The NHS hasn’t embraced the digital revolution as much as it should have, says a report commissioned by Google’s DeepMind Health following an ICO investigation on dealings between the firm and the Royal Free NHS Trust.
The report adds that NHS doctors often share patient scans using SnapChat, thereby rendering the data vulnerable to hackers.
A recent report published by an independent panel of experts including Dr Julian Huppert, a former researcher at the University of Cambridge, has shed light on workings of the NHS and how the organisation conforms to the latest cyber security practices.
The report confirms what many experts and even a number of MPs have talked about in the recent past- the issue of outdated systems being used by a number of NHS trusts and hospitals. According to the report, an average NHS trust has as many as 160 computer systems in operation because of which operations are difficult to streamline and this lead to a rise in complexities.
To add to this, a bulk of NHS records are insecure paper-based systems which are difficult to use and maintain, and this has forced doctors and clinicians to devise their own innovative methods to make their jobs simpler.
“Seeing the difference that technology makes in their own lives, clinicians are already manufacturing their own technical fixes. They may use SnapChat to send scans from one clinician to another or camera apps to record particular details of patient information in a convenient format,” said the report.
“It is difficult to criticise these individuals, given that this makes their job possible. However, this is clearly an insecure, risky, and non-auditable way of operating, and cannot continue,” it added.
The fact that doctor and clinicians are allowed to use such methods at work also reflects on how serious NHS trusts are when it comes to ensuring adherence to strict guidelines and protecting confidential information of patients from prying eyes.
The report was commissioned by Google’s DeepMind Health following an investigation by the Information Commissioner’s Office on dealings between the firm and the Royal Trust NHS Trust. The ICO held earlier this week that the trust violated the Data Protection Act when it shared 1.6 million patient records with DeepMind without obtaining adequate consent from patients.
The ICO has ordered the Trust to conduct a privacy impact assessment which will explain how the Trust will comply with the Data Protection Act when entering into an arrangement with DeepMind in terms of processing patient data or conducting clinical safety tests.
“Our investigation found a number of shortcomings in the way patient records were shared for this trial. Patients would not have reasonably expected their information to have been used in this way, and the Trust could and should have been far more transparent with patients as to what was happening,” said Information Commissioner Elizabeth Denham.