Again we have news that makes it clear how important the human engineering aspects of Health IT are.
Two reports make the point.
19 Nov 08
By Steve Nowottny
Exclusive: NHS staff are routinely sharing smartcards to access patient records because not doing so would bring systems grinding to a halt, Pulse can reveal.
A survey of more than 300 GPs has found the practice is widespread, in defiance of strict information governance rules that could make it a sackable offence.
One in six GPs told Pulse they were aware of NHS staff in their area sharing smartcards, generally to circumvent cumbersome log-on procedures or access data at multiple terminals. One in 20 respondents admitted they had shared their own smartcard.
A Connecting for Health spokesperson insisted: ‘Staff should not share smartcards and if smartcards are used improperly, disciplinary procedures should follow.’
But Dr George Paige, a GP in Coventry, said: ‘Our receptionists always share cards and PC log-ons as it takes a few minutes to close the medical software, put in another smartcard and then restart the software. Would you like to wait that long to get your appointment or order your repeat prescription?’
A GP in Nottingham, who asked not to be named, said he had been forced to borrow a manager’s card when his was ‘out of date’ or when he had left it at home.
A Pulse investigation in February found 4,147 NHS smartcards had gone missing, with no disciplinary action taken. But Connecting for Health told Pulse ‘strict and robust safeguards’ were in place.
'All organisations have guidance on how to set up access for those who need temporary access - such as the locum or those who leave their smartcard at home - so there is definitely no need and it's not acceptable to share smartcards."
Full article here:
Second – reporting the same survey.
NHS staff are regularly breaching security rules by sharing "smartcards" to access patient records, according to a new poll.
One in six GPs told Pulse magazine they were aware of staff sharing smartcards, which were issued as part of the Government's multi-billion pound upgrade of the NHS computer system.
The cards allow staff to access confidential details contained on patients' medical records. It has been suggested that staff share cards to avoid going through the process of logging on or because they wish to access data at multiple computer terminals. Breaching the rules on security is a disciplinary offence.
One in 20 GPs questioned by Pulse admitted they had shared their own smartcard. More than 300 GPs in total responded to the survey.
One GP in Coventry told the magazine: "Our receptionists always share cards and PC log-ons as it takes a few minutes to close the medical software, put in another smartcard and then restart the software. Would you like to wait that long to get your appointment or order your repeat prescription?"
If the truth is even 20% of the survey result then clearly something is pretty wrong and needs to be addressed in a comprehensive way.
If this all seems remote for us in Australia it is important to remember the NEHTA National Authentication Service for Health (NASH) has the following plans.
National Authentication Service for Health
· Smartcards for healthcare professionals
· Digital certificates for devices
· Enable trusted authentication, digital signing, encryption
· Learns from previous experiences of PKI in health
· Specify and build during 2008
· Initial operations in 2009
I hope NEHTA is talking to the UK National Program for IT, has realised just what all the issues are with Smartcards, and has a detailed set of plans to address the sort of waywardness identified here.
I suspect I am dreaming, however, and we will roll the Smartcards out here and then start leaning the lessons already learnt elsewhere. I hope not!