Privacy and Safety
From Nhs It Info
Revision as of 08:28, 10 October 2006
Call for national standards on remote access
e-Health Insider Primary Care, 22 Aug 2006
http://www.ehiprimarycare.com/news/item.cfm?ID=2081
“GPs are calling for national standards on remote access to practice computer systems because of concerns that present methods could potentially put patient data at risk. Dr Paul Bromley, a GP in Leek, Staffordshire, and colleagues from the EMIS National User Group are unhappy that the current arrangements delegate decision-making to primary care trusts (PCTs) and argue that definitive national guidance is needed. Dr Bromley, who has developed a special interest in remote access over the last few years, says that for several years he used the solution offered by Cable and Wireless, and latterly BT, which secured the connection between the remote computer and NHSnet. He told EHI Primary Care: “It was only later, after somebody pointed it out to me, that I realised the virtual private network tunnel only went as far as the NHSnet connection, not all the way to our practice server and so could be intercepted form within NHSnet.” . . . The issue of remote access was the responsibility of the NHS Information Authority. Since its demise, however, this has been delegated to PCTs. GPs say they are concerned that no-one at PCT level will have sufficient expertise in remote access security.”
Doctors attack NHS IT system: Patient confidentiality at risk, say concerned sawbones
The Register 26 Jul 2006
http://www.theregister.co.uk/2006/07/19/patient_confidentiality_risk/
"Doctors have spoken out against the controversial £12.4bn NHS IT system that is over budget and behind schedule, claiming that patient confidentiality is being put at risk by the system. Writing in the British Medical Journal, a series of doctors have said that it is unwise to put the medical records of the entire population on one computer. . . Meanwhile a report has discovered that NHS IT system security is being compromised because of poor or non-existent mobile device security. Carried out by Pointsec Mobile Technologies and the British Journal of Healthcare Computing and Information Management, the survey has found that two thirds of mobile data storage devices have inadequate security."
NHS trust uncovers password sharing risk to patient data
Computer Weekly, 11 Jul 2006
The UK's largest NHS trust has discovered endemic sharing of passwords and log-in identifications by staff, recording 70,000 cases of "inappropriate access" to systems, including medical records, in one month. The Leeds Teaching Hospitals NHS Trust said there was a "wholesale sharing and passing on of system log-in identifications and passwords" and it warned that uncontrolled access "presents a considerable risk to the security of patient data" and consequently puts the trust at risk. The Leeds trust is the largest in the UK and includes the biggest teaching hospital in Europe. It has a budget of £730m, employs 14,000 people across eight sites and treats about one million patients a year. A management paper to the trust's main board, dated 6 July, said that in one month alone "70,000 examples were detected of inappropriate access of IT systems by trust staff". The paper added, "This took the form of wholesale sharing and passing on of system log-in identifications and passwords. The system misuse was widespread across departments, sites and disciplines." Doctors said the sharing of codes which give access to NHS systems and medical records was an ingrained practice within the NHS. This culture was recognised as a threat to the confidentiality of medical records which are due to be uploaded from local systems to a national data spine under the NHS's National Programme for IT (NPfIT). Under the NPfIT, sensitive information on 50 million people in England is due to go online, although this has not happened yet. NHS managers can discipline staff after a breach has occurred - but they cannot stop it happening. . .”
NHS database? No one asked me!
The Register 7 Jul 2006
http://www.theregister.co.uk/2006/07/05/nhs_readers_letter/
"I was horrifed to discover that here was the government creating a database of everyones patient records, records which up until now I had thought were privy only to my doctor and a few others at local level. . . I wrote to Patricia Hewitt's office and demanded an explanation and got by return a snooty letter saying how everyone would benefit from having access to their medical notes countrywide and how I should be grateful the database is being formed. . . Let's hear the other side of this debacle, how the Public is not being ASKED if it WANTS this database - what do you think the average person would say if they knew the implications of some nasty neighbour who worked in the NHS getting to look at their records or some hacker publishing their records on the Net? How cheated do you think a rape victim will feel if everybody gets to know because someone accidentally, or deliberately makes the information public? How long will it be before we all start getting refused insurance with no explanation and then find our insurance companies have read our medical history?"
GPs and their families urged to boycott NHS 'spine'
E-Health insider Primary Care 20 Jun 2006
http://www.ehiprimarycare.com/news/item.cfm?ID=1956
"Last week’s local medical committees’ conference voted in favour of a proposal to advise GPs to consider withdrawing from the spine after hearing about access to the personal demographics service (PDS) which holds demographic data on every patient in England. . . A total of 54% of representatives voted in favour of the proposal with 46% against despite a speech in defence of the PDS from Dr Gillian Braunold, national GP clinical lead for Connecting for Health and a GP in London."
Don't trust our data to NHS computers
Times Online 22 Jun, 2006
http://www.timesonline.co.uk/article/0,,8122-2236581,00.html
". . . If hackers could penetrate the Pentagon programs, the NHS database with its countless access points and numerous bona fide password holders will be easy pickings for hackers. It will also provide all the data that any government department should decide it must have so that, for example, an identity card database would be superfluous. And what happens when the system goes down, either for maintenance purposes or it crashes? No computer program is guaranteed crash-proof. I wouldn’t want my data to be unavailable when the worst happens to me. I would want it on hard copy. If the powers-that-be wanted a safe method of storing personal data, surely the smart-card system, whereby everyone had their own data on their own card kept in their purse or wallet, would be free from hackers and free from computer crashes."
When did we last see your data?
The Guardian 8 Jun, 2006
http://technology.guardian.co.uk/weekly/story/0,,1792102,00.html
"Last month, the Information Commissioner's Office (ICO), the state-funded watchdog for personal data, published a report, What Price Privacy?. The title's question was answered with a price list of public-sector data: £17.50 for the address of someone who is on the electoral register but has opted out of the freely available edited version; £150 to £200 for a vehicle record held by the Driver and Vehicle Licensing Agency; £500 for access to a criminal record. The private sector also leaks: £75 buys the address associated with a mobile phone number, and £750 will get the account details. . . Medical professionals are concerned about risks to data security caused by the creation of the NHS's Connecting for Health's Care Records Service. That will establish electronic patient records for everyone in England, accessible at any NHS site, and replace on-site computerised or paper patient records. Users log on using a "chip and pin" smart card and number. Access will be limited to those with a reason, and there will be an audit trail. Patients will be able to put sensitive information in an electronic "sealed envelope". Last week Lord Warner, the health minister responsible, said the overall programme is more than two years late - due partly to software problems, but also to disagreements over access to records. Of 787 doctors contacted recently by researcher Medix for the BBC, 44% disagreed that the proposals to maintain confidentiality of records were satisfactory, while 21% agreed. Among GPs, 57% disagreed and 13% agreed. Dr Richard Vautrey, a Leeds GP and member of the British Medical Association's GP committee, says the technical security seems state of the art. However, "the proposal is that there will be an assumption of consent that records can be shared", he says. Patients will have to opt out of sharing. And it is not clear who might see records, Vautrey says. "The patient may be happy for a consultant to have access, but not a social worker." But once data is on the national system, patients may be unable to stop access by other parts of government, he adds. That could damage the trust between patients and doctors. Patients might refuse to divulge data, or demand a second "private" record is created - just what the system was meant to prevent."
Thousands of children at risk after computer fault
The Observer, 26 Feb 2006
http://www.guardian.co.uk/medicine/story/0,,1718325,00.html
"As many as 3,000 babies and toddlers may have gone without crucial vaccinations because a privatised NHS computer system has failed to monitor which children are due for jabs and whether they have received them. An Observer investigation has found that the child health information system, introduced last summer as part of the government's £7 billion IT programme, has derailed the country's entire vaccination programme, leaving health staff resorting to slips of paper to work out who needs immunising. Several women whose babies were stillborn have received letters asking them to take their babies for their first vaccinations. . . The problems began last summer, when primary care trusts across north London and Essex, covering some five million adults and children, switched over to a new system - Child Health Interim Applications (CHIA), run by BT. The system was supposed to work across different health districts, replacing one that for years had collected all the data of the immunisation of pre-school children. It was supposed to trigger an automatic response when a child was due to have a jab. . . But, according to the Health Protection Agency and others, it soon emerged that CHIA was not capable of producing the lists needed to record immunisation status of children. Nor was it capable of monitoring the health of the children, to show whether any suffered side-effects from vaccines. "
Paradoxical access
Dr. Paul Thornton, May 2006
http://www.ardenhoe.demon.co.uk/privacy/Paradoxical%20access.pdf
"Patient records will be unavailable for care with consent but widely accessible to others contrary to the wishes of patients. . . Large numbers of patients who live close to the boundaries between clusters will find that their GP in one "cluster" is unable to share a detailed care record even with the patient's consultant in the local District General Hospital if it is in the adjacent "cluster". GP's may even be disconnected from cross boundary district nursing teams. . . The active, expressed dissent of the patient will be required to place limited restrictions on the access to information. The proposals do not reach the standard of dialogue required for "implied" consent that was set by the previous Information Commissioner."
Focus: Anatomy of a £15bn gamble
Sunday Times, 16 Apr 2006
http://www.timesonline.co.uk/article/0,,2087-2136718.html
"The Nuffield Orthopaedic Centre was at the forefront of a multi-billion-pound revolution to modernise the entire computer system of the National Health Service — and the screens had suddenly frozen. Medical staff looked on in disbelief as they tried to retrieve lost records. . . Although the system was functioning again the next day, some patient files seemed to have disappeared completely. The trust was so alarmed that it sent a report to the National Patient Safety Agency, warning that it had posed a potential risk to patients."
Publically Reported Breaches in EPR Confidentiality
Jeremy E. Rogers, Manchester University, 13 Sep 2005
http://www.cs.man.ac.uk/mig/people/jeremy/Confidentiality.html
"An e-mail error led to confidential information about 92 patients being distributed by Melton, Rutland and Harborough Primary Care Trust to 35 local organisations including the local press and local government representatives."
NHS Confidentiality Consultation - FIPR Response
FIPR, Last updated 25 Jun 2005
http://www.cl.cam.ac.uk/~rja14/fiprmedconf.html
"The fundamental question is whether the Department of Health should have a database containing a fairly complete record of every hospital treatment in the UK, including not just the treatment code and the cost, but also the name and address of the patient. A secondary question is whether the Department of Health should have an accessible central record of all a patient's care relationships. . . FIPR believes that no one in central government - whether ministers, DoH officials or NHS central managers - should have access to identifiable health information on the whole UK population. This is backed up by studies showing that although patients trust their carers with medical information, the majority do not trust NHS administrators."
Doctor's notes
The Guardian, 29 Mar 2005
http://www.guardian.co.uk/g2/story/0,,1447062,00.html
"Electronic medical records for all UK patients are in the final stages of planning. . . . But electronic medical records will not just be open to your necessary healthcare staff. Pilot studies have shown instances where the Department of Work and Pensions has accessed medical records in respect of benefit payments."
NPfIT wins a Big Brother Award
The British Journal of Healthcare Computing & Information Management, Sep 2004
http://www.bjhc.co.uk/news/1/2004/n40923.htm
"Human-rights watchdog Privacy International (PI) announced the winners of its Big Brother Awards 2004 in July. It is the sixth year that the privacy group has run a competition to name those who have "done the most to devastate privacy and civil liberties in the UK". The Most Appalling Project accolade went to England's National Programme for IT in the NHS, for its national database of medical records and its continuance of plans to computerise medical records in a way that is both insecure and dangerous to patients' privacy. Issues involving patients' informed consent and overall control of the information in the records are currently of most concern."
Computer loophole hits hi-tech NHS trial
Sunday Times, 14 Nov 2004
http://www.timesonline.co.uk/newspaper/0,,176-1358226,00.html
"Part of the trial for the government's multi-million-pound scheme to computerise the National Health Service has been halted over fears that patient confidentiality may be compromised. Medical staff in a pilot project for the "choose and book" appointments system — designed to speed up referrals to consultants — claim it gives any doctor access to any GP's patient's records and allows them to make changes. Confidentiality is just one problem detailed in a leaked memo by a project leader in the national programme for information technology (NPfIT) which outlines seven reasons why doctors have refused to use the system, even in trials. . . The leaked document informed trusts involved in the scheme that doctors in Barnsley had refused to use the system. Although clinicians had been given access from July, "no actual live bookings have taken place". The scheme was then temporarily halted. The memo details a wide range of problems. In addition to allowing any user to access a patient's records, the system does not keep sensitive details such as HIV and pregnancy terminations from being made available on the NHS's central computer."
