Cambridge Syllabus Notes

6 ICT Applications – Patient Records and Pharmacy Records

Learning Objective (AO1)

Know and understand the characteristics, uses and security considerations of patient records and pharmacy records, and how they link together in a health‑care ICT system.

1. Patient Records (Electronic Health Records – EHR)

1.1 Key Characteristics

Characteristic	What it means (AO1)	Typical ICT implementation (AO2)
Confidentiality & security	Only authorised staff may view or edit the record.	Role‑based access control, strong passwords, two‑factor authentication, SSL/TLS for data in transit, AES‑256 for data at rest.
Accuracy & completeness	All relevant clinical data (diagnosis, treatment, test results, allergies, immunisations) must be current and error‑free.	Mandatory field validation, drop‑down lists from standard code sets, real‑time alerts for missing information.
Standardised format	Uses agreed coding systems so records can be shared nationally and internationally.	ICD‑10/ICD‑11 for diagnoses, SNOMED‑CT for clinical concepts, LOINC for laboratory tests.
Interoperability	Records can be exchanged between hospitals, primary‑care centres, labs and pharmacies.	HL7 v2/v3 messages, FHIR (Fast Healthcare Interoperability Resources) APIs, XML/JSON payloads.
Audit trail	Every access or modification is recorded for legal and quality‑assurance purposes.	System logs capture user ID, date‑time and nature of the action; logs are immutable and regularly backed‑up.
Clinical decision‑support (CDS)	Provides alerts, reminders and guidelines at point of care.	Drug‑interaction warnings, allergy alerts, dosage calculators, evidence‑based guideline prompts.
Data‑protection legislation	Records must be handled in line with data‑privacy laws (e.g., GDPR‑style principles).	Privacy Impact Assessments, data‑subject access requests, retention schedules, breach‑notification procedures.

1.2 Primary Uses (AO1)

Clinical decision‑making: Full patient history guides diagnosis and treatment.
Medication safety: Real‑time interaction and allergy alerts.
Appointment & workflow management: Integration with electronic calendars and task lists.
Billing & insurance claims: Automatic extraction of diagnostic and procedure codes.
Research, audit and public‑health monitoring: Anonymised data sets for epidemiology and quality improvement.
Legal evidence: Documented record of care for medico‑legal inquiries.
Tele‑medicine support: Secure sharing of records with remote clinicians via video‑consult platforms.

1.3 Advantages & Disadvantages of EHRs (AO3)

Advantages	Disadvantages / Risks
Instant access to complete, up‑to‑date patient information.	Dependence on reliable network connectivity; system outages can halt care.
Reduced transcription errors and duplication of paperwork.	Potential for data breaches if security controls are weak.
Facilitates clinical decision‑support and safety alerts.	Alert fatigue – clinicians may ignore frequent warnings.
Supports audit, research and public‑health reporting.	Implementation costs and staff training requirements.
Enables patient‑portal access and remote (tele‑medicine) consultations.	Digital divide – patients without internet access may be excluded.

1.4 Tele‑medicine Workflow (AO1‑AO2)

Patient books a video‑consult via a secure portal.
Clinician accesses the patient’s EHR, records the consultation, and creates an electronic prescription.
The prescription is sent encrypted (TLS) as a FHIR MedicationRequest to the pharmacy system.
Pharmacy staff dispense the medicine, update the EHR with a MedicationDispense resource, and the patient receives a notification.
All steps are logged in audit trails for legal and quality‑assurance purposes.

1.5 Security & Threat Mitigation (AO2‑AO3)

Encryption: TLS 1.3 for network traffic; AES‑256 for stored files.
Authentication: Username/password + OTP or smart‑card; session timeout after inactivity.
Common threats: Phishing, ransomware, insider misuse.
Mitigation measures: Regular security patches, anti‑malware scanning, user awareness training, daily backups, role‑based least‑privilege.
Audit & monitoring: SIEM dashboards to detect abnormal access patterns.

1.6 Intended Audience (AO1)

Primary users are clinicians (doctors, nurses, allied health professionals). Secondary audiences include pharmacists, health‑information managers, auditors, insurers and patients (via patient portals). Record design therefore prioritises clarity for clinicians while ensuring a read‑only, secure view for other stakeholders.

1.7 File Formats & Validation (AO2)

Exchange formats: .xml (HL7), .json (FHIR), .csv for bulk extracts.
Validation rules: mandatory fields (patient ID, date of birth), controlled vocabularies (ICD‑10, SNOMED‑CT), length limits, checksum verification for file integrity.
Schema definitions: XSD for XML, JSON Schema for JSON – records are rejected if they do not conform.

2. Pharmacy Records

2.1 Key Characteristics

Characteristic	Explanation (AO1)	ICT Implementation (AO2)
Stock control	Tracks quantity, batch numbers, expiry dates and location of every medicine.	Barcode/RFID scanning, real‑time inventory database, automated re‑order triggers.
Prescription linkage	Each dispensed item is tied to a specific patient prescription.	Unique prescription IDs, electronic prescribing (e‑prescribing) interfaces.
Regulatory compliance	Meets legal requirements for controlled substances (record‑keeping periods, reporting).	Audit logs, scheduled export of controlled‑drug reports to health‑authority portals.
Security & access control	Only authorised pharmacy staff may modify stock or dispense medication.	Role‑based login, biometric verification for high‑risk items, encrypted storage.
Audit trail	All dispensing, adjustments, returns and deletions are recorded.	Immutable transaction logs, digitally signed entries for controlled drugs.
System integration	Links with patient EHRs, laboratory systems and supplier ordering platforms.	FHIR medication resources, HL7 pharmacy messages, API‑based supplier feeds.
Data‑protection & legislation	Handles personal health information in line with data‑privacy laws.	Same encryption/authentication measures as EHR; retention schedules (e.g., minimum 7 years).

2.2 Primary Uses (AO1)

Dispensing: Guarantees correct drug, dose, route and patient‑specific instructions.
Inventory management: Alerts for low stock, near‑expiry medicines, and automatic re‑ordering.
Prescription verification: Checks for drug‑drug interactions against the patient’s medication history.
Billing & reimbursement: Generates itemised invoices for patients or insurers.
Regulatory reporting: Produces mandatory reports for controlled‑substance authorities.
Clinical audit & safety analysis: Analyses dispensing trends to improve practice.
Patient‑portal information: Enables patients to view dispensed medicines and refill status securely.

2.3 Recognition Technologies in Pharmacy (AO1‑AO2)

Barcode / RFID: Real‑time stock tracking and batch verification.
OCR (Optical Character Recognition): Scans handwritten or printed paper prescriptions into digital text for e‑prescribing.
NFC (Near‑Field Communication): Contactless patient ID cards or smart‑pills that communicate dosage information to dispensers.
Biometrics: Fingerprint or facial recognition for high‑value or controlled‑drug dispensing.
OMR (Optical Mark Recognition): Used in some audit‑paper forms to capture tick‑box data quickly.

2.4 Security & Threat Mitigation (AO2‑AO3)

Encryption & secure channels: TLS for all communications with EHR and supplier systems.
Authentication: Username/password + smart‑card or fingerprint for high‑value drugs.
Threats: Insider misuse (unauthorised dispensing), ransomware targeting stock data.
Controls: Segregated duties, regular inventory reconciliation, daily backups, intrusion‑detection alerts.

2.5 Intended Audience (AO1)

Primary users are pharmacists and pharmacy technicians. Secondary audiences include prescribers, auditors, health‑authority regulators and patients (via secure portals). Record layouts therefore balance detailed drug information for pharmacists with concise, understandable summaries for patients.

2.6 File Formats & Validation (AO2)

Exchange formats: .xml (HL7 Pharmacy/Treatment messages), .json (FHIR MedicationDispense), .csv for bulk stock uploads.
Validation: mandatory fields (drug code, batch, expiry), checksum for barcode data, business rules (e.g., “expiry date must be later than today”).

3. Linking Patient and Pharmacy Records

3.1 Integrated Workflow (AO1‑AO2)

Clinician creates an electronic prescription in the patient’s EHR (uses SNOMED‑CT for drug, ICD‑10 for diagnosis).
Prescription is transmitted securely (TLS‑encrypted HL7/FHIR message) to the pharmacy system.
Pharmacy software cross‑checks the patient’s medication history for interactions and alerts the pharmacist.
After dispensing, the pharmacy updates the EHR with a MedicationDispense FHIR resource containing drug, dose, quantity and date.
Both systems log the transaction in their immutable audit trails; the patient can view the update via a secure portal.

3.2 Link to Expert Systems (AO6.8)

Clinical decision‑support (CDS) modules embedded in EHRs are a form of expert system. Their components are:

Knowledge base: Curated drug interaction rules, dosage guidelines, allergy data.
Inference engine: Applies logical rules to the patient’s data to generate alerts.
User interface: Pop‑up warnings, colour‑coded risk scores, suggested actions.

Example: When a doctor prescribes amoxicillin to a patient with a documented penicillin allergy, the inference engine matches the allergy code in the knowledge base and displays an “Allergy conflict – do not prescribe” alert.

3.3 Benefits of Integration (AO3)

Reduces transcription errors and duplicate data entry.
Enables real‑time safety alerts (allergy, overdose, drug‑interaction).
Supports accurate billing and insurance claim processing.
Facilitates data‑driven quality improvement across the whole care pathway.

4. Systems Life‑Cycle Snapshot (AO7)

Stage	Key Activities for EHR / Pharmacy Systems
Analysis	Gather requirements from clinicians, pharmacists, regulators; identify data‑privacy and safety standards.
Design	Define data models (patient, medication, stock), UI mock‑ups, security architecture, interoperability standards (HL7/FHIR).
Development & Testing	Code modules, implement validation rules, conduct unit & integration testing, perform penetration testing and audit‑trail verification.
Implementation	Data migration from legacy paper/legacy systems, staff training, rollout in phases (pilot → full deployment).
Documentation	User manuals, technical specifications, data‑protection impact assessment, SOPs for backup & recovery.
Evaluation	Monitor system performance, user satisfaction surveys, audit compliance, continuous improvement cycles.

5. Overall Benefits of ICT in Patient & Pharmacy Records (AO3)

Improved patient safety through instant, evidence‑based alerts.
Faster access to complete, up‑to‑date information for clinicians and pharmacists.
Reduced paperwork, lower administrative costs and quicker decision‑making.
Enhanced accuracy, consistency and traceability of clinical data.
Better inventory control and resource utilisation in pharmacies.
Compliance with legal, regulatory and data‑protection standards.

6. Satellite & GIS Applications (AO6.11)

GPS tracking can be used to monitor the real‑time location of medication deliveries, improving logistics and ensuring timely receipt. GIS (Geographic Information Systems) enables public‑health mapping of disease outbreaks, which can be correlated with prescription trends from pharmacy records to identify hotspots.

Suggested diagram: Flow of information between patient records, pharmacy records, laboratory systems and insurers (showing secure HL7/FHIR links, audit trails, feedback loops, and a satellite‑GPS layer for medication delivery tracking).

Know and understand characteristics and uses of patient records, pharmacy records