Q Our primary care trust has told the practice that computer maintenance on PCs and printers will no longer be paid. Can they do this?
A This question really needs to be considered in two parts.
1. Is it cost-effective to pay maintenance on PCs and printers?
Many organisations outside primary care consider it a waste of money to pay for a maintenance contract on PCs and printers. It is thought to be more economic to repair or replace items as necessary. The difficulty that general practice has found in the past is that the budgets for computer maintenance and purchase have been separate, so that there was no budget to pay for repairs outside a maintenance contract. Hence the practice ended up paying the total cost of the repair if the maintenance contract on PCs and printers was stopped. In many areas, PCG/Ts are working with the LMC to resolve this anomaly.
2. As computer maintenance forms part of cash-limited (CL) general medical services (GMS), can a PCT stop paying this reimbursement?
PCG/Ts manage the GMS (CL) budget, sometimes appearing to be doing GPs a favour by granting requests from practices for reimbursement. PCG/Ts need to be reminded that the GMS(CL) is a sum of money that is ring-fenced within their total budget to reimburse practices for capital that has to be spent by practices on the provision of services to their patients.
PCG/Ts are required by regulations to consult the LMC on how the GMS(CL) budget is used. If the PCG/T wishes to change existing reimbursements with the practice it must consult the practice and the LMC. If changes are not agreed with the practice and are implemented by the PCG/T the practice/LMC has the right to appeal to the Secretary of State for Health under Paragraph 80 of the Red Book.
Q I have read that doctors should not send patient-identifiable information via email unless it is encrypted. What is encryption?
A The basic principles behind encryption are simple and predate computers. Encryption literally means codes and ciphers.
The 'Enigma machine' made famous during the Second World War was a method of encrypting a message into a format that was thought to be unbreakable unless the receiver of the message possessed a decoder.
Encryption relating to computers is based on 'keys', which are a long series of numbers that encrypt and decrypt a message. A series of numbers can be agreed between two parties; if both use the same series of numbers, this is called symmetrical encryption.
Asymmetrical encryption is more secure, and uses two series of numbers with a mathematical link. One number is used to encrypt the message; the other is required to decrypt the message. The encryption key is called the 'public key' and is made available for anyone to use. The decryption key is called the 'private key' and is known only to its owner. The 'public key' can be thought of as a secure self-locking box that can be only opened by a person with the 'private key'.
When certain sites are visited on the internet, a small yellow padlock appears on the screen. This shows that the website is encrypted and therefore has additional security. The website address usually starts with https:// rather than http://.
Q Why does patient-identifiable information need to be encrypted when patient registration, item-of-service (IOS) information and pathology results are currently being transmitted electronically without encryption?
A Encryption technology has been around for some time. The NHS has been looking at various software programmes that could be applied to electronic messaging throughout the health service. Any patient-identifiable information that is sent via post, fax or email must be sent by the most secure route possible.
When patient registration, IOS and pathology results were starting to be sent electronically there was no applicable encryption package available and therefore the most secure electronic route was used. Now that encryption is widely available, all future electronic messaging with patient-identifiable information will need to be encrypted. This will initially apply to new applications but eventually will include patient registration, IOS and pathology results.