Experiences of using a public key infrastructure to access patient confidential data over the Internet

A project to enable health care professionals (GPs, practice nurses and diabetes nurse specialists) to access, via the Internet, confidential patient data held on a secondary care (hospital) diabetes information system, has been implemented. We describe: the application that we chose to distribute (a diabetes register); the security mechanisms we used to protect the data (a public key infrastructure with strong encryption and digitally signed messages, plus a firewall); the reasons for the implementation decisions we made; the validation testing that we performed and the results of the first set of user trials. From a user acceptance perspective, we conclude that perceived usefulness and perceived ease of use on their own, are insufficient to guarantee that a new application will be used extensively in its new environment. Other domain specific factors, such as the compatibility and integration of the new computing system with the old the working practices of the clinicians, the costs of using the new system compared to the old, and the actual location of the computing equipment all need to be taken into account when establishing untried information technology in ´real world´ settings.