Computer experts open the way to using the web for confidential patient records

Computer experts at Salford University have successfully demonstrated that existing security software can be integrated into systems to enable the Internet to be used to transfer highly confidential patient records between hospitals and GPs’ surgeries in a user-friendly way. The system allows GPs to use standard web browsers to access the data while maintaining the degree of security required for such sensitive information. The researchers are also developing new ways to use such information to help GPs to give their patients a better understanding of their medical condition.

‘Hospitals maintain databases of information on patients with chronic conditions such as diabetes or heart disease, but GPs generally do not have very ready access to this data,’ says Dr Andrew Young, one of the researchers on the project, which is being funded by the Engineering and Physical Sciences Research Council.

Periodically hospitals may print out these records and send them to the family doctor, but GPs are keen to have better access. Furthermore, if GPs want to add something to the records they must send the information by letter to the hospital where it gets typed in, which is not ideal.

While it would be possible to create a direct computer link between the GP and the hospital this is expensive, and for such a system to be universally applicable the same equipment of the same specification would be needed in every hospital.

The advantage of using the Internet is that the infrastructure already exists. However, the big challenge is to make certain that confidential information transferred over the internet remains secure.

The Salford team has successfully launched a pilot scheme with the Hope hospital in Eccles and ten local GPs. A web server has been set up in the hospital, linked to the hospital’s database of patients’ records. A ‘firewall’ has been installed – a dedicated computer that stands between the hospital’s network and the internet. Software in this computer vets everything coming in and out of the system to ensure that any information requested is coming from an authorised source.

‘The software installed across the system gives strong authentication and encryption,’ says Dr Young. ‘The data that flows between the surgery and the hospital is encrypted, so that the fact that the Internet is an untrusted network will not compromise the security of the data. We have had to provide mechanisms to allow the hospital to be 100 per cent certain that requests for information are from valid GPs and that the GPs themselves have access only to the records of patients under their care.’

The researchers are also keen to enable doctors to use the information contained in patients’ records to help patients themselves better understand their condition.

‘One of the things the project wanted to study was the ‘human factors’ of making medical data available to patients – how to give them the information they need in a form they can understand,’ says Dr Young. ‘Initially, we wanted patients to access the information themselves but it seemed few patients wanted to do that. So we have ended up with a three-way consultation with a GP, patient and computer. The GP uses the computer but the user-interface is aimed at the patient. What we want to find out is that if doctors give health-related information to a patient based on the patient’s own medical condition, then this will have more impact on the patient than simple general advice; and will this in turn help the patient make worthwhile changes to their lifestyle?’.

A lot of work has been done by the project team to design a variety of user interfaces and test the way that patients respond to them. ‘Graphs are fine for t