The human ability to take wonderful technology and do something dumb with it is truly astounding. As a young newspaper features editor I was given a pristine two litre VW Golf GTI. Within a month I’d bent an axle and put 11 points on a previously clean licence.
I was less than impressed with traffic cops who seemed to have nothing better to do than hang around ready to nick me. But faced with the choice of sticking to the speed limits, or catching the bus, I mended my ways.
I suspect that a fair number of NHS bosses feel they have enough on their plates at the moment without the Information Commissioner and NHS chief executive, Sir David Nicholson, sending them letters telling them to sort out their data governance. Some might find it especially rich so soon after Sir David himself was rebuked by the House of Commons Public Accounts Committee for failing to ‘fulfil his duties as the senior responsible owner’ for the National Programme for IT. Yet e-Health Insider says the letter contains a stark warning that firm action will be taken over data losses and patient privacy breaches.
Surely management priorities should be the billions of pounds worth of savings being demanded, and preparing for NHS reorganisation, now the Health and Social Care Bill has finally limped out of the Commons and into the Lords? Complaints are understandable, but the NHS has often been dreadful at protecting confidential personal information. And having your personal details potentially fall into the hands of fraudsters and crooks can mean real harm. Staff who wrongly access other people’s records, or carry around unencrypted material, are abusing wonderful technology – and patients’ rights.
I was out the other night with some former NHS colleagues. One still works at an organisation which has installed a security system that monitors access of electronic health records – and is provided by a client of Highland Marketing. It’s unusual to have NHS managers heap praise on IT systems, but this one has made life easier. It was introduced in tandem with a raft of other measures to improve data governance. The number of problems has plummeted. And while the dangers of data loss or theft can’t be eliminated, they feel they are winning.
The Information Commissioner and Sir David are right to demand high standards of data governance. I suspect that hospitals and trusts will find that when a clear message goes out to staff that top management are truly serious about data protection, that effective monitoring is in place, and sanctions will be taken, then a culture change will follow. After all, these days I live in a small village plagued by speeding drivers and complain to local politicians that there should be far more traffic cops out there to catch the culprits.