IMS MAXIMS has responded to the government’s draft Information Governance Baseline Framework, which when fully published will ensure NHS organisations and commercial companies developing or commissioning information services address information governance requirements in a consistent and interoperable way.
IMS MAXIMS’ response can be found below:
The Information Governance Baseline Framework assumes that all patient data must be locked down and protected at all costs, even if it results in the prevention of critical patient information being shared.
While this may be a reasonable position to take if the health record belongs to a well known public figure, this does not necessarily reflect the attitude towards access held by the majority of patients. IMS MAXIMS believes that although there needs to be a balance between confidentiality and information sharing, most patients would expect their healthcare information to be shared across the NHS to improve diagnosis and treatment in order to avoid mistakes and substandard care.
The document therefore does not seem to take into account the direction of travel of the recent NHS Information Strategy: ‘The Power of Information’, which repeatedly calls for the protection of online records but also demands online access to patient records, portals and “sharing good information” across the NHS. In fact the document seems to pre-date the strategy by not taking into account its strong focus on ‘open data’, ‘patient access’, ‘information sharing’.
The scope of the document is also far too limited as it fails to recognise that healthcare is not just delivered by NHS institutions. It makes little allowance for:
• Cross-border care in the home countries or elsewhere in the EU.
• The Independent Sector performing contracted NHS work.
• Non NHS care (social services, voluntary, family members).
• The patient.
The document appears to assume that the overall current architecture is based on information being held in silos, where each organisation is responsible for the management of patient data. IMS MAXIMS calls for the document to recognise that this is not the only architecture that exists and cloud storage, social networks, distributed information resources and other types of media, will become more prevalent as new technologies are adopted by the NHS. Without giving these technologies real consideration, true innovation may be restricted.
There is also a flaw in the information governance model concerning access to data. Once access has been granted it is virtually impossible to control how that data may be further used. Therefore IMS MAXIMS recommends that public key encryption and cryptographic signatures should be taken into considered.
The weakest link in any security model is always the end-user. Given the nature of the NHS, it would be better to focus on identity management in order to increase the level of confidence about the identity of the user gaining access. If ID management is better implemented then deterrence begins to become a much greater assurance of confidentiality.
Sarah Bruce, Highland Marketing
Phone: +44 (0) 1877 332710
Mobile: +44 (0) 7557 265473
About IMS MAXIMS
About IMS MAXIMS IMS MAXIMS is an electronic patient record provider working towards better, safer patient care. Specialists in developing clinical and administrative software solutions for healthcare providers, IMS MAXIMS currently supports more than 150 organisations, 11 million patient records in the UK, and 1.9 million patient records in Ireland, approx 50% of the population, as well as 20,000 users of IMS MAXIMS products. MAXIMS is at the heart of the clinical and administrative life of everything from large UK and Irish hospitals, to small specialist independent clinics. It gives patient data to clinicians in exactly the format they need, and allows it to be shared with colleagues and updated in real-time. MAXIMS suits any clinical specialism and is excellent for order communications and reporting. Medical and administrative records can be kept fully up to date, with the minimum of effort. MAXIMS is web-based so there is no need to install software on computers or invest in expensive extra hardware.