Medical data sharing

The move to the new hospital building has brought challenges and opportunities.  For example, provision has been made for an oncology centre. As a result, a new group of us will be working together.  Most of us have electronic notes but we use different systems.  How can we share our data? What are the regulations that govern us?  We held a workshop on the issue of data sharing.  Jean Claude Smith, the founder of DigIt, ran the workshop and we discussed several topics.

Safety of Data:
Last month, about 100 000 organisation were attacked by Wannacry.  In simple terms, it is a worm that manages to gain access to a computer through emails.  By opening an unsolicited email, the worm gains access to the computer, encrypts the files and demands payment in bitcoin to regain access to the data.  Amongst other organisations, the NHS was attacked.  I am sure individual doctors around the world were also targetted.  Jean gave us the following advice:

1. Prevention is the best method of defence

2. Don't open unsolicited emails or download suspicious files

3. Regular backup

4. Install anti ransomeware engine on your computer

5. Turn on Windows firewall

POPPIAct: how does it affect us?
In 2013, South Africa passed legislation known as the POPPIAct.  The aim of the act is to ensure all South Africans store, share and use data responsibly.  As health practitioners we:

1. Must give consent before our data is shared

2. Need a valid reason for collecting data

3. Are responsible for ensuring the data is used correctly

4. Must know who has access to the data

5. Must maintain the safety of the data

6. Must collect data accurately

So, as a group of individual doctors, can we legitimately share our data, adhere to the POPPIAct and still use our own electronic notes?  The answer is probably "no".  The problem is not unique to us.  In 2011, the NHS scrapped an attempt to merge notes having spent £12bn

For us, it looks as though sharing will not be possible so we will have to start again