Seòmar agus comataidhean

The Clinical Change Leadership Group conducted a wide survey of clinicians in 2009, receiving well over 3,000 responses from all parts of the service. There was a high degree of consensus around the information clinical staff considered to be of most importance. The Clinical Portal Programme Board accepted the recommendation of CCLG and the eHealth Leads Group that the following information content should be prioritised for Phase 1 Clinical Portal:

Category	Information
Patient Health Summary	Past medical history Current problem list Current medications Allergies Alerts
Clinical Letters	Referral Hospital discharge Outpatient clinic
Diagnostic Tests Results	Laboratory results Radiology results and images Other diagnostic text results
Knowledge Support	Local clinical guidelines National clinical guidelines eBNF

 

The Data Protection Act 1998, permits uses or disclosures of personal data for the purpose of the prevention or detection of crime or the prosecution or apprehension of offenders. NHS boards have mechanisms in place to respond to appropriate information requests from the police.

The Scottish Government published, CEL (2008)13 Information Sharing between the NHSS and the Police. This letter enclosed guidance, developed with the Association of Chief Police Officers Scotland, setting out how NHS boards and police forces should work together to develop a consistent approach to the sharing of information to promote the prevention and detection of crime, while respecting and safeguarding the interests of patients and the public in the confidentiality of personal health information.

There are no plans to introduce a separately designed Scottish solution. The consortium procurement to deliver a PMS solution that is available to all boards was set out in the eHealth Strategy in 2008. Boards beyond those in the consortium will consider whether to move to the PMS solution based on individual business cases and taking into account their existing products and contractual commitments.

Access to all patient identifiable information including health records is on a strict need to know basis in accordance with the Caldicott principles, Data Protection Act 1998, NHS Scotland Information Governance Standards and various codes of professional conduct.

In July 2006, the Scottish Government issued, NHS HDL: (2006) 41 NHSScotland information security policy. It set out Information Security Policy Principles covering authority, accountability, assurance and awareness and makes clear to NHSS staff aware of the limits of their authority and the levels of their accountability for their actions.

In accordance with these principles, NHS boards define policies and procedures to audit the access to patient identifiable information.

Aggregated waiting list data do not contain patient identifiable data and may be processed lawfully without patient consent.

The NHS Scotland Security Policy states that boards will undertake a survey of their information systems and data and make an assessment of the likely security risks, including an evaluation of the likely impact and occurrence of any threats that may disrupt services. Boards then introduce measures to mitigate these risks. These include, but are not limited to, processes such as virus checking, regular patching of operating systems software and the provision of back-up systems.

The national licence for a Patient Management System allows any NHS Scotland organisation to acquire a licence and deploy appropriate parts of the product on payment of agreed support charges. NHS24 currently does not have plans to use TrakCare.

Patients can object to their sensitive information being shared within the healthcare team, irrespective of the means by which this happens. Health professionals must respect these wishes, unless the disclosure would be justified in the public interest or by the law. We have no plans to provide patients with the electronic means to directly limit access to their sensitive data.

The Patient Management System will deliver improvements in the confidentiality, integrity and availability of the information held by integrating previously disjointed processes and reducing the reliance on paper-based records and manual activities. The system will introduce standard methods for recording and processing patient information that will make it more easily accessible and retrievable electronically, when and where required, but only by authenticated and authorised persons. Electronic access controls and audit trails will introduce levels of information assurance that are not feasible in paper-based systems. Electronic capture will improve the consistency of health records, and electronic data can be backed-up to provide additional resilience.

The Confidentiality and Security Advisory Group (CSAGS) report published in 2003, defined Acceptably anonymised data as data from which in practice the patient cannot be identified by the recipient of the information, and where the theoretical probability of the patient''s identity being discovered is extremely small.