NHS Computers

Those who read the earlier posts about (mis)use of NHS computers and were
concerned about patient confidentiality will be pleased to see that the
Daily Telegraph today reports that the Government has apparently decided
against making it compulsory to have ones data uploaded to the National
system. If you want to opt out see www.thebigoptout.org

Retired

On 16-Dec-2006, "Retired" <(E-Mail Removed)> wrote:

> Those who read the earlier posts about (mis)use of NHS computers and were
> concerned about patient confidentiality will be pleased to see that the
> Daily Telegraph today reports that the Government has apparently decided
> against making it compulsory to have ones data uploaded to the National
> system.

No computer system is secure, those working in the IT section have
access to everything since they handle the backups, can
access the backups, and take copies of the backups.
It's the insider jobs you have to worry about.

In message <(E-Mail Removed)>,
(E-Mail Removed) writes
>On 16-Dec-2006, "Retired" <(E-Mail Removed)> wrote:
>
>> Those who read the earlier posts about (mis)use of NHS computers and were
>> concerned about patient confidentiality will be pleased to see that the
>> Daily Telegraph today reports that the Government has apparently decided
>> against making it compulsory to have ones data uploaded to the National
>> system.
>
>No computer system is secure, those working in the IT section have
>access to everything since they handle the backups, can
>access the backups, and take copies of the backups.
>It's the insider jobs you have to worry about.

you could say the same about the court system

--
dave @ stejonda

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
> On 16-Dec-2006, "Retired" <(E-Mail Removed)> wrote:
>
>> Those who read the earlier posts about (mis)use of NHS computers and were
>> concerned about patient confidentiality will be pleased to see that the
>> Daily Telegraph today reports that the Government has apparently decided
>> against making it compulsory to have ones data uploaded to the National
>> system.
>
> No computer system is secure, those working in the IT section have
> access to everything since they handle the backups, can
> access the backups, and take copies of the backups.
> It's the insider jobs you have to worry about.

That doesn't mean they can read the data.
It is quite easy to stop the IT section from being able to decode it.

"Retired" <(E-Mail Removed)> wrote in message
news:45843f42$0$8731$(E-Mail Removed)...
> Those who read the earlier posts about (mis)use of NHS computers and were
> concerned about patient confidentiality will be pleased to see that the
> Daily Telegraph today reports that the Government has apparently decided
> against making it compulsory to have ones data uploaded to the National
> system. If you want to opt out see www.thebigoptout.org
>
> Retired
>
If you think that is bad, wait until you see what is going on the new
National ID card. ALL the information is also going to be sold, so the
Government will be inciting ID Theft and facilitating it. People don't seem
bothered by that.
The only reason people seem concerned about the NHS database is because they
know it will be used to trace people when they do a vanishing act.

On Sat, 16 Dec 2006 20:10:47 -0000, "dennis@home"
<(E-Mail Removed)> wrote:

|
|<(E-Mail Removed)> wrote in message
|news:(E-Mail Removed).. .
|>
|> On 16-Dec-2006, "Retired" <(E-Mail Removed)> wrote:
|>
|>> Those who read the earlier posts about (mis)use of NHS computers and were
|>> concerned about patient confidentiality will be pleased to see that the
|>> Daily Telegraph today reports that the Government has apparently decided
|>> against making it compulsory to have ones data uploaded to the National
|>> system.
|>
|> No computer system is secure, those working in the IT section have
|> access to everything since they handle the backups, can
|> access the backups, and take copies of the backups.
|> It's the insider jobs you have to worry about.
|
|That doesn't mean they can read the data.
|It is quite easy to stop the IT section from being able to decode it.

The IT section also have access to any encryption software and keys.

On the plus side they are, or should be sworn to secrecy in a similar way
to doctors, and other medical staff.
--
Dave Fawthrop <dave hyphenologist co uk> Google Groups is IME the *worst*
method of accessing usenet. GG subscribers would be well advised get a
newsreader, say Agent, and a newsserver, say news.individual.net. These
will allow them: to see only *new* posts, a killfile, and other goodies.

Dave Fawthrop wrote:
> On Sat, 16 Dec 2006 20:10:47 -0000, "dennis@home"
> <(E-Mail Removed)> wrote:
>
> |
> |<(E-Mail Removed)> wrote in message
> |news:(E-Mail Removed).. .
> |>
> |> On 16-Dec-2006, "Retired" <(E-Mail Removed)> wrote:
> |>
> |>> Those who read the earlier posts about (mis)use of NHS computers and were
> |>> concerned about patient confidentiality will be pleased to see that the
> |>> Daily Telegraph today reports that the Government has apparently decided
> |>> against making it compulsory to have ones data uploaded to the National
> |>> system.
> |>
> |> No computer system is secure, those working in the IT section have
> |> access to everything since they handle the backups, can
> |> access the backups, and take copies of the backups.
> |> It's the insider jobs you have to worry about.
> |
> |That doesn't mean they can read the data.
> |It is quite easy to stop the IT section from being able to decode it.
>
> The IT section also have access to any encryption software and keys.
>
> On the plus side they are, or should be sworn to secrecy in a similar way
> to doctors, and other medical staff.

Under the present, paper-based system, patient files in
health centres are often stacked on library shelves in open
areas accessible to all staff, visiting contractors, etc.
The need for easy access by staff mitigates against the
need for protection. Hospitals may have separate secure
areas with better access controls.

Electronic data offers a chance to provide better access
controls. There's less need for clerical staff to see
records (or at least the confidential parts), even if that
risk is partly replaced by the IT staff.

It shouldn't be beyond current technology to devise
reasonably secure access controls. Much of the opposition to
electronic records seems to be coming from GPs protecting
their own interests, not necessarily those of their
patients. If hospital specialists have access to all
patient data - and the ability to add to it - there is less
need for communication through GPs.

On 17-Dec-2006, Dave Fawthrop <(E-Mail Removed)> wrote:

> |> No computer system is secure, those working in the IT section have
> |> access to everything since they handle the backups, can
> |> access the backups, and take copies of the backups.
> |> It's the insider jobs you have to worry about.
> |
> |That doesn't mean they can read the data.
> |It is quite easy to stop the IT section from being able to decode it.
>
> The IT section also have access to any encryption software and keys.

Those in the IT section can plug in a network monitor to capture packets,
read everybodies passwords etc, then masquerade as a legitimate
user, they can also record and copy data, and take copies offsite. It's also
possible to set up a bridge between NHS and non-NHS networks.
No way is the data secure.
There are many willing to pay for access, if litigation is involved, or
medical insurance claims where there is a fishing expedition for
prior history.

"Dave Fawthrop" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...

> |
> |That doesn't mean they can read the data.
> |It is quite easy to stop the IT section from being able to decode it.
>
> The IT section also have access to any encryption software and keys.

Why?
Don't the managers know how to run a system?
There is no reason for the IT staff to have any access to the keys at all.

>
> On the plus side they are, or should be sworn to secrecy in a similar way
> to doctors, and other medical staff.

Even less reason to trust them then.

A properly designed system would have all the data encrypted and need a
physical token and a password to decrypt it.
Smart card technology isn't new and it does work.
Even freeware can use USB keys to hold encryption keys to make stuff more
secure.

I think I would make staff wear an RFI chip in their badges or wrists so
that only authorised personnel could get as far as entering passwords.
The system would log them out as soon as they leave the terminal and audit
trails would be much better.
If the software were better a camera on the screen could /add/ biometrics
too.

In article <4585316d$0$10201$(E-Mail Removed)>,
(E-Mail Removed) says...

> Even less reason to trust them then.

That's a bit widesweeping isn't it?

Are you saying anyone who works in IT shouldn't be trusted, and if they
are sworn to secrecy, they should be trusted even less?

I agree with the rest of your post, but tarring IT staff in the way you
have is unjust and unnecessary.

Most of the dedicated IT staff I know, and I know a lot because I work
in the education sector, work there because they are genuine 'techies'
who enjoy what they do. They are not snoopers of data, the outcome of
which would be to lose their 'beloved' jobs *and* livelehoods.

Grrr...