Who should own your health record?

To be updated.

A more citizen focused society

It is a more citizen-focused information infrastructure that our public sector must start to adopt this type of approach, where we must start to question why things like our health and social care records are kept to with limited access from the citizen. The barriers to this are often due to a resistance from employees on changing their methods of work, and also the fact that many IT systems within the public sector were designed to restrict access from outside, and have very few access methods from the general public. The only way to change this is to start to trust external systems, and to support methods which the citizens trust in providing their identity.

Citizen-controlled information

To identify whether there was a demand for citizens to control their own data, in May 2013, Edinburgh Napier University conducted a survey on the attitudes on the access to electronic health records in the UK. With 477 respondents, 79.04% of participants said that they wanted full access to their electronic health record, while only 16.98% wanted a summary of their record, and only 3.98% wanted no access to their health record, at all. This shows that there is a strong demand from citizens to actually access their health records. Of the reasons that citizens would most like access the main reasons were:
• Check its accuracy (36.07%).
• Recall key information (32.64%).
• Add comments (15.24%).
• Make amendments (11.45%).

There is thus a strong demand from citizens to make checks on their records, along with making their own notes on their record. When asked for who should own the health record, 60.80% reckoned that the citizen should own them, which goes against the limited access that many UK citizens have to their record today, whether it be electronic or paper-based. The two main barriers on allowing access to their health record, where identified as poor security within the health care infrastructure (55.56% quoting as a strong reason), and the cost of building the IT infrastructure to support citizen access (44.89% quoting as a strong reason).

As might be expected, the main services that users would like are to view their health record (29.52%), and, closely followed by, booking appointments on-line (29.19%). These perhaps highlight a growing requirement for citizens to interface with the health care infrastructure using electronic methods.

Figure 1
Figure 1: Who citizens would trust most in proving their identity for the access to electronic health records

If there is a demand for online access to services, the survey prompted for the identity provider that they would most trust. For this the results in Figure 1 show that the traditional identity providers such as Facebook, Microsoft Live, Linkedin, and so on, are not the ones that users most trust to provide their identity. It can be seen that users are most keen on using a security tool that they control in some way, and one which has a strong security procedures, similar to online banking security measures. Thus it can be seen that users are demanding a higher-level of trust for the provision of their identity in the access to their health record. This is likely to be because they want to protect the security of their own record, while supporting a fairly easy method of access. A Government method of access, while trusted more than the traditional identity providers, trails behind these methods, which perhaps shows that, while trusting the identity provision, it might not be the easiest, or most controllable, method.

Figure 2
Figure 2: Who citizens would trust least in providing their identity for the access to electronic health records

When asked about the identity provider that they least trusted (Figure 2), the majority of users identified that Facebook as the least trusted (56.2%). This perhaps shows that users are becoming more educated in the understanding of trust and the way that organisations use the data gathered on individuals. Thus a provider which does not focus on identity provision, may have other reasons for proving identity, such as determining the services that they are gaining access to, so as to push relevant advertising material to them. It can also be seen from Figure 2 that Twitter and Linkedin score highly on the least amounts of trust in identity provision, which could point to recent security problems within their infrastructure, where passwords have been compromised.

It is thus a changing landscape of trust, and it can often end up being a 1:1 relationship that users have with their trusted organisations, and which can change quickly depending on changes in the environment. If trust is comprised at any time, citizens have the power to move their information to other sources. Thus if I citizen feels that their information is being used incorrectly, they can move it to sources that they trust more. A compromise in this, as has been highlighted in within the PRISM debate, can have serious consequences on the trust that citizens have in their Internet services/providers.

So What?

4d60a-pandora27sboxWe have open-up our information systems, and digital information can now easily flow across both organisational and physical boundaries. Indeed, the Pandora’s box has been opened, where information can be used for the good of society, such as where a child is at risk, where attendance records could be highlighted from one information source, and this then correlated with social care records on the child having bruises, and with a police record highlighting a threat of violence in the family. Within each of these, there many not be a significant risk, but by aggregating together, the risk is highlighted. Thus there are great opportunities in aggregating information across boundaries, but we need to be careful with it, in the same way that PRISM highlights the risk, in that a strong governance infrastructure is required, which defines exactly the information that is being accessed and on the organisations and roles which are used to define these accesses.

The researchers within Institute of Informatics and Digital Innovation  have been working on this problem for the past five years, and now have managed to extract a definition of a trust infrastructure, and then define the overall governance of the systems using enforceable rules.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s