Clinical Portal Dr Beena Raschkes, Joint IT Clinical lead NHS Tayside October 2010.
-
Upload
june-hubbard -
Category
Documents
-
view
221 -
download
1
Transcript of Clinical Portal Dr Beena Raschkes, Joint IT Clinical lead NHS Tayside October 2010.
Clinical Portal
Dr Beena Raschkes , Joint IT Clinical lead NHS Tayside
October 2010
•Patient journey
•Communication
•Access to information
•Good Governance
What is a clinical portal?
Why do we need a clinical portal?
“There is nothing wrong with change, if it is in the right direction”Winston Churchill
Top 14 Information choices
Patient Information
•Patient demographics•Current problem list•Past medical history•Current medications•Allergies •Alerts
Letters
• Referral letters
• Outpatient clinic letters
• Hospital discharge letters
Results
• Laboratory results
• Radiology results and Images
• Other Diagnostic test results
Guidance
• eBNF ( British National Formulary)
• Local Guidelines
• National Guidelines
“ Commonality Supports Change“
Col PSM Rawlinson OBE
“Change is inevitable - except from a vending machine.“
Robert C. Gallagher
Key Challenges & Risks
• Information Governance
• Data Items Availability
• Data Quality/Standards
• Real Time Information
• Demographic Service: quality and reliability of the service.
• Financial: affordability and the potential implementation cost;
• Resource: availability of both technical and clinical resources to implementation;
• Infrastructure: due to geographic distances.
Key Challenges & Risks
• Information Governance: accessing GP data would benefit from a consistent approach to data sharing procedures
• Real Time Information: to ensure that portal users are confident information is accurate and avoid the need to access separate source systems.
• Data Items Availability: enabling the Top 14 data items to be accessible to a portal across the majority of Health Boards.
• Data Quality/Standards: as information is made more widely available and there is a need to agree consistent data standards.
CURRENT PROBLEM: Data Quality inElectronic Patient Summaries
Patient Clinical
Data
Patient Clinical History
Data Sharing
Patient Summary – Available
for Migration
Data Entry in GP Systems
Prioritisation Applied
Application Read Code
•Incomplete•Inconsistent•Inaccurate•Misleading
Not Fit for Migration
•No National Standard Applied•No National Guidance•Poor Data Entry Training•Differing GP Systems
Disparate and Individual Practice
CURRENT PROBLEM: Data Quality (inElectronic Patient Summaries) –shared with other systems SCI-Gateway
Referral
SCI-DC
Clinical Portal
GP GP Transfer
Patient Portal
Emergency Care Summary Phase II
Local Systems
Significant Clinical Risk and Compromise to Patient Safety
Patient Clinical History in GP
System
Data Sharing
•No National .Standard
•No Data .Governance .Framework
•No SEF
Patient Summary
•Incomplete
•Inconsistent
•Inadequate
•Misleading
PROPOSED SOLUTION: Improving Data Quality in Electronic Patient Summaries
Patient Clinical
History in GP
Systems
Defined Data
New Patient
Summary
•Consistent•Current•Reliable•Accurate•Fit for Purpose•Fit for Migration•Applicable to all .GP Systems
Reducing Clinical Risk and Improving Patient Safety
Audit Programme
PROPOSED SOLUTION: Benefits Realisation
SCI-Gateway Referral
SCI-DC
Clinical Portal
GP GP Transfer
Patient Portal
Emergency Care Summary Phase II
Local Systems
Reduces Clinical Risk and Improves Patient Safety
Patient Clinical History in GP
Systems
Data Sharing
•National .Standard
•SEF
•Provides .Benchmark .for Data .Governance
•Supports .General .Practice .Adoption
Patient Summary
•Consistent
•Reliable
•Accurate
•Fit for .Migration
The vision
• To improve patient journeys and quality of care
• Maintain patient professional and public trust with a robust Information Governance model
• Ensure access to clinical records is appropriate and legitimate
• Peer review and guidance (e.g.”rule setting”) is essential if this is to deliver improved patient care and safety.
Information Governance Background• Clinicians need to share information to treat patients safely. • Some clinical information is very sensitive. • We are obliged to protect the confidentiality of patient data.• We need assurance that access to information is always
legitimate.• Information Governance to protect clinical information might be
achieved using the following principles:• The relationship of the health care professional to the
patient• The location of the terminal• The current activity or location of the patient• The role of the user• The type of data to be seen
RESTRICT WHAT YOU SHARE
1010
1010
1010
01
01
01
01
01
010
101
010 1101
101
010
101
1011100
1011
1010
1010
1010
011100
111100
VIEWING FILTER
PRACTICE FILTER
VISION 360 DATA HUB
Concentric overlapping controls
Ethics and training
Role Based Access
Event Based Access Control
Patient Record
Event Based Access Control is a new concept which enhances existing protection of clinical information to meet the needs of an integrated Electronic Patient Record
Concentric overlapping controls could be used to provide the necessary protection
Ethics and Training
• Staff are required to complete modules:- Information Governance- Data Handling- Data Protection- Freedom Of Information– Regular updates on Information Governance issues
through staff bulletins and staff magazine – Access for staff to Information Governance Policies,
procedures and guidelines – Reaffirmation of IG responsibilities individually to staff
who have been authorised to use encrypted laptops and USB memory sticks within an Organisation
Staff need regular reminding of their professional obligations
Ethics & training: All clinical staff are bound by professional ethics which act as first protection for patient confidentiality
Role Based Access Control
RBAC principle: Users can access a record if they have the appropriate role and status in the NHS.
2009 Scottish Government Health Dept RBAC Model
Information Category Roles
Clinical Professional
Clinical Admin Healthcare Admin
System Administrator
General patient information
Summarised clinical information Full clinical information
Only for authorised user
Highly sensitive informationOnly for
authorised user Non patient-related information
Role based access control is embedded in many systems across NHS Scotland.
.
Event Based Access Control (EBAC)An enhancement to the RBAC approach based on patient events
EBAC Principle: Clinicians can only access a record when a patient is in the care of their area of the NHS and they have a legitimate clinical relationship with the patient .
Event base rules look at key events along a clinical pathway such as:
• Referral into Secondary Care• Outpatient Appointment • And within a set time frame as well as
organisational information of individual accessing record:
• Speciality/Pathway (ENT, Cancer Pathway) • Relationship to Patient (Doctor, Nurse) to assess
if an access is legitimate.Benefits•Adds a time bounded dimension to controlling access•Compliments the RBAC model by defining who might be an ‘authorised user’ •Combined with RBAC and audit controls gives a high level of control
Event Based Access Control
Patient CHI:
12345678
GP Referral Into
Cardiology12/03/2009
Added to Waiting List 14/03/2009
Discharge23/04/2009
Dr John Smith
Cardiology Consultant
Legitimate Access: Individual is a consultant in cardiology and is assessing a new referral
Mr David Evans
Oncology Waiting List Coordinator
Book OP Appointment28/03/2009
OP Appointment23/04/2009
Illegitimate: Access -Denied Individual is a Waiting List Coordinator of an unrelated speciality, accessing records a year after discharge….Happens to be a friend of patient who asks him to look up some results.
An example shows how EBAC works
Health Care Professional in Cardiology access Patients details in Clinical Portal on
the 13/03/2009
Health Care Professional in Oncology access Patients details in Central Vision
on the 13/03/2010
Access Rules (under development)
1. Hospital access is time restricted• starts when a patient is referred/presents to hospital/clinic• Up to 30 days after discharge.
2. Hospital access to records of patients with Long Term Conditions lasts while they continue to attend hospital clinics.
3. Access requested by clinicians not associated with the speciality to which a patient has been referred will be investigated.
In depth analysis established a rule set that is straightforward and feasible. High level examples are as follows:-
The Future …
• Develop functionality that will query exisiting records to detect illegitimate access.
• Establish process to report and investigate incidents.
• Build on issues encountered to oRefine EBAC business rules andoTrain staff
• Develop functionality that will query exisiting records to detect illegitimate access.
• Establish process to report and investigate incidents.
• Build on issues encountered to oRefine EBAC business rules andoTrain staff
Phase 1 – Audit Control Phase 1 – Audit Control
• Build EBAC security into Clinical Portal to control access in real time.
• Provide access for legitimate clinical follow-up, and a ‘Break Glass’ facility for exceptional circumstances.
• Deploy process to investigate all ‘Break Glass’ incidents.
• Sanctions and communication
• Build EBAC security into Clinical Portal to control access in real time.
• Provide access for legitimate clinical follow-up, and a ‘Break Glass’ facility for exceptional circumstances.
• Deploy process to investigate all ‘Break Glass’ incidents.
• Sanctions and communication
Phase 2 – Preventative ControlPhase 2 – Preventative Control
Implement in phases as both technology and understanding of EBAC rules evolves