I’m not directly involved in this but know a bit about the product and situation. Won’t discuss it here, but it highlights an interesting broader problem which is sending copies of records around the health system and over the internet.

GP2GP (used when you change GP practice) essentially bundles up copies of all of your records and uses HL7 v2x to send it (sFTP style but Im not in the technical detail, it is likely something more archaic) over Healthlink to another GP mailbox (sFTP folder). MMH similarly creates a copy of your records for their service. Hospitals variously have mailboxes and send results across this service too.

Historically this has all happened on Connected Health - a private VPN, which has kept most of the data off the public internet, but this has three effects:

 

1. less focus on security
2. no or very limited access for new players
3. Lots of copies which are tricky to reconcile but which all need to be kept securely.

Guessing we should be looking at how we both deal with this legacy infrastructure and standards (eg. we should be moving away from message to API based standards v2 -> v4+ ). We did plan to do this with the Hira programme.

All of this in the context of OpenAI releasing a new version of their chatGPT app to Healthkit last night, I think a lot of people will be tempted to give them their information…

Jon