Frequently Asked Questions MIG & Information Sharing
Total Page:16
File Type:pdf, Size:1020Kb
Frequently Asked Questions – MIG & Information Sharing
What is the remit of the MIG project? The project is a step towards the vision for a Great North Care Record (GNCR) through the introduction of the Medical Interoperability Gateway (MIG) across the North East region to enable relevant NHS health professionals providing care to patients in emergency or urgent care settings, to view medical records.
What is the project delivering in terms of Data Sharing Agreements? IG professional from across the region were engaged to advise on developing the ISG MoU to make it fit for the future and to roll out the full DSA (3 tiers comprising MoU sign off, Data Summary creation and sign off and Data Flows creation and sign off) for U&EC only.
Why do some Data Sharing Agreements specify Trust-wide access whilst others are limited to A&E settings (i.e. emergency routes)? The project has provided additional DSAs in order to introduce a minimum standard of sharing. This is in addition to the existing DSAs which were developed locally 2014-2016 and these remain unchanged.
What are the existing Data Sharing Agreements in place (developed locally 2014-2016)? Northumberland, North Tyneside, Newcastle & Gateshead GPs (patient records viewed by NTW Mental Health, Ambulance & 111, Northumbria Healthcare Trust, Newcastle Hospitals Trust, Gateshead Health Trust, GP OOH) Hartlepool & Stockton GPs (patient records viewed by GP OOH)
Which organisations have Data Sharing Agreements which allow the patient record to be accessed anywhere within their organisation, by an appropriate clinician? Out of Hours Mental Health Ambulance & 111 Northumbria Healthcare, Newcastle Hospitals & Gateshead Health (to view patient records from Northumberland, North Tyneside, Newcastle & Gateshead GPs) For these organisations, patient records can be viewed anywhere within the organisation provided the patient provides explicit consent and the healthcare professional has a legitimate relationship to access the data.
Which Acute Foundation Trusts have Data Sharing Agreements with *A&E as the specified setting and how can this be managed technically and from an auditing perspective? Northumbria Healthcare, Newcastle Hospitals & Gateshead Health (to view patient records from Sunderland, South Tyneside, Durham, Darlington & Tees GPs) South Tyneside, City Hospitals Sunderland, County Durham & Darlington, North Tees & Hartlepool & South Tees (to view patient records from all participating North East region GPs) For these organisations (and the listed GPs), patient records can be viewed only within the *A&E healthcare setting, as specified in the Data Sharing Agreement Data Flow, provided the patient provides explicit consent and the healthcare professional has a legitimate relationship to access the data.
* The term A&E refers to all emergency routes
[email protected] As some Foundation Trusts use the same technical system for all departments, to prevent the patient record being accessed out with the specified setting, algorithms will need to be put into the system to restrict access and audits will need to take this into consideration.
What do receiving organisations need to monitor within their MIG access audits? Professional qualified staff with legitimate relationships to access the data Patient consent to access data at direct point of care Emergency access (best interest decision)
How can the project be extended beyond U&EC settings? To extend the project beyond A&E (i.e. Foundation Trust–wide) new data summaries and data flows will need to be created.
Is patient consent assumed when a referral is made? Referrals are made with implied patient consent, eg ‘I am referring you to X department at the hospital for X procedure’, however the consent to view the MIG is not implied, it is explicit.
What are the Information Commissioners Office concerns over sharing via TPPs SystmOne (March 2017)? ‘The ICO has highlighted concerns over patient records being shared through TPP's clinical system SystmOne, whereby GPs are unable to specify which other organisations can have access to their patients' records. If sharing of patient records (functionality known as eDSM) is turned on in TPP SystmOne, these records can be accessed from all TPP SystmOne sites. The practice cannot selectively control this accessibility - it is all or nothing. When new sites join they too can access all other sites.” [BMA website]
What is the advice from the ICO on the eDSM issue? “The ICO has data protection compliance concerns about SystmOne’s enhanced data sharing function and the potential risk to patients’ medical records held by GPs. However, given the possible impact to patient care, the ICO is not advocating that users switch off data sharing.” [ICO website]
What is the advice from the GNCR on the eDSM issue? “Based on the advice from the ICO we suggest that practices do not immediately turn off the eDSM function where it is already in place and do not sign or put in place any new arrangements until we have issued further advice and have worked with the whole system to understand the implications and resolutions.” “There is General Practitioner Committee advice around this which we are expecting imminently and will share.” [Dr Joe McDonald, Director GNCR] For the latest information, please visit www.greatnorthcarerecord.org.uk