Volume 1
The Electronic patient record : sixth report of session 2006-07 / House of Commons, Health Committee.
- Great Britain. Parliament. House of Commons. Health Committee
- Date:
- 2007
Licence: Open Government Licence
Credit: The Electronic patient record : sixth report of session 2006-07 / House of Commons, Health Committee. Source: Wellcome Collection.
44/122 (page 40)
![e AQ full audit trail will be maintained by the SCR system, indicating who has accessed patient information and for what purpose. This information can be viewed by GPs and Caldicott Guardians and will be available to patients on request;'“ and e Attempts are being made to improve the enforcement of operational security systems by increasing the penalty for attempting to access information unlawfully. Support for stronger penalties has been expressed by the Information Commissioner’s Office, the Department of Health and the General Medical Council.'* 107. BT also described some technical features of the SCR system which aim to improve operational security, including automatic logouts if systems are left unused and programmes for detecting unusual or malicious accessing of SCR data.*° Challenges and criticisms 108. A number of doubts were raised about plans for maintaining the operational security of the SCR system. Professor Brian Randell was sceptical about how effective role-based limitations on access would prove: If one has role-based access control with a very large number of complicated roles in a situation where there is a lot of changing roles it will be extremely difficult to deal with all the individual decisions that are being made as to who should have what role and what privileges...1 am deeply suspicious of the practical efficacy of such a system.'*7 109. A number of witnesses raised concerns about the use of smartcards to access electronic records systems, and particularly about whether access would be fast enough. However, such concerns did not relate specifically to the SCR system and so we consider them further in Chapter 4. 110. Regarding audit trails, Professor Brian Randell argued that monitoring access to the SCR was a good idea in principle but that the sheer volume of records created would make effective oversight difficult: 144 More detail about operational security controls can be found at Ev 7 and Ev 121 (HC 422-lIl). Caldicott Guardians are responsible for internal protocols governing the protection and use of patients-identifiable information by the staff of each NHS, ensuring compliance with national guidance, policy and law. 145 See Ev 6. See also Joint guidance on use of IT equipment and access to patient data from The Department of Health, the General Medical Council and the Office of the Information Commissioner, 25 April 2007, which concludes that ...the law is to be changed to provide the possibility of a custodial sentence for those found guilty [of obtaining information unlawfully].” 146 Ev 50 147 Q 286 148 See, for example, Q 141](https://iiif.wellcomecollection.org/image/b32221575_0001_0044.jp2/full/800%2C/0/default.jpg)
