Lib Dems call for new NHS data security rules

The Big Opt-Out

In case any readers haven't yet registered their desire to opt-out of the NHS database and are prompted to do so, the NHS Confidentiality Campaign has a form letter here:

http://www.thebigoptout.com/optoutletter

Erm...

Pretty much all but the last are already in place, in not so many words. The problem tends to be end users who think it all applies to Other People.

Erm

AC because this is something I kno 2 well. NHS iz meh clientz.

Let's consider the 5 points....

1. The Department of Health should publish minimum standards for the protection of data on mobile devices and ensure that all NHS staff are aware of their particular responsibilities.

Really? First off - define "mobile device". Does this include pagers? Or mobile phones? Data protection and security standards already exist. This is contradicted by point 2.

2. Patient records should not be stored on mobile devices and strict rules must apply to control the copying of data. Any exceptions must be authorised after a risk assessment.

No need for the protection of data on mobile devices if you don't store data on them. My partner works in the NHS and can connect to work via VPN, but the laptop build is quite fierce. Local printing? No. USB storage devices? No. It's a DVD-Rom, not a rewriteable. The only way to get anything out is to email as an attachment, but that can easily be stomped on if required. And she has no access to patient data. With decent role profiles, you could be very selective about email attachments.

3. All mobile data devices should be protected through appropriate security controls, including the use of authentication, encryption, and other technical separation controls as well as registration and allocation of devices to an 'owner'.

Erm.... doesn't point 2 render this largely irrelevant?

4. Lapses in standards of care should be regarded as potential serious misconduct.

Care? What is "care" - to me that means patient care. If we are talking violations of security policy, this is a violation of TRUST. Which is significantly different. And it is regarded as potential serious misconduct already. It's more "loose lips sink ships" rather than letting someone die due to neglience/malpractice.

5. The government should formally abandon its plans for a national patient database.

Why? With the right safeguards in place, this is a no-brainer. It saves lives. Let me put it this way. I have a serious medical condition. Some standard treatments can kill me. If I am unconscious and poll up at A&E, I want them to be able to access my patient records so that they don't kill me. Also, I moved house recently. This caused me all sorts of problems with records and the non-seamless transition of care. And the duplication of effort. Worst case, re-keying of data. Been then, done that and it is a fearful waste of money.

Oh, some of the e-enabled bits of the NHS aren't that e-enabled. The box that you send stuff to actually has tiny people in it, who print stuff out on tiny printers and re-key the data on tiny computers.

With the right safeguards, I repeat. Some parts of the NHS already have them, but there are weak points such as PCTs, single handed/small GP surgeries (as opposed to big practises) and consultants with both NHS and private practise who push patients between the two.

Oh yes, the government's approach to NHS IT is fundamentally flawed - but that does not mean that the goals are wrong. OK, some of the mooted ideas about passing on non-anonymised data to researchers are just plain wrong, but the general impulse is right.

The reasons for the failure of public sector IT projects are many and various. One very compelling argument I've seen is that the magnitude of the projects is much greater than is seen in the private sector, in terms of the numbers of persons it deals with.

I can remember reading a very interesting article about standards for patient records in Scientific American - but my memory isn't so good. Can someone oblige?

The theft of an entire GP system? Well, it should have decent security. But, even so, the fact that an entire system can be stolen suggests a lack of physical security. For example, steal my server? No. Not unless you are prepared to get past my cameras, my alarms and carry fairly meaty grinder. I've bolted my server into a concrete foundation with big security bolts. And the server has an alarm too. It's encrypted too. That's if you can spot it. It's in an non-obvious location. Other things as well. None of them particularly expensive.

Which brings me back to the 5 points. Where is the mention of physical security? Nowhere. Physical security is the primary line of defence against a lot of the hoo-hah we've seen about government departments losing data, etc... USB sticks - wear round your neck on a lanyard in side your shirt. Laptops. Never on display. Keep out of site behind at least two sets of locks. Etc...

Weebles.

small practices are quite secure against actual threats

I'd disagree that large practices are necessarily more secure than small ones. As a singlehander I knew everyone who should be in the building. As one of three partners I still do. As one of 15 ...

And I don't think the national database is the way to go. Access under rules to distributed and existing systems is a more informatically sensible and more secure approach. It also looks a lot easier to implement - build a terminal which lies to the clinical system about being one of the usual terminals, and works through the usual messages to that clinical system to ask the usual questions, while talking on the other side to those it believes to be authenticated users outside.

Authentication is also better distributed, but there is a role for a central system - just a smaller and better understood one than the alleged spine.