NHS Must Empower CCIOs and Security Leads to Tackle New Data Threats

ImprivataOpinion Article by Dr Saif F Abed, EMEA Medical Director at Imprivata.
Take the perfect recipe for a new model of care. A well thought out local digital roadmap to improve efficiency through IT, a forward thinking acute trust, collaborative partners across care settings and a novel vanguard model, all combine to create a project with the potential to achieve local and national integrated care objectives.

Then a massive clinical data breach strikes, patient data is compromised, and the project collapses, missing a chance to help transform care for thousands or even millions of patients.

With sustainability and transformation plans, the Five Year Forward View and ambitious local projects across the country leading the way for population based care, the NHS is on the brink of success for integrated health economies. This hard work must not be undermined by avoidable security risks.

New security challenges of integrated care mobility
The realisation of genuine integrated care does carry inherent new data security challenges.

Integrated care means more clinics moving from the hospital to the GP surgery. It means more specialist clinicians carrying out home visits, or moving between multiple hospitals. There will be more hybrid nursing, more community nursing, and a much greater reliance on mobility, outside of the four walls of a clinic.

The only way we can manage the health of entire populations is if we have a more mobile workforce, but we still need to have the same elite standards of security, whilst providing professionals with the right information, at the right time, wherever they need it. So how can a balance be struck?

Mobility, clinical workflow and security - the current status
Mobility, clinical workflow and security are the three key elements to creating any integrated care strategy, whether that is one at a local level or one being driven nationally.

A great deal of progress has already been made around clinical workflows in relation to technology since the end of the National Programme for IT. Similarly vanguard sites are now starting to tackle the challenge of mobility, so that more patients are managed in the community.

But security has received the least attention and is to date the most deficient area of the three pieces of the puzzle. We are only now seeing real security investment come into fashion as a result of threats seen in the US and some EU states recently and as a result of advice from bodies like GCHQ to improve security standards.

Others too have called for action. The Care Quality Commission and Dame Fiona Caldicott's Office of the National Data Guardian, have both recently called on the NHS to take steps ahead of reviews of NHS organisations' data security. And health secretary Jeremy Hunt has insisted that the NHS has "has not yet won the public's trust", when it comes to handling their data.

Technology is not the biggest problem
Technology is not the biggest weakness in data security, it is the human factor, one of the reasons why we are still seeing data breaches and fines imposed on the NHS from the Information Commissioner's Office.

It is true, that whilst effective IT in an integrated care chain can allow patient data to be accessed in a more timely and secure way, other more cumbersome technologies can lead to problems. For example, in healthcare settings today, it is not unknown for clinicians to become frustrated by log-on loading times, each time they insert their smartcard to access patient information. When fast user switching systems are not in place, doctors may leave smartcards in the system, avoiding hindrance to clinical workflows, but also creating security risks including the potential for inappropriate access to information from colleagues and the loss of an audit trail.

In reality, the way people handle data, and how they access devices, is often the challenge. The vast majority of data breaches take place because of humans mishandling information, not because of a cyber hack.

Empowering CCIOs and SIROs to tackle security challenges across health economies
But it is the human element that offers the answer to data security risks, including new challenges presented by integrated care. The NHS must now empower the right people in order to tackle security challenges.

At present many parts of the NHS do not even have a chief information security officer or a senior information risk owner (SIRO). This is something that must change, with calls for such a role at board level, being voiced by the CQC and Dame Fiona's office.

Chief clinical information officers (CCIOs) can also play an extremely important role here, and are in many ways the most useful people in an NHS organisation to get major IT projects adopted, engaged and used in a way that is useful for patients.

But so often CCIOs are not being given executive powers needed to make the most difference, something that must change with urgency.

CCIOs are simply not being invited to participate as effectively as possible. As someone who has worked in the NHS as a doctor, and who now works in the supplier community, I have seen from both sides how there is often a need to reach out to the CCIO for them to take part in a meeting.

CCIOs need to be given the executive powers to lead. The same is needed for SIROs, so that clinical flows, mobility and security are not addressed in isolation.

The NHS must not pigeonhole clinicians and information security leads to clinical or security matters. Each deals with the whole picture from different angles. There must be collaboration between them, and without executive powers, the train goes nowhere.

Those individuals can be key to ensuring these things happen, not only in the trust, but more widely across health and social care.

The more players in an integrated care setting, the more collaboration you need. Ideally the same expertise would be reflected in each of the component organisations, to allow the security and workflow needs of acute, community, mental health, primary and social care to be tackled with cohesion.

But most importantly, health economies need to understand where they are deficient, where they are strong, where they need to invest, and where they don't have enough resource. The first step is for all the component organisations to come together and understand what they are capable of, and what they are not. Only an integrated approach to security can work for the integrated care now about to happen.

Most Popular Now

Which Self-Help Websites Actually Improv…

From depression to weight loss, insomnia to cutting back on alcohol or cigarettes, the Internet teems with sites that promise to help people improve their health. Which of these really...

Read more

AbedGraham and Highland Marketing Partne…

Global efforts to enhance clinical engagement and accelerate the impact of digital technology in improving patient care, will be boosted by a new bilateral relationship between two organisations dedicated to...

Read more

The Grants4Apps® Accelerator Berlin 2017

The Grants4Apps® Accelerator is a mentoring program for digital health startups taking place in Berlin. This year's batch with five startups runs from September until November. The program offers mentoring...

Read more

Highland Marketing Recruits Strategy and…

PR and marketing agency Highland Marketing has appointed Lyn Whitfield to the new post of strategy and content director. Whitfield is a journalist by background, who has specialised in writing...

Read more

Philips and PathAI Team Up to Improve Br…

Royal Philips (NYSE: PHG, AEX: PHIA), a global leader in health technology, and PathAI, a company that develops artificial intelligence technology for pathology, are collaborating with the aim to develop...

Read more

PatientsLikeMe and Shire Pharmaceuticals…

PatientsLikeMe and Shire plc (LSE: SHP, NASDAQ: SHPG) have announced a new collaboration that will support the development of a patient-centered, real world health learning system that expands understanding of...

Read more

Biased Bots: Human Prejudices Sneak into…

In debates over the future of artificial intelligence, many experts think of the new systems as coldly logical and objectively rational. But in a new study, researchers have demonstrated how...

Read more

Philips High-Risk Pregnancy Toolkit is …

Royal Philips (NYSE: PHG, AEX: PHIA), a global leader in health technology, has been included as a "Developing-World" and "Health" categories finalist in the 'Fast Company - World Changing Ideas...

Read more

Allscripts Announces dbMotionTM Solution…

Allscripts (NASDAQ:MDRX) announced today that its Community interoperability platform, dbMotion Solution, is now available through the cloud via Microsoft Azure. The cloud-based solution offers the same capabilities as the on-premise...

Read more

Health 2.0 Europe 2017

3 - 5 May 2017, Barcelona, Spain. The 8th edition of Health 2.0 Europe will take place in Barcelona in a new location: Fira Montjuic, Plaza España. Health 2.0 Europe will...

Read more

FDA Allows Marketing of First Direct-to-…

The U.S. Food and Drug Administration today allowed marketing of 23andMe Personal Genome Service Genetic Health Risk (GHR) tests for 10 diseases or conditions. These are the first direct-to-consumer (DTC)...

Read more

Public Funding Essential for Advances in…

In the budget President Trump recently submitted to Congress, he asked for a reduction in the 2018 funding of the U.S. National Institutes of Health (NIH) of almost 20 percent...

Read more
(HEALTH IT) SPACE - Take a look at who has just Joined