Sunday, February 07, 2016

NHS: standards please, not monster systems

I saw this:
('paperless NHS' plans)

There have been many attempts to solve this, all of them involving throwing large (very large) sums of money at consultancy shops to build "systems". These systems end up being monsters, taking the work of hundreds of developers and pouring that work into one seething unmanageable pot, while being managed by people who are expert in extracting extra costs from the client, i.e. government i.e us.

The alternative: Focus on document exchange standards.

With defined document standards, private firms and indeed the open source software community, can compete to build systems which conform to the standards. For example, imagine a 'document' which is my medical history - I should be able to send this (or parts of it) to my GP. The GP could then add new information to the document and send on part of the document to a specialist (using a conforming software system of his or her choice). Standard parts of documents could be blood tests, CT scans, DNA decode, name & address ... etc.

Security is a significant concern with this kind of data.   A document should be encrypted and only people with permission (e.g. a signed digital certificate) can read it. Technology for this already exists.  In the case above, the GP would send the file to the specialist and the specialist would need to get permission from me to read it (this could just take the form of an computer message saying "is it OK for consultant x to read document y?").

For people who are not tech savvy there could be central registries of documents which maintain records of who is allowed to see what.  Companies could complete to provide such services, but the NHS could provide a simple one (which should be a bought-in system, not a build in-house monster system). Such systems would allow people to visit a medical person and give permission there and then for documents to be read.

For people who are very ill it must be possible for medical people to obtain permission to read medical documents (e.g. from the courts, as with a search warrant). This could be a delegated power, but as with all access there must be a clear audit trail. (lots of alternative exists for this kind of thing. Block chains may a strong current option).

As we have seen, system-centric approaches fail. Instead, the government should focus on developing document standards. Aim (perhaps in the medium to long term), to work with ISO & WHO so electronic medical documents can be exchanged around the world.

Please, no more monster systems or even system-centric central government projects for the NHS.