The national IT programme has the potential to bring huge benefits to patients and healthcare workers - but tight security is key

Technology has become increasingly pervasive in our daily lives, impacting the way we work, pay bills, shop, book holidays, bank, and more and more the way we are treated by health workers. The government's national IT programme is one example of this, aiming to create a more effective, streamlined health system by introducing a more joined-up IT infrastructure.

In effect, this will mean someone registered with a GP in Manchester can be treated in a hospital in London. Health workers will be able to access their patient records through computers linked to a central system. The advantages are clear and the aims of the programme are to be applauded.

That said, there are a number of issues and challenges that arise with any project of this kind. The technology itself will present a number of complications, though given time and resources these can be a resolved by the technical staff responsible for the implementing the project. Harder to tackle are cultural or social issues, in other words, the human element.

In the case of the IT programme, adopting a centralised system raises two main people-related questions: how do you give people peace of mind that their information is safe and remove the potential for people to misuse the system? And how do you encourage non-technical staff to adopt a whole new technology when doing so may seem too slow or complex?

Security alert

The first of these issues revolves around the concept of centrally held patient records - millions of files of personal data accessible through any networked computer. At present, it is often the case that the first on the workstation in the morning will log-on and will stay logged on for the rest of the day. This means the workstation is always logged on and when unattended could be used by unauthorised people to access sensitive information.

Alternatively, it may be the case that passwords are left jotted down for all to share. Again, this represents a security breach as anyone could use the log-in details. In both cases, some users may have access to information beyond their own security clearance. This makes it impossible to track who is viewing what information, significantly limiting accountability.

For health workers, this means that if something goes wrong in the treatment of a patient and they want to demonstrate they took the correct course of action, it will be difficult for them to provide any electronic account of their steps or the information they reviewed. If each individual logged in whenever they wanted to view information, there would be an audit trail they could refer to in these circumstances.

The challenge is in stimulating a change in culture, from shared passwords and the like, to a more secure and accountable system.

Added worries

The primary function of health workers is not to use computers. They do not sit at desks all day and using computers can be seen as more of a hindrance than a help. If using centralised systems means having to wait for each application to start up and authenticate the user before the records can be reached, clinicians are likely to look for ways of circumnavigating the obstacles.

Reconciling the needs of the two differing sets of end-users of the IT programme - patients and clinicians - is a huge challenge for hospitals. The key is to develop a system that provides such ease of use for clinicians that they will happily log in securely each time. This might mean giving them a system that recognises them based on a smart card or biometric reading.

The advantage of this is lost if clinicians are expected to provide their log-in details every time they want to access a new application or patient record. It is important to automate as much of the process as possible without removing the security elements.

The national IT programme is about effectively sharing information across different departments and regions. However, a project of this magnitude could easily become compromised due to insufficient security.

To satisfy the concerns raised by patients and clinicians, hospitals need to ensure information is protected and only the relevant people have access to it. For those who do warrant access, it is vital that information, though held securely, can be viewed as quickly and as effectively as possible. In the health sector this can make the difference in saving lives.