BMA chair says smart card policy ‘preposterous’
- 15 February 2007
Connecting for Health’s policy of requiring doctors to repeatedly log-in with a smart card every time they use a computer system has been described as ‘preposterous’, by the chairman of the British Medical Association.
Speaking exclusively to E-Health Insider Mr Johnson said: “The idea that we have to log in and out of each terminal we use is complete nonsense. There is no reason why patients should be left waiting whilst staff log onto a system.”
Mr Johnson, who is also chair of the BMA’s Working Party on NHS IT, was commenting on whether he thought South Warwickshire NHS Trust were right to allow clinicians to share smartcards in the Accident and Emergency department due to the 60 – 90 seconds it took to log into there new patient administration system. http://www.e-health-insider.com/news/item.cfm?ID=2449
Johnson felt that the sharing of smartcards was “totally unacceptable” and they should be replaced with individual authentication methods such as lapels or devices that are pressed onto a reader when accessing confidential data.
He acknowledged that leaving the system open to anyone could lead to security flaws, but felt that new technology could make accessing patient records quicker for staff who need it.
“It is interesting, as we want it to be secure, after all we don’t really want cleaners getting access to our records, but I feel that as more and more smart technology is coming up, we can ensure that all security arrangements are in place and staff can quickly and safely gain access to any information.”
Mr Johnson felt that the use of smartcards for clinicians gave patients the impression that anybody could use them and risked hospitals appearing to be a “big brother state”. He suggested that the use of biometric technologies would mean authority levels were clearer to observers.
“For example, if you look at a pharmacy department, there are so many people doing different sorts of jobs. A patient seeing that would be happier knowing that only an actual dispenser was seeing their records and making the appropriate medication whilst the labelling staff were just accessing the labelling components and printing the right labels for the right medication.
“As well as reassuring the patient, this is less hassle for staff, so for me, having to log in and out each time the system is used is just meaningless.”
He said he also strongly favoured the creation of Role Based Access Controls (RBAC) to limit who sees what data and says work with Connecting for Health to create a firm set of job roles within a healthcare environment that will determine staff access rights.
“The BMA supports the development of access controls and moves towards a simpler model with fewer roles. We are working with CfH to come to a suitable agreement on a set list of job roles, areas of work and activities that will help to simplify these controls.
“It is imperative to us that patient safety is maintained at the highest possible level but any such controls do not impinge on working practices, and we are urging CfH to ensure that when the RBAC is agreed, it is piloted with doctors and all concerns are taken into account before implementation.”
E-Health Insider’s full exclusive interview with James Johnson will be published this week.
Link
South Warwickshire authorises shared smartcard use