Organisation networks: the world’s first patient-controlled health information exchange

Last week we rolled out Organisation Networks functionality. This allows organisations which trust each other’s governance to share decryption keys for looking after their local population. This is the world’s first patient-controlled health information exchange (and you can buy it on the G-Cloud NHS Framework). If you are a customer who wants to switch this on with surrounding organisations, please contact us.

How to use this

Networks automatically share decryption keys across all the organisations in the network. Each organisation then needs consent from the patient to access the data using the decryption key. PKB prompts the user to get explicit consent (e.g. with the patient in clinic); document implied consent (e.g. because the patient has been referred to the team); or ask for one-time break-the-glass access (e.g. because the patient is unconscious in an emergency).

PKB stores a copy of all private keys for all the customer’s patients in the customer’s institution-wide private key store. No matter which team creates the patient’s record, the private keys are stored by the institution, available to all teams. Each team must still get or document consent before they can access the data. This fits into an institution’s existing practices for data sharing between teams.

Any employee can document that they have the right to look at a patient’s record and proceed to look at the record. The audit trail and employment contracts allow the institution to follow up and punish abuse of these data access privileges and in the meantime clinical teams can quickly see data to provide safe care to the patient.

PKB customers in a network synchronise their private keys with all other institutions in the network. Each team must still get or document consent before they can access the data. This usually requires new processes and formal data sharing agreements between the institutions in the network. Each member institution of the network must reassure itself that that the other members of the network have the right processes to follow up and punish abuse of these data access privileges. This feature is critical for regions using PKB as a patient-controlled health information exchange. If you would like advice on the processes and assurances you need to set up a network please contact us.

About HIEs

Across the world, providers in a city, region or state are clustering together to deliver shared care. By sharing data about their shared patients these organisations improve safety, raise quality and lower costs.

Traditionally such health information exchanges have failed for a number of reasons (see below). PKB’s Organisation Networks functionality allows you to overcome these problems and deliver the full benefit of an HIE, today.

First, no traditional health information exchanges have had patients’ permission for data sharing. They lacked a consent engine, but nevertheless shared data in the interests of patient safety and care quality. Without patient permission there are always risks to patient privacy. There are also limits on scaling, with no mandate to go beyond GP and hospital, within a narrow geographical area.

With PKB, the patient’s permission drives every decision for sharing, empowering the patient to understand their health but also allowing their providers to share data across all of primary, secondary and social care. This also offers an opportunity to consent patients to take part in research as CRUK is doing for cancer patients.

Second, they lacked a sustainable business model. Traditionally each was set up with one-time funding, usually by regional governments, which would save money from increased efficiency. But the providers rarely had an incentive to co-operate, so the benefits were not realised for the regional government, nor would providers use their operating budgets to renew funding.

PKB’s software-as-a-service business model means each provider funds its own usage of the system – generating internal cost savings – while PKB’s programming APIs provide health information exchange functionality automatically. The cost of providing this built into existing clinical functionality, spread across all of PKB’s global customer base, is much lower than the cost of providing standalone HIEs.

Most crucially, HIE efforts forgot about the patient. The patient is usually the last party to get access to the data, if indeed they ever do get access. Nor can they add their own data, including symptom tracking and home monitoring devices. So the health economy never gets to benefit from the increased capability of patients to manage their own health.
PKB provides patients with all their data – safely, including delayed release of sensitive test results – so they can self-assess and self-manage. This is what will structurally change the costs of healthcare for local economies.

One comment

Leave a Reply