What Ireland's HSE CIO Richard Corbridge has learned from the NHS, and what HSE can teach other health services

It may be 15 years behind the NHS in terms of technology, but HSE may be able to learn from many of its counterpart's mistakes

The damning criticism of the NHS - and particularly some of the disasters it has had from an IT point of view - can be put into perspective when Richard Corbridge, CIO of Ireland's Health Service Executive (HSE) suggests that Ireland's equivalent of the NHS is about 15 years behind in technology terms.

But that doesn't mean that other health services around the world can't learn from HSE, just as it is learning from some of the mistakes that other health services have made.

For example, those working in US healthcare have been interested in the way that HSE has been able to deliver the individual health identifier (IHI) - a number that can be used to safely identify an individual and link their health records from different systems together. Corbridge explains that the interest from the US - which doesn't have a single identifier for health - stems from legal rather than technological considerations, but he is enthused about the technology underpinning the IHI, which was implemented using Oracle Healthcare Master Person Index (OHMPI).

"Ireland's primary care service has existed for 15 years on an Oracle stack and has grown and evolved and been upgraded, and now the IHI is in the same stack through the latest OHMPI solution, along with the security stack and database layer around that," he tells Computing at Oracle OpenWorld 2015.

This, Corbridge explains, has made the solution fit for purpose in 2015, and a better option than buying something new that may not integrate with HSE's existing IT infrastructure.

But as Oracle has had a presence for so long at HSE, has it become overly customised and therefore too hard to replace?

"No, a genuine piece of work was done to understand whether it could or should go anywhere else and it wasn't due to customisation it was due to trust; this system has paid GPs and reimbursed GPs for more than 15 years, and there's such a wealth of knowledge in the team [who] work around it and the trust of what it delivers that to build on top of it seemed like the right thing to do," Corbridge states.

Opting in and opting out

One area where Corbridge feels the HSE has much to learn is the consent process, which he says will be controversial no matter what. In England, the NHS has been heavily criticised for its approach to gaining users' consent for using their data for its care.data programme - where it initially said the default position was for people to be opted in, and failed in its attempts to make the general public aware of the fact that they could opt out.

"Ireland needs to be aware of the different ways that people capture consent. So assuming that everybody is going to be happy within an assumed consent process has been proven to not be the right way to go; but trying to get everybody to come forward and share their record is also too slow," he says.

"What Finland has done is financially recompense clinicians for the number of patients they get consented into clinical records - that's something that can be considered. Obviously there is the Summary Care Record process in the National Programme for IT (NPfIT) where every patient was written to and told to come forward if they weren't willing to give consent," he adds.

Corbridge says that Ireland isn't attempting the same type of project as care.data though.

"What we're doing is starting to share information in 2016 for the purposes of receiving care, so we're having a single maternity system and a single lab system which are the first steps to that journey," he says.

The IHIs are unique, non-transferable, life-long numbers for each citizen that do not hold any clinical information but instead serve as detailed demographic records. HSE has created two "flags" for the IHI: one is consent to share for clinical care, and the other is consent to share for clinical research.

"Currently, there is no legislation behind that; it's entirely a technology piece. So we've just said when we do understand what [Ireland] is going to do about consent, it would be stored once and once alone and not on every system across the land. By saying that from the start, it lets us create an additional consent to share for clinical research purposes that future-proofs our systems," he says.

Risking privacy and your life

Corbridge wants to flip the view that patients who are giving consent to using their data are risking their privacy.

"What we're trying to do with the IHI and the sharing of records is making clear that while it could be portrayed as a privacy risk, having records digitally means we can see who has looked at them and we want to be able to empower patients to know who has looked at them," he says.

In addition, Corbridge believes that digital records are easier to store - and less likely to be lost than paper records, which again should aid privacy rather than hinder it.

"Having digital records, having records in the cloud, having an identifier, is actually as much about creating privacy as it is about efficiency and patient safety," he says.

The terms of the opt-out need to be carefully thought through so that patients do not risk damaging the quality of care available to them.

"Imagine you were given permission as a patient on every data item that you didn't want to share, and then you turn up at A&E and effectively have an incomplete record, then the clinician can't see the things you've blanked out. He or she shouldn't really provide clinical care against that record if he only knows half of the story," he says.

Selling data

One of the primary concerns that privacy campaigners have with NHS's care.data programme is where the data goes, or who it is sold to. An internal review by the NHS Information Centre (now HSCIC) back in 2014, found that millions of patients' NHS data had been sold to private companies - including insurance firms and pharmaceutical companies -over the past decade.

Corbridge believes that national health organisations need to determine whose data it is - whether it's the HSE's or a patient's data.

"At some point I think globally, healthcare systems will realise the data belongs to the patient. It's the patient's data. We're custodians of the data about them," he says.

HSE is trying to empower haemophilia patients to be able to add to their health records; if they have a bleed they can add this information in, explain how bad it was, what treatment they used, whether they needed more treatment, and these treatments can then be delivered to the patient and scanned on their phone. Next to be able to add to their health records will be epilepsy patients, Corbridge says.

So with some patients giving out more information on their health than others, does that mean insurance firms will get access to that data?

More than 50 per cent of Irish citizens have private healthcare - it is an insurance-led healthcare system - and Corbridge says one of the reasons it went for an IHI number rather than the Personal Public Service Number (PPSN) was to make the information more easily available to the private sector. He insists, though, that the patient decides what data gets shared with an insurance firm.

Corbridge says that HSE could one day have a partnership with insurance companies - but that it would have to be carefully managed, with patients completely involved at every stage.

"If at any point it looks like health delivery is handing information to insurance [companies], then trust in health data is removed from the patient. I strongly believe that the patient needs to have trust that we are custodians of their data, and we can do what we can with that data to provide care and if there is any decision for the data to be used for anything else then it is up to the patient to make [that decision]," he says.