This article from Digitalhealth.net is me ranting about some of the nightmares of giving some people access to their or their patients records and preventing others!
How difficult can it be to see one person’s records? By this I mean only one. We have a range of people who come into the practice; medicines management, pharmacy support, audit, researchers, monitors for research studies. They often only need / want access to one or a few people’s records, however there is no way to do this?
With the creation of PCNs we increasingly being told to take on staff at a PCN level to support the member practices, do these staff get automatic access to every patient in the PCN? Perhaps they do. Perhaps they need it, but they could have unfettered access to 100,000 patients. What about patient security?
Locally the district nurses and community staff have their own implementation of EMIS web – EMIS community. They can see the records of any patient on their case load and each time they see someone it asks consent reason. Ok this isn’t perfect as you can just click the person consents but it’s better than nothing. However it does mean they can’t get into someone notes who isn’t on their books.
You might say we can check the audit trail. At the moment we have resorted to doing a search on patient records accessed after a person is in, to check they haven’t accessed records they should not have. This perhaps is easier if they are looking at one person, however, a medicines management person can look at hundreds.
Why is any of this important? One of our GP registrars popped in the other day asking how to opt someone out of data sharing. Turns out it was a nurse from the local hospital, she admitted that she knew loads of her colleagues routinely looked up friends, neighbours and colleagues’ records and now she had something wrong, she didn’t want them seeing hers.
It then turns out that most of the data sharing agreements are out of date. In theory I should turn them off as we have repeatedly told the hospital to renew them but they haven’t. So, do I turn off the agreements and cause havoc on 26,000 patients?
Back to seeing one record. Locally we have implemented EMIS remote consult. It actually works quite well – if you want to be seen at a local PCN practice for extended hours.
You call the patient in and your version of EMIS disappears, and the home practice of the patient’s system pops up.
However, here it goes wrong as you are stuck with the practice’s templates/ macros/ protocols/ etc. You can’t use the ones you are familiar with. You can’t record anything in your own notes so, medicolegally, while what you have done is in the patient’s records, you have no record or easy audit trail. Also, you can’t see any letters.
I’ve worked out you might be able to access the remote patient then export any file you want to see to the desktop, then use the open with command to use a viewer (Microsoft paint is all most machines have!) to view the letter one by one. Then don’t forget to delete from my desktop. Hardly easy?
What about online? You can now access records through all sorts of apps and online portals. However all of these are aimed at patients. Most are limited in what you can see, and none allow data editing or entry.
What’s worse is this week everyone has been asking me about redacting info on what patients can see.
We are being pushed to offer full unrestricted access to whole records including free text and letters to patients, as opposed to coded only data from a certain date which is what we have now.
Great you say, and perhaps I agree, apart from the fact we are meant to redact any third-party information in some notes. Historically, there can be a lot of third party information, so how do we do this?
iGPR have a product that uses their excellent redaction engine to auto react letters and notes. However, you have to manually vet them. This takes a couple of minutes per notes.
We have 26,000 patients. That’s a lot of minutes.
And as soon as you do it, it’s out of date as there might be another entry or a new letter arrived.
Who is going to do this? I don’t have time. Is the software going to be built in? In which case it better be accurate or very cautious as get one wrong and you could find yourself being sued.
So, there is evidence that people are looking at records they should not be. There are complaints that people can’t see records when they can but the way they can that they don’t should be turned off. There are issues that people can see all of the data they need to and there are reasons not to show patients anything!
Are you confused yet? I am and I’m meant to understand some of this.