It’s not so long since the EHI Awards 2014, but I can’t help thinking that there’s a prize missing from them – the ‘red flag’ award.

Let’s rewind. In 1865, Parliament decided that self-propelled vehicles were so dangerous that they should be limited to 4mph and be preceded by a man with a red flag.

This would warn other people of the vehicle’s presence and enable them to get out of the way. The Act also required two people to drive each vehicle.

While at first this was sensible, it was clearly counterproductive to automobile development. After all, it took away the very benefits that would encourage people to buy cars: speed and convenience.

And although steam-powered road vehicles often needed two people to operate them – one to drive and one to put coal in the furnace – the internal combustion engine instantly rendered the role of the fireman redundant.

Eventually of course the Red Flag Act was repealed and, with its vehicles freed from a ridiculously restrictive speed limit and forced overmanning, the automotive industry expanded hugely.

Nominations, please

And so to my suggested prize. I want a ‘red flag award’ to be conferred on whatever NHS regulation or industry practice most inhibits the development and/or widespread use of high-quality medical IT.

This isn’t an exercise in cynicism. Identifying what currently interferes most with the advancement of medical informatics immediately tells us what to change first. Three contenders for the 2015 award come to mind:

Forwarding records in paper form

My first nomination would be the regulation that requires all GPs to send a complete paper copy of the GP notes to a new doctor when a patient changes practice.

Even if the full record is sent electronically – using GP2GP or other means – and despite some innovative local arrangements, we are still – in theory – required to print out everything written on the computer, plus every document scanned into the patient record.

At a stroke, this rule removes all the time- and cost-saving advantages of the electronic record. What’s the point of scanning all received mail and shredding the originals (saving time on filing and reducing storage space) if three years down the line we have to waste money, printer ink, staff time and trees printing them off again, folding them into a small Lloyd-George-sized record (try it!) before sending them for forwarding to the practitioner services unit; where a sizeable percentage historically have got lost?

The solution is easy: change the regulations to require practices to forward only that part of the record which hasn’t been received electronically in an appropriate form by the new practice.

Information governance

My next nomination concerns information governance. The NHS is a single central organisation — but because it subcontracts its work to technically independent providers (GPs, hospitals, independent clinics and the like) it falls foul of information governance regulations.

The ensuing legal morass over consent to view the patient record then interferes hugely with the swift interchange of important medical information.

The most publicised difficulties have been about invoice validation and the Section 251 problem, but we mustn’t lose sight of the many local issues relating to consent and transfer of clinically important information.

As informatics lead for the clinical commissioning group, it seems that every fortnight I have to advise on whether a particular group of healthcare workers can share their patient records with other clinicians who just happen to be working in a different unit of the same NHS.

All of this wastes time, interrupts information flow and absorbs considerable resources that would be far better spent on direct patient care.

These barriers also work strongly against the principle of Caldicott 2 — the duty to share relevant clinical information. To make it even worse, most patients think we exchange this information already and are truly shocked to find that we don’t.

The solution is simple: amend the law so that the NHS, its sub-contractors and its third-party providers are all legally considered to be a single organisation for the purposes of IG and data protection. Most of the NHS’s IG problems would disappear overnight.

Pass the password

Why do we need so many passwords for our clinical applications, each with different rules about the characters to be used, and with different expiry cycles? And why does logging-on take so long?

We need the approach common in pubs and restaurants: a single sign-on. A bar assistant swipes his card in at the till, which immediately treats him as its user. When the next attendant swipes her card, the till immediately swaps to her as user.

Compare that with what happens in my surgery. I log into Windows (with a username and password); then into my Smartcard (another password); then into the primary care system (with my Smartcard, or alternatively by typing in a different username and password to my Windows username and password); then into the invoice validation system (another password, which has to be changed on a different time interval), NHS mail (ditto), our CCG’s extranet (ditto), our referral advice database (ditto)… All this takes up time, every single day.

It’s even worse in the admin office, where individual members of staff frequently need to operate more than one workstation in parallel (repeat prescriptions and scanning, for example), even though they only have a single Smartcard.

There is no ‘instant swipe’ to log them into the new computer and all its active programs. Instead, staff have to log themselves out of the first computer, log themselves into another computer (and into all its programs), work there, log themselves out, go back to the first workstation and log back in again…  

It’s a four-minute job each time. No wonder that staff in many practices log in to just one computer during the day, then use each others’ workstation logins and Smartcards as and when they need. Sharing workstations like this is great for keeping abreast of the work, but lousy for IG and audit purposes.

In addition, obliging users to change their passwords regularly is in itself good – but require it too frequently, and in the wider scheme of things it leads to users making compromises so they can actually remember their passwords. It’s all a wonderfully safe method, totally undermined by its impracticality.

Instead, we need a single sign-on to all our medical software using the Smartcard, with instant swapping to our own screens at whichever workstation we’ve moved to. It’s already being done in some hospital departments — why can’t it be universal across the entire NHS?

And what would you nominate for the 2015 ‘red flag award’?

Dr John Lockley

Dr John Lockley is clinical lead for informatics at Bedfordshire Clinical Commissioning Group and a part-time GP.