How digital healthcare records can spread the load

Sascha Giese discusses how digital health records can help lighten the load on GPs

Digitising health records isn’t a new phenomenon, but it’s starting to gain momentum in new areas to better care for patients. In the UK, NHS Wales recently—and successfully—trialled a new digital scheme in which patients could enable their nominated pharmacist to access their medical records and treat them for a sore throat if required. Sharing this information with the pharmacist meant patients could be prescribed antibiotics, for example, based on additional health information about each individual.

With a 98 per cent satisfaction rate, this system is being rolled out further across NHS Wales to lighten the load currently on GPs, and it also raises the question of whether this type of technology could be used much more broadly. However, it also introduces some concerns around data privacy and cybersecurity that may not have been previously considered.

Why digital records are a good thing
This example from NHS Wales is a strong step in the right direction towards digitising the public healthcare sector. As mentioned, digital health records aren’t new, but the extent to which they can be used outside of a consultation with your GP is currently limited. Let’s take pharmacies as a prime example; if more responsibility can be given to pharmacists and patients can obtain more medicines without having to make a GP appointment, some pressure would be relieved from GP surgeries and additional appointments would be available for people with more urgent concerns. From a patient’s perspective, they would receive the help they need more quickly—either directly from the pharmacist on a drop-in basis or from the increased number of available GP appointments.

However, with any digital venture comes increased risk, and this is where initiatives like this must be carefully managed as they’re introduced.

What obstacles must be overcome?
For digital records to be used more broadly across the sector, patients need to be certain their data is protected and only relevant information is made available for pharmacists to access.

In terms of data protection, pharmacies are unlikely to ever be responsible for storing patient data—the records will be held by the NHS and organisations such as Public Health England, which will be responsible for storing the information securely. Regulations around this will therefore apply more to those parties. However, when pharmacists access the records in their pharmacies, they would need to be confident their network is secure enough to make any attempted cyberattack difficult. It would be a major problem if medical records were hacked through an insecure pharmacy network, especially as these details are sensitive and could have serious negative consequences if they fell into the wrong hands.

Second, patients would want to be sure their pharmacists could only access the relevant data on their records, such as other medications that potentially impact the treatment the pharmacist can prescribe. Some other details, however, are more private and wouldn’t be relevant for anyone other than the patient’s GP—these must be inaccessible. It’s also crucial for this data to only be accessible at the time the patient is at the pharmacy and needs the treatment. The records shouldn’t be accessible at any other time.

Keeping private data private
One of the easiest ways to help ensure relevant patient data is only accessed by the right pharmacist at the right time is through multi-factor authentication (MFA). This can help make sure the pharmacist can only access a patient’s records when the person is there to provide the right details (possibly through an app on their phone), including answers to questions, passwords, and even fingerprints or retina scans. Once a patient had shared the required information, the pharmacist would be able to access the relevant data.

Unfortunately, this may exclude anyone who doesn’t have a smartphone. But a simpler two-factor authentication (2FA) would also be secure and would just require the patient to have a mobile phone capable of receiving and replying to text messages from the security system. Though this wouldn’t help 100 per cent of patients, most people have mobile phones (even if they’re just for emergencies), so this would make it the most effective way to keep data safe.

Another way to improve this solution is access rights management. This technology monitors everyone who accesses a file or document and records when they accessed it. Having this measure in place would help with patient confidence; if there was ever any doubt about whether a pharmacist had managed to access data without a patient’s consent, there would be a record of it.

In today’s digital age, having technology systems capable of better care for patients is crucial for the development of the healthcare sector. And though the trial undertaken by NHS Wales is just one step in this direction, it’s a little bit further along the digital transformation journey, and the rest of the industry can use this progress to take the lead.

Sascha Giese is Head Geek™ at SolarWinds.