Your Leader (Herald 27th February 2010 ) correctly identifies the great loss of confidentiality by patients in the proposed NHS system. Such a loss of patient confidentiality may be viewed as a worthwhile price to be paid in return for the greater convenience and efficiency to NHS staff. While this may generally be the case, some patients (particularly those in the public eye) or those who suffer from socially less-acceptable ailments, certainly will not be convinced. Furthermore, someone with “nothing to hide” at one particular age, may well change their mind later on. For these reasons, any opt-out system, or an opt-in system relying on a limited number of permissions by the patient is unacceptable.
In the proposed system, any deviation by any person with access to the system is a potential risk to patient confidentiality. Any desk left unguarded for a moment is also a risk.
First, the electronic health record must belong to the patient themselves. Any sharing of information with the GP or Consultant must be at the patient's behest.
The maintenance of confidentiality became much easier with the invention of dual key cryptography about twenty years ago. This seems quite magical. Every participant has two paired cryptography keys, one of which is known as the Public Key. It is widely-known (in fact it could be published with its owners name and address, either on paper, or online as part of an email browser). This can be used by any person to encrypt, and send a secret message to the participant. The clever part of the invention, is that the message cannot then be decrypted using the Public Key, but only by the Private Key –which, of course is known only by the participant receiving the message. Thus a message can be sent in complete confidence as only the intended recipient - the holder of the Private Key can de-crypt it.
Dual Key cryptography also can largely overcome a second important problem: that the message is really being sent by a genuine correspondent, not someone sending a spoof encrypted message to the recipient. This is countered by the respondent first encrypting their reply using their own secret Private Key, before replying to the originator – using the originator’s Public Key.
An analogy to public-key encryption is that of a locked mailbox with a mail slot. The mail slot is exposed and accessible to the public; its location (the street address) is in essence the public key. Anyone knowing the street address can go to the door and drop a written message through the slot; however, only the person who possesses the key can open the mailbox and read the message.
An analogy for digital signatures is the sealing of an envelope with a personal wax seal. The message can be opened by anyone, but the presence of the seal authenticates the sender.
Thus these two changes: namely the ownership of the electronic medical record becoming that of the patient or their attorney, and the adoption of Dual Key encryption by the NHS greatly mitigate the problem of reduced patient confidentiality.
Yours sincerely,
Douglas R McGregor
