Speaking ahead of a parliamentary debate on e-health, doctors’ leaders warned that current measures to protect patient information might not be enough.
Specifically, the doctors say that the Clinical Portal Technology project – which allows patient information to be viewed electronically by a wide variety of clinicians and, in some cases, by others as well – requires tighter controls.
Dr Alan McDevitt, deputy chairman of the BMA’s Scottish General Practitioners Committee and lead on IT issues, said that the ease with which patient information could now be shared challenged the health service to come up with new ways of protecting information shared by patients. “With the growing use of electronic patient records, it is essential that we know who has looked at which records and when, so we can ensure only appropriate access,” he said.
“Although BMA Scotland is broadly supportive of the Clinical Portal Technology project, we do have concerns relating to patient confidentiality and how access to the system will be managed. If portals are to be accessible from computers anywhere within the NHS then it is our view that username and password access does not offer sufficient security of data.”
Dr McDevitt, a GP in Glasgow, said that it may be “commonplace” for user names and passwords to be shared among medical staff. “This can often occur because staff do not receive access to systems promptly enough or are unable to reset their access out of hours. While this is already an issue of concern, the risk of misuse in an environment where clinical portals display much more data about many more people, is considerably greater.”
He said that an identity and access system – to identify individuals within a system – is required to ensure that access is granted promptly to those who need it (after secure identity checks), that they can reset access at all times and that access is stopped when they leave or change roles.
“The BMA strongly believes that introducing tighter controls will be far more effective at limiting inappropriate access to electronic patient records than using retrospective audit in isolation,” he added.
---
Autor(en)/Author(s): Jennifer Trueland
Quelle/Source: The Caledonian Mercury, 21.09.2010
Bitte besuchen Sie/Please visit:
