Improving care

Privacy and the collaborative health information system

This report was written as part of a wider piece of work, around improving end of life care.

Full Report Collaborative Health Information System

The privacy and security considerations for a collaborative health information system is wide and far reaching. Whilst the Caldicott principles (PDF) under ‘direct care’ and direct consent covers a lot, there is still work to be done to make these principles more accessible, relevant to digital projects and holistic as new technologies enter healthcare. Whilst we’ve been working with super users of the NHS, we’ve been thinking about where more work is needed and we’ve grouped these under headline topics.

Make it protected
The system should protect users to make it difficult to get access to someone else’s record. only they can see their health information. This should be appropriate for the user and the context in which they are using the system.
Don’t put too much data on a given device
Whether it’s a server or a phone,having too much data in one place creates a big risk.
Only display necessary information
Displaying health records on personal devices is convenient, but also makes it possible for the record to be read by other users it was not intended for, for instance, someone ‘shoulder surfing’ and malware.
Design any terms and conditions well
Provide users with terms they can easily read and understand in a format that’s accessible. Make sure any changes to these terms are communicated clearly to the user.
Permissions
Design a good permissions system that’s accessible and useful for the user, so they can understand who has access to their medical information and why. Other design patterns would be interesting to explore, like temporary access based on time.
Put patients in control
Give users the ability to flag when they see activity in their record that they think may be incorrect or wrong.
Make edits hard
Some changes to some information should be hard to make. For instance, blood group.
Design in delays
Sometimes it may be necessary to delay the information that’s accessible to a patient. For instance scan results may first need to be analysed and understood by clinicians before they are shown to the patient.
Collect minimum data
Only collect data from users that is absolutely necessary to provide the service.
Use cryptography
Encrypt data in transit to protect user privacy. Consider using other forms of encryption too, for instance end-to-end encryption.

Table of contents

Report sections

User research

About this project