230 likes | 466 Views
NHS TAYSIDE CHI ACCESS PROTOCOL. 1970’s. CHI developed in Tayside to link patient records between hospitals and primary care Initially only primary care data loaded on to the system Ninewells and DRI were subsequently linked on-line via CHI/Compas interface
E N D
NHS TAYSIDE CHI ACCESS PROTOCOL
1970’s • CHI developed in Tayside to link patient records between hospitals and primary care • Initially only primary care data loaded on to the system • Ninewells and DRI were subsequently linked on-line via CHI/Compas interface • Staff with no online access used microfiche
1980’s • CHI expanded to include CPC data - Child Health - Cytology • Rollout of CHI/CPC systems to all Health Boards in Scotland • Tayside/Fife/Forth Valley patient records loaded on to the same database
1997 • White Paper ‘Designed to Care’ • Need to improve transportation/communication of information relating to patients • Increased use of information technology • Need to improve patient identification • Allocate a Unique Patient Identifier for each patient i.e. CHI number • CHI number to be inserted in all patient records • Creation of UPI search index
1999 • Rollout of CHI to secondary and tertiary care across Scotland began • Matching and seeding exercises • Introduction of CHI gatekeepers • Access to CHI records for the entire population of Scotland
Directors of Public Health • Raised concerns: • - access for hospital users to CHI records for entire population of Scotland and not just patients known to the hospital • Implementation of Gatekeeper Confidentiality Statement: • - signed by gatekeeper - signed off by Caldicott Guardian - raised user awareness of responsibilities
2001 • Use of CHI increased with greater demand for access • New client/PAS systems requiring links to CHI • Demands for CHI downloads to seed hospital systems
National CHI Access Protocol • CHI Access Protocol Framework (Nov 2001) based on Caldicott Principles • Objectives: - define purpose for access - agree parameters - define roles and responsibilities - provide framework to ensure patient confidentiality • Regulatory Environment - statute (DPA 1998; Human Rights Act 2000) - the common law - Caldicott Principles - standards set by professional bodies - policies + organisational standards of SEHD and NHSScotland
Protocol Template 9 Sections • Description of business function • Data items being accessed • Specific roles of staff • Method by which data is accessed • Monitoring of access • Legislative context • Protocol maintenance • Security • Signatories
Management of CHI in Tayside • CHI more widely used in Tayside than anywhere else • Recognised requirement for control and monitoring of use of and access to CHI • Role of CHI Administrator provided some control • National protocol framework provided basis for improved management of CHI locally
NHS Tayside CHI Access Protocol • Early 2002 • First draft of a protocol provided by Tayside University Hospitals NHS Trust • Reviewed and amended to cover the whole of Tayside • Process involved determining: - roles - responsibilities - lines of authority - current procedures - areas of weakness
NHS Tayside CHI Access Protocol Development Process • Determine and agree: - Roles - Responsibilities - Lines of authority • Identify areas where CHI is used • Audit of CHI usage • Identify methods of access • Authorisation process • Review security procedures • Review audit and monitoring procedures • Establish monitoring tools • Implementation
NHS Tayside CHI Access Protocol Development Process • 2003 • Draft protocol agreed with responsible parties • Distributed for consultation • Final document signed off by Caldicott Guardians in May 2003
NHS Tayside CHI Access Protocol Implementation • A number of processes/procedures were formalised: • Audit of access - method of access * - lists of users - purge of user lists - user profiles • Request and authorisation procedures • Monitoring/Audit systems • Ensure all systems accessing CHI are covered by confidentiality statement • Training • Publicise protocol and raise awareness • Annual Review
NHS Tayside CHI Access Protocol Methods of CHI Access • Direct (on-line) access to CHI/UPI • - Compas - DG-Local - CHI 24 • A-CHI • Microfiche • Other national systems include: - SCI-DC - SCI-CHD - SBR
NHS Tayside CHI Access Protocol Methods of Access (cont) A-CHI – a database of demographic patient data to support the use of clinical and non-clinical systems. These systems include: - Central Vision - e-Care - ERS - HEARTS - MITER - Octagon - Taycare/NHS24
NHS Tayside CHI Access Protocol Benefits • Clarity • Accountability • Consistency • Roles and responsibilities • Agreed procedures for authorisation and access • Improved user awareness of security, confidentiality and responsibilities • Improved patient confidentiality
NHS Tayside CHI Access Protocol Issues • System Access Controls (‘need to know’) • Access for non-NHS staff • e-Care • Research • Impact of national developments • Local developments (SCI-Store) • Education & Training • Data Quality • Systems with no protocols in place
NHS Tayside CHI Access Protocol Review Process • Annual review • Feedback from implementation group, e.g. - system implementation/removal - new procedures • Update protocol • Sign-off by Caldicott Guardians
NHS Tayside CHI Access Protocol Review 2005 SUCCESSES • Rollout of CHI 24 • Withdrawal of DG-Local • CHI logging using Business Objects • Training programme
NHS Tayside CHI Access Protocol Successes (cont) A-CHI • Implemented access logs • Different categories of users • Automatic removal if no access within 3 month period • New access request form and management of access • Training manual
Caldicott Principles ‘Ideally, the transfer of all confidential person-identifiable information should be governed by clear and transparent protocols that satisfy the requirements of law and guidance and regulate working practices in both the disclosing and receiving organisations. It is particularly important that those asked to transfer patient information can be confident that the highest standards, agreed in advance, will apply and that the information will only be used for agreed and ligitimate purposes.’