billion in efficiency savings in healthcare during 2014/15 to remain viable. With the Quality, Innovation, Productivity and Prevention (QIPP) programme, ongoing information governance can become an integral part of saving money through efficiency savings by having the right information, to the right person, at the right time.
Time to turn the page
Establishing stricter laws relating to information governance and data protection is the right approach. Patients must have more trust in how the NHS handles their personal health information
Clinicians endure extremely busy days and have to log in and out of several systems repeatedly during shifts. Sometimes, it can take a hospital up to three to four days to give a locum doctor the right access to systems. This is not conducive to good information governance or smooth workflows, especially in hectic and busy departments such as A&E, where clinical staff need to react quickly and access data in a fast and secure manner. Information governance rules are no longer a nice-to-have. The days of shared passwords and unfettered access to private patient data are over. The chosen IT systems and policies must support health professionals who are under an immense pressure to enable them to be served quickly and can remain compliant with information governance in an automatic way to focus their attentions on the patient.