Crowdsourcing Audit Trail Monitoring

The Today programme had an interesting piece on the NHS Summary Care Record issue this morning, most notable for Evan Davis’s excellent interview with a representative of Connecting for Health which he opened with the deceptively simple question “Can you tell me how many people will have access to my Summary Care Record”. After a number of attempts not to answer the question the interviewee was eventually skewered when he was forced to admit that there was nothing to stop any member of NHS staff with access to care records anywhere in the country from accessing it.

In fact, he admitted, the only real constraint was the existence of an audit trail that could catch people out. Of course audit trails only work if people are actually reviewing them and are in a position to spot discrepancies and investigate them – in a system the size of the NHS care records system I imagine this will be a task of mammoth proportions and the actual risk of any individual being caught will be negligible.

As it happens this is an issue of some personal relevance because I recently received a letter notifying me that my SCR would shortly be created and uploaded to the central database and offering me the chance to opt-out. In fact the leaflet enclosed with that letter alluded to the current lack of security by starting the discussion of who would be able to access records (at the top of page 7) with the words “When the new system is fully up and running…” thereby revealing to anybody paying close attention that proper security is not yet in place.

In particular although your records are only supposed to be accessed by people involved in your care there is nothing to actually enforce that other than the audit trail, as the CfH representative was eventually forced to admit in the radio interview. Even when proper security controls are in place certain people, such as emergency department staff, will probably need to have fairly broad rights to access anybody’s records so the audit trails will still be important as the main constraint on at least some users.

One other feature of the SCR system is something called HealthSpace which is a web portal where people can view their own records and it occurred to me that this provided an interesting opportunity for crowdsourcing the problem of monitoring the audit trail in an effective way.

The idea is that, first of all, in addition to providing access to your records the portal would also provide access to the audit trail showing exactly who had accessed your records. On top of that you could add email alerts that would inform you whenever your records were accessed, or perhaps just when a new person who had not accessed them before accessed them for the first time.

The advantages of such a system should be obvious – firstly there would be far more people monitoring the audit trail than the NHS could ever afford to employ to do it. Secondly each person would only be monitoring a small piece of audit trail – a piece that they would be familiar with (so they would know who they would expect to be accessing those records) and in which they would have a direct interest in detecting and reporting any misuse which it revealed.

Interestingly I note that the NHS Care Record Guarantee does say (commitment 11 on page 9) that “You will be able to ask for a list of everyone who has accessed records that identify you, and when they did so” although it doesn’t sound from that like they will be automatically available through HealthSpace or that any sort of alert mechanism is envisaged at the moment.

In any case I have personally decided not to allow my records to be uploaded until the current security regime is improved – if you want to do the same then information on how to do so, including the form you need to give to your GP can be downloaded from the care records web site.

Leave a Reply