This site is intended for health professionals only

At the heart of general practice since 1960

Read the latest issue online

Gold, incentives and meh

GMC pandering to malicious patients

Health care records are increasingly being computerised and concerns are now being raised about medicolegal implications, but there are precautions you

can take says

Dr Chris Martin

Health care records are already computerised to a considerable extent. And there is little

doubt nGMS will accelerate that process.

This is because the new contract has removed any lingering concerns that paperless

practice breaches the GP

contract, and because it has

made GPs more heavily

dependent on good, complete computerised records.

But as this shift is taking place, concerns are being raised about the medicolegal implications of computerised records being used as evidence should litigation arise.

All systems now in use should be accredited to the NHS 'RFA99' standard for GP systems, and so will have an adequate audit trail. The companies awarded RFA99 accreditation are required to keep a copy of every version of the system they produce.

This is to ensure that, in the future, the software will exist to recover an audit trail made by that system.

Unfortunately, this criterion does not guarantee there will be an operable system in six years' time, let alone 25, as companies may go bust and hardware may become obsolete.

Given the audit trail, it would seem that courts should readily accept GP computerised records as evidence, as this

can 'authenticate' that the records are what they claim to be: an accurate, contemporaneous record of events that has not been tampered with.

But many practices will be going through a system change in the near future as part of the adoption of Connecting for Health systems. This creates a problem with the authentication process.

For while the data may be converted reasonably accurately from one system to another, it cannot be assumed that the audit trail is, itself, accurately transferred. And if it isn't, it follows there will have been a break in the audit trail.

Backup tapes

Current standards require that the audit trail is kept within a backup. On the face of it, this would indicate information should be acceptable as evidence.

But it could be argued that putting the information on tape removes it from the audit trail, and therefore allows it to be altered outside of the system.

For example, a court might demand evidence to prove the tapes have been securely stored and handled to prevent tampering.

This might be achieved in a number of ways. For example, a process called 'hashing' can be used, whereby an algorithm generates a number based on the file. If the files are subsequently altered, the 'hash number' will change and will now differ from the 'hash number' of the original file recorded in the log book.

A simple way to achieve something like this in practice would be to record the file size exactly in a bound log book. The file could then be 'zipped' with a standard compression package, and the new file size recorded along with the details of the 'zip' program and settings.

The zipped file should be stored separately. Anyone who tampered with the original file would have to make sure that neither the original file size nor zipped file size changed. This would be very difficult to achieve.

It is vital that the 'zip' software is retained and the settings noted as the settings or software used will affect the final file size. Ideally, the record of file sizes should be deposited with an independent third party to prevent any interference with it.

Another safeguard would be the storage of multiple copies of the backups.

If a weekly backup copy is kept, then an event that is to be scrutinised a year before can be checked in all 52 copies of the backup relevant to that event. Tampering with the data would mean amending all 52 copies without detection.

It is important not to forget simple procedures and organisation here. To be acceptable as evidence, the full history of a backup tape should be easily identifiable, including where it has been and who has handled it. This might be the most difficult part of the process to do to the satisfaction of the court.

Physical access to the servers with the backup tapes needs to be restricted to authorised personnel.

The backup log needs to include the signature of the staff member who inserts and removes the tape and then stores it under lock and key. On site, a fire-proof safe would be appropriate for storage, though space will be limited.

At least some of the backup tapes need to be stored offsite, again securely. Serious consideration should be given to finding an independent third party who could undertake to store backup tapes, old hard disks and hash logs securely.

Chris Martin is a GP in Laindon, Essex


·Backups, restoring from backups and system changes break the 'audit trail' integral to RFA99 systems

·Electronic images are admissible as evidence, but need to be 'authenticated', or proven to be accurate and unaltered copies of original

·Physical access to systems needs to be restricted to authorised personnel

·Logs need to be kept in bound books recording the handling of tapes

·Tapes need to be stored secure from accidental and deliberate damage alteration

·Complying with British Standard BIP 0008:2004 will help to achieve admissibility, but is no guarantee

Rate this article 

Click to rate

  • 1 star out of 5
  • 2 stars out of 5
  • 3 stars out of 5
  • 4 stars out of 5
  • 5 stars out of 5

0 out of 5 stars

Have your say