Tuesday, July 06, 2010

Central servers

Is it just me? I fell distinctly uncomfortable with the prospect of universal, centrally held servers.

Oh, I can see the advantages, sharing info between practices, easy transfer of records etc.

However, as the data controller, how can I guarantee control when I don't physically have access to the server? I am less than reassured by the presence of robust audit trails etc, as that sort of thing is very useful after a breach has occured but useless to prevent such a breach occuring in the first place.

http://www.ehiprimarycare.com/news/6054/inps_wants_vision_360_to_be_gp_system

That is the article that has got me thinking (again) about this. I understand that EMIS Web will be the only EMIS product with accreditation for EPR2. That is a shame, as many practices will not wish to change just for that, and EPR2 is one part of the CfH schema that may actually be of use and benefit to practices. It appears that INPS will be keen to see a move to their new system, though of course Vision 3 will remain compliant.

There is a part of me that hopes that IT spend will be part of the devolved budget that comes through with the commissioning changes. GPs could once again then start driving the process of development rather than reacting to it.

Another example of where control needs to be wrested from the PCOs.

2 comments:

sewa mobil said...

Nice article, thanks for the information.

Adrian Midgley said...

It isn't just you. Among other problems are reliability, and that the major threat to security of data are the people who regard themselves as protecting it on the central servers.

Midgley's Rule, which I enunciated at an LMCs Conference and diagrammed in various places, of automatically accounting to the patient each access to their record has other advantages, some of them for us and patients, but does encourage honesty and checking by those who beleive that _of course_ the patients won't mind them reading the notes.

A distant and centralised group of custodians doesn't.