We all know it’s impossible to make rational healthcare decisions without access to clear and relevant information. This has always been true for doctors but 2016 looks set to be the year in which attention focuses on the availability of information for patients about quality and outcomes so they can make informed treatment choices.
At the same time, as more sensitive data is collected, processed and shared, everyone involved must play an active part in data protection or face serious consequences.
Whether you have your own independent practice or have practising rights in private hospitals, here are two key data-driven developments to look out for over the next 12 months:
- Submitting performance information
From September 2016, private hospitals will have a legal duty to submit quarterly data about each episode of in-patient care following and order by the Competition and Markets Authority. The data must be ‘sufficiently detailed and complete’ to enable the Information Organisation to publish performance measures at hospital and consultant level by April 2017.
Although hospital providers are responsible for making this happen, it’s in the interests of consultants to get involved to ensure the performance data published about them is accurate. To help this process, Healthcode has developed a solution that enables consultants to view the submitted clinical records for their admitted patients, giving them the opportunity to identify and correct discrepancies with the relevant provider for resubmission.
Healthcode is already supporting this project by validating and pseudonymising the information submitted by private hospitals. We are also working with hospitals to ensure that they can collect the necessary clinical codes efficiently and cost-effectively through our clinical coding solution which enables them to clinically code at source.
And this can be supplemented with additional Clinical Coding Management services throughout 2016.
- Data protection reform
Secondly, stringent, Europe-wide data protection rules have recently been agreed which will radically transform the way we all collect and use personal information. And these will be backed with heavy financial penalties for non-compliance which could be up to €20 million or 4% of an organisation’s global turnover.
The EU’s General Data Protection Regulation (GDPR) will replace the Data Protection Act 1998. Although GDPR won’t become law until 2018, it will impose significant obligations on all healthcare providers when it comes to information governance, including the need to classify personal data, carry out risk assessments, document processes and invest in training. It therefore makes sense to start preparations now (the ICO has said it will be updating its guidance and holding a series of educational events and webinars).
In the healthcare sector, data protection and security has to be a priority because of the highly sensitive personal information that patients entrust to us. The Government has reportedly set aside more than £4bn to improve the use of technology in the NHS in England, including £1bn on cybersecurity and data consent.
Within the private sector, Healthcode is committed to leading by example when it comes to data protection and we are actively working to ensure that our services meet the highest data protection standards to help our clients comply with GDPR. We are expanding our secure messaging service so healthcare professionals and insurers can share information in encrypted form, without compromising patient privacy.
If you are a Healthcode customer, you can be sure that your data is stored within a private dedicated infrastructure which is physically located in a secure UK data centre, rather than held in a data cloud in an unknown location. However, if you rely on a third party supplier to process or store data on your behalf, do make sure they have appropriate information security safeguards in place. Healthcode’s information security systems comply with the latest international specification for information security management systems (ISO/IEC 27001:2013).