A lesson in basic technology and data protection

Last year Matt Hancock (The UK Secretary of State for Health and Social Care) said “I’ll travel the world looking for the best technology for NHS” as well as highlighting the need to learn from the military, business organisations and the education sector.

While it is hard to disagree with the fact we have a lot to learn from other health systems, perhaps there is much we can learn closer to home. One example of this is my recent experience with Bupa.

As something of a quantified-selfer I decided to use one of these 360 health assessments offered by a range of providers to gather some new data. In essence, they are a fancy GP appointment with a range of tests including things like blood pressure, ECG, blood test,  urine test, physical assessments, risk assessment and some time to discuss your health with a doctor. The whole thing takes about an hour and a half.

Perhaps what was most eye-opening about the experience was the process and the contrast to how the NHS does or perhaps doesn’t do things when it came to basic technology and data protection.

The Bupa process

From the outset the Bupa website was easy to use and was the first port of call to book an appointment although other options were provided. Before booking there was a simple online triage form to help you find the right service.

Having booked an appointment online I received an email confirmation with a calendar appointment attached and it went straight into my outlook calendar with a reminder for the day before.

The email also contained a link to a further triage questionnaire which captured basic information about me, my health and my concerns/goals. This was available to complete online (which I did) as well as offering a number of other options including downloading the form.

On the day I arrived at the clinic and I was checked in. I was asked again to confirm if I was happy to continue using my email as a means to receive my information. It was clear that the lady on reception had clear instructions on issues such as consent in the context of data protection.

At the appointment, they already knew who I was and why I was there. As we went through the various tests and assessments they were recorded into what looked like a clean and simple web-based system which we went through together, looking at various risk factors and how to achieve my goals.

By the time I got home from the appointment, there was an email in my inbox with a detailed report which was available as a PDF and via the online portal.

The portal required me to go through a self-registration process and there were no cumbersome paperwork or ID documents.

Having downloaded my report and reviewed my data, the day after the appointment a short satisfaction questionnaire arrived. A few days after that  I was notified by email that some additional lab results were now available for me and my journey was finished.

Assessment of the experience 

There was no rocket science here, it was all basic technology used to improve the customer experience and make things work more efficiently.

There were no arguments about whether or not email was secure or having to come in fill in forms and present identification. In fact, I didn’t pick up a pen or paper throughout the whole experience, but if I had wanted alternatives they were provided along the way.

Bupa have clearly understood the basic issus of using email and online access and sought to address them. It was not perfect, but it was an order of magnitude slicker and more efficient than my recent experiences with the NHS.

I would also hedge my bets that the experience at any Bupa centre is likely to be the same because they will have standardised processes across the various branches, which certainly cannot be said about the NHS despite being a “National” health service.

When I subjectively compare my recent Bupa experience with that of the NHS, the NHS often falls short :

I can certainly see why Bupa like many other organisations have gone this route :

• The process is demonstrably slicker, efficient and therefore more cost-effective.
• To ensure legal and regulatory requirements are fully and efficiently addressed.
• To ensure accessibility by offering a choice of access routes.
• The all-important customer convenience and satisfaction.

When basic issues come up in the NHS it seems lost in a world of misinformation and data protection myths.  “Email isn’t secure”, “patients won’t understand their data” and even plain old “our patients don’t want this”, while others have got on with it and solved these issues, including some within the NHS.

If I had to pick one fault with Bupa it is that it is acting as yet another data silo.

• I have a wealth of data from previous tests and assessments which would have added value to the service Bupa could have provided if they had enabled me to share it to give a more holistic picture of me and my health.
• While Bupa did offer to share my data with my “NHS” GP (which I declined) and they enabled me to download it as a PDF, my data was not available in a portable and easy to re-use format or accessible via an API.

Conclusion

None of this is particularly complicated and indeed many NHS systems in use today support the use of email, portals and APIs to allow all manner of apps and services.

Meanwhile, in the US the Open Notes Programme has 10’s millions of patients signed up for record access and has produced a wealth of evidence, lessons and debunked many of the myths.

While the NHS could learn a lot from the international community, there is plenty happening on our own doorstep. Bupa is just one example, but I have others where the basics just work and make life that little bit easier and more efficient.

Indeed I know within in the NHS there are pockets of good practice but the adoption and spread of this is generally poor, with many failing to get beyond pilots and small scale adoption.

For decades the technology has existed to address many of these issues and indeed much of it has been owned by the NHS for some years, yet the NHS continues to lag decades behind other sectors and even many years behind others who have moved on in healthcare.

Useful links and references

• Bupa Health Assessments
  https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-of-access/
• GP Contract Requirement: Patient online access to their GP record
  https://www.bma.org.uk/advice/employment/contracts/general-practice-funding/gp-contract-2015-2016-england/gp-contract-it-requirements
• US Open Notes.
  https://www.opennotes.org