08.08.17
Changing our digital culture and safeguarding patient data
Source: NHE Jul/Aug 2017
Joanna Smith, chief information officer at Royal Brompton & Harefield NHS FT (RBHT), says that as the NHS becomes more digital it has to get better at supporting and funding the consequential impacts on IT infrastructure.
Like all of my colleagues in the NHS we are striving to upgrade our IT infrastructure, reduce paper and help improve patient care and collaboration through the wider use of digital solutions – against a backdrop of increasing risk from cyber-attacks and the constant need to secure and protect our patients’ health information. All this at a time when money is sparse, with many trusts facing financial deficits and the impacts of GDPR and Brexit looming large in our minds.
Since I joined in 2013, following a long career in the pharmaceutical industry, our trust has been engaged in a major overhaul of our IT platforms. Although pharma tends not to be at the ‘bleeding edge’, it is typically a fast follower of new ideas and technologies and this has proved invaluable experience for my move into the NHS.
Our trust executives are committed to transforming how we deliver patient care, recognising that extending our services beyond our physical boundaries and collaborating effectively with other healthcare providers are key. Over the last three years we have redesigned and upgraded our networks, migrated off XP and started to move out of our on-premise data centres, leveraging managed and cloud services. We have introduced Skype for Business, a new patient administration system (PAS), an electronic document management system (EDM) and an electronic patient and administration system (EPMA). This year, we will migrate from our old PBX switchboard platforms to Voice over IP (VOIP), including unified communications and an iMessage app alternative to physical bleeps.
This has not been without its challenges for our staff; there is a sense of ‘IT fatigue’ in some areas as people have had to move from a largely manual and paper-based way of working to one where data has to be entered in real time. This has been particularly testing on some of our wards where previously admissions and bed moves were done by ward clerks on Monday mornings following weekend activity.
As a specialist trust, we have favoured a ‘best of breed’ approach with a number of niche solutions. The digitisation of patient case notes and the new EPMA have brought great benefit to the trust as a whole but can, for a busy consultant in clinic, feel like another change and new thing to have to deal with.
The importance of communication and education
The cultural change and impact of new ways of working is immense, particularly for busy clinicians whose primary concern is, quite rightly, the direct and immediate care of their patients. It will take time to embed new processes and demonstrate the true value – and this is critical if we are to transform how we work to deliver greater productivity and cost optimisation.
At the same time, we must safeguard our patients’ data. Whilst this is nothing new, the scale of the risk and impact from the digital landscape is enormous. Where previously a simple mistake or careless behaviour could risk a small breach, digital magnifies this exponentially. Educating our staff whilst still enabling them to do their job is key. Some organisations favour using extreme technical solutions to mitigate risk such as banning access to personal email and social media from corporate devices. Some commercial institutions even disable the ability to save or send data whilst others prefer policy and education. Whichever approach you take, communication and education are vital.
The NHS already has strong protections and governance in place through the Information Governance Toolkit, and this is planned to be enhanced to include more around cyber security. At RBHT, we run education and fake phishing emails in order raise awareness and reduce the risk of our staff clicking on fake links and entering their credentials. Whilst this is having a positive impact we will never fully mitigate the risk. We have invested in good perimeter and endpoint protection, as well as modern monitoring solutions to quickly identify and address unusual activity. Patching servers is easier now following the recent WannaCry outbreak, which fortunately didn’t affect us. However, there is always a balance to be found between frequent patching and the inevitable disruption to service.
As the NHS becomes more digital, in line with the aspirations outlined in the Five Year Forward View, we have to get better at supporting and funding the consequential impacts on our IT infrastructure and human resources if we really want the NHS as a whole to become a global digital exemplar.
FOR MORE INFORMATION
W: www.rbht.nhs.uk