Sweden sounds to have a sensible solution to the security issue on medical records:

  • Require the patient to consent to access (at doctor and nurse level) each time or for a limited period (save in emergencies, but log that it was an emergency).
  • Log everyone who accesses a record for any reason.
  • Make certain elements inacessible depending on the work being done.

I like this approach as it fits with my trust-based model: you are assuming people will do the right thing, but allowing a full audit trail if anything does go wrong. Yes, I could borrow someone’s card and password and access your record illegally, but how is that different with paper records? The question is how we would deal with this illegal access: the card holder would be the immediate suspect and would deny it. How could they prove their innocence? But I guess they’ve let their card get into my hands, so should not be allowed to access this kind of data without a cool-off period and training. If it happens to them again, then it should be a “three strikes you’re out” situation.

Pedantic point: NPfIT is far wider than the electronic patient record (what about the N3 network and digital imaging – PACS). The Swedes are doing EPR but not the other things (well they have an N3 equivalent, but separately).