Cryptzone has welcomed news that the Department of Health plans to move patient data online by the middle of the current decade - with social services to follow within a few years - but warns that the two biggest stumbling blocks are the high levels of security and public confidence that are required for the project to succeed.
The problems facing the Government, says Grant Taylor, UK Vice President of the European IT threat mitigation specialist, are actually not technology-based, but involve the development of a 'joined up' security strategy that will handle the phenomenally large volumes of data involved, and to a level of security that inspires confidence amongst the UK's population - all of whom will be stakeholders in what promises to be a very challenging IT project.
"And then there is the problem of confidence in the system amongst NHS staff in general. Whilst the technologists amongst us understand that the security - and IT systems - are potentially scalable, we have all seen too many failures where NHS technology are concerned. Promoting flexibility and local innovation to harness information and new technologies may sound attractive, but the constant drive for cost-cutting has resulted in a lowering of confidence in such plans," he said.
"The key question is: will the technology scale up to a population of many tens of millions of people and can it be done without impairing patient quality of care?" he added.
The Cryptzone Vice President went on to say that he can see patients welcoming the arrival of online appointment booking services, requests for repeat prescriptions and other routine requirements, but for more sophisticated services there is a significant danger that patients will not get the universal computerised primary care system that the Department of Health envisions.
This isn't about the security technology, he says, although it is fairly obvious that, even with stringent security standards in place, he has grave concerns about the on-going security of personal information, especially with large swathes of the population - many of whom are less than IT and security-savvy - are quite likely to use computers that are already infected with malware, so preventing IT virus infections being passed on is going to be a major challenge.
The solution to this, he adds - as any IT security professional will confirm - is to install a security sandbox between the patient's computer and the NHS/patient data s/he is accessing. Whilst fine in theory, again, the key question is whether the technology will scale to handle the millions of interactions that will be required every day.
All is not lost, however, as there are some major lessons that banks have learned when allowing secure and large-scale access to customer accounts online, so if the Government can translate those lessons over to an NHS patient-centric database - with viewing and editing rights - then there is a strong chance that the latest IT gameplan for the NHS and patient data access will succeed.
The bottom line, says Taylor, is all about developing a solid strategy for security and communicating that strategy to the public before it is deployed, as only then will patients buy into the gameplan.
"Opening up access to more information between healthcare providers will require considerable planning around an access strategy that ensures that only the right people get the right access to the right information. Who, for example, will decide what information should be shared and at what level between organisations? The security around the data sharing will depend not only on who is accessing the data but how, why and when the connection takes place," he said.
"The important thing to realise here is that one size does not fit all, as our observations suggest that the security will only work if the data is stored securely in multiple silos and replicated - as well as shared - between different IT systems. For this to happen, there needs to be a culture shift in the way patients, users of healthcare services and NHS professionals think, work and interact on the technology front," he added.
"Most current NHS IT systems do not even record information in the same way, so merging data systems can only be a long term aspiration. I have grave doubts as to whether the public have enough confidence in IT security to embrace an electronic healthcare revolution any time soon."