[Gllug] NHS opt out - long.

Mark Williams mark.666 at blueyonder.co.uk
Wed Jan 24 22:16:32 UTC 2007 

On Tuesday 23 Jan 2007 11:02, - Tethys wrote:
> On 1/23/07, Martin A. Brooks <martin at hinterlands.org> wrote:
> > Point two perhaps, GIGO applies.  But, as I read it, there's no
> > suggestion that the data was modified by an unauthorised person.
>
> But the whole point is, there is no knowledge of who that person was,
> so it's impossible to tell if they were authorized or not.
>
> Tet

<Mark Jumps in towards the end of the thread>

As a GP, I get to see this juggernaut heading our way.
There is security; all NHS staff have a "smart" card, chip & pin with a 
bank-style password - you can't just find a post-it with a password, you have 
to know where the owner leaves their card overnight too.
There is knowledge of "who that person was" - although this may well be 
knowledge of who left their card in sight & told their PIN, rather than who 
dunnit...
There is also a fair bit of restriction on most cards, so you'd have to pinch 
a doctors or nurses card, not the cleaners. So you'd at least know that the 
card used had belonged to an authorised person.

The data input is not being done in India - the plan is to use extant records 
or at least record-keeping systems, and the Govt thinks we (GP's) are going 
to go through all your records with you & decide what goes central. 
Presumably at the weekends...
The programming, on the other hand, IS being done in India - we already have 
good GP IT systems, the original plan was to scrap this; I asked our local 
Accenture bod about beta testing, and was told that as it had passed the 
Govt's conformance testing it was ready to roll out. Nice.... But at least 
this particular company has ducked out now. The others have, er, noticed that 
there's a rival product or two already out there.

I might also mention that we have been complaining about this nonsense since 
it was announced, and in fact before - glad to see you guys joining us! It's 
not the idea of having access to records - this could be useful if done right 
- it's the implementation that's crap.

If you want an example weakness; Mr Footballer is rumoured to have the clap. 
Mr Reporter turns up in my out-of-hours clinic, claiming to be him. I'd not 
recognise a footballer, there are no patient ID cards, so I believe him - why 
not? He asks for a repeat of his tablets from last week - and maybe leaves 
with a nicely printed copy? There are a million scenarios.

You can just see Nurse Pissedov going to leave the UK tomorrow, looking up 
Tony B's records (or Liams - did he have his MMR?) & flogging it from 
Heathrow - so useful to have an audit trail on that the next day.

That said, I don't think commercial organisations will get bulk data leaks - 
too embarrassing for both sides. Ministerial access though, I take no bets 
on. Also bulk data leaks at 200 baud, which is the subjective speed we get, 
aren't that useful. My "10Mb" NHS-net line does up to 46Kbps, mostly, with 
rare flashes of 460. Painfully slow to retrieve one person's data, and it 
only does name/address right now. Most easily accessible/penetrable places 
aren't as fast as mine, you'd have to get a very central leak to be 
worthwhile.

The sub-projects; "Choose & Book" sees all hospital referrals going through an 
external agency who *promise* to look after the data on who's being referred 
for what. Electronic prescriptions: Again, all those little green forms go on 
computer before they're printed, and get retyped now. The saving here is 
colossal - and we get to not physically sign 100 odd forms a day, so this one 
WILL happen, but again there is a central database of all of them. That is 
now & has been for some years, and to be fair I know of no leaks.

Bear in mind that MP's will have their records off the system, or at least 
under false ID's - that's not a guess - & consider how much they trust it 
themselves.

One last thought; 1:20 have a criminal record (of some sort)
3,000,000 NHS employees.
150,000 ? 

Enjoy those few thoughts for me :)
Mark

-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list