Microsoft quietly progresses the single view of the patient/citizen
Love it or hate it, Cloud computing is delivering on a number of levels.
Customers are saving money and benefiting from best-in-class hardware, support and up-time from migrating workloads from on-premise. They are benefiting from increased physical and data security that would have been too costly or difficult to implement locally. Customers are also able to get out of the business of datacentre management when their core business is not in IT, and free up the valuable office space that these datacentres were using up to use for mission-critical activity.
In addition to all of this, something very significant for users in local government and the NHS is happening; something that is going to make interoperability and collaboration much more accessible than it ever has been before.
The single view of the citizen/patient
For years, the NHS, local and central government have wanted to be able to get a single view of the citizen or patient. Being able to look at the data on any single UK citizen in a three dimensional, 360-degree view has been the holy grail of digital desire in the public sector.
The data all exists to be able to deliver this. If we look at this from a healthcare perspective the challenges and the benefits become very clear. In the NHS, there is a complete picture of your total health history - every doctor’s visit, prescription, clinic appointment, hospital visits, scan, test and result.
The problem, is that this record is fragmented across a lot of disparate platforms that aren’t connected. The patient records held at your GP surgery are in a proprietary system that doesn’t talk to anything else except possibly your pharmacist, and even that’s a one way conversation. A completely different system holds your treatment records at your dentist. Other standalone systems hold details of any walk-in clinic treatment you may have had. Each different hospital has its own dedicated patient record system, so unless you have lived in the same area from birth and always visited the same hospital for treatment, your hospital records are also fragmented. Every test, procedure or scan they took are locked up in that location's system. Summary records are shared between each of these entities, but they are limited in detail and don’t give the rich depth that the full, unfiltered, raw data can provide.
The same is true for our records in our general life as a UK citizen, with different silos of data containing a complete picture of who we are, particularly in a social care setting.
Aggregating this data to give someone a single window into your health offers a swathe of benefits. As an example, your GP may be treating you for a condition that is a symptom of a larger illness, the root cause of which might be obvious when we add in your dental treatment history and full hospital records.
Big data = huge possibilities
You can see the picture much more clearly when you have all the pieces of the jigsaw puzzle. A large number of leading clinicians in the UK believe that aggregating patients' entire health records and analysing the data digitally will help to improve the treatment programmes and outcomes for patients. Not only is this great news for people who may be struggling with conditions that are being managed rather than treated, but it also helps the NHS save money by providing a solution to patients, rather than a long-term treatment plan.
Large big data programmes like the human genome project are expected to help healthcare professionals deliver pro-active treatment for patients in the future, stopping conditions and diseases early when they can be fully cured and with a less invasive and lower cost treatment regimen.
Barrier to entry
So, if all the data exists, and everyone recognises the benefits, why hasn’t anyone done this before?
This has been done before in pockets, but it’s expensive and challenging. There are a lot of costs tied up in licensing additional users for each of the systems in use, and problems with the proprietary nature of the way data is stored and managed in each of these systems.
One of the main barriers; in order to share data with other entities, particularly patient data, you need to make sure you have adequate access controls in place. The only consistent way to do this is to use a trusted updated platform, like an organisations Active Directory, which can identify who is a valid user and who isn’t and then set up a trust relationship through federation.
Anyone who has tried this in a traditional on-premise Active Directory world will tell you that it is no walk in the park. It’s a major IT project for every party involved, and there is a huge risk attached to opening up a hole in your security perimeter for a trusted partner. We need to make sure that hole can’t be exploited by anyone else. We also need to make sure that we protect our security so that no one compromises our systems and uses this hole to compromise our partner, and vice versa. We should also very carefully control changes down the line to everyone’s Active Directory infrastructure, keeping them in lock step, as changes could lead to unexpected results that might impact our federation.
The cost and complexity of getting this right is often THE major blocker to this type of project, leaving the only viable option as the purchase of a very expensive middle-ware platform that will supplement multiple silos for one and still require this complicated inter-connectivity, albeit on a slightly less complex model.
Microsoft to the rescue
As more and more customers adopt cloud solutions, specifically Office 365, one often overlooked advantage of this is the removal of this collaboration barrier.
Office 365 leverages Azure Active Directory for identity purposes. Every Office 365 user has an Azure Active Directory identity, whether you are running your own on-premise Active Directory instance or not.
The great benefit of this is that everyone is already on the same technology platform, all of the interconnectivity is already there, as well as the tools to manage interconnectivity and security.
So now, in Azure Active Directory, you have the power to grant access to your platform to your valued partners elsewhere in the Public Sector. Local authorities can link up with the local NHS community to collaborate on social care records, which could be managed on services like SharePoint or Dynamics 365, (essentially every patient or citizen record system is just a highly customised CRM system). There are other applications cross linking data sets in different health care settings, or merging data held in central government databases with local information to help combat fraud and target services more accurately.
The options are wide and varied, and could fill an entire future blog post, but there are a range of existing products that can be used to manage these interactions in a much more controlled manner than would have been possible on premise, upping the control of the patient or citizen information asset owner, giving confidence in the world of GDPR.
One interesting point to note, is that only one of the parties has to be in Azure Active Directory for this to work, so even at this fairly early stage of cloud adoption in the UK Public Sector, this level of collaboration is absolutely possible right now.
Security and GDPR
Office 365 and Azure obtained ISB 1596 accreditation in 2015, which means that they meet the international email security standard for handling sensitive data including patient records, though having a suitable level of encryption for data in transit and at rest on the platform.
This led to NHS England approving the use of Office 365 as a collaborative platform not long afterwards.
As long as you are able to follow some recognised best practice around how you store the information and grant or revoke access to it, there is no longer a barrier to your organisation delivering this level of collaboration with your local partners. No expensive middleware, no more proprietary platforms and the challenges that these bring with them.
Microsoft’s cloud platforms now include pre-configured GDPR management tools that will help you to adhere to the full requirements of the EU GDPR legislation, probably more easily than you can using your on-premise systems. So, if you haven’t made the change yet, the incentives are getting larger by the day.
Core can really help customers that want to leverage this opportunity for collaboration. We have extensive experience of delivering shared collaboration on the Office 365 platform across public sector. We have unmatched experience on managing access and securing platforms in line with NCSC guidance and other recognised best practice.
If you want to explore this opportunity in any more depth, please don’t hesitate to get in touch with us here.