(Fwd) R.I.P. and NHSNet

[Mary Hawking]

In message <000001bffb10$a6c8f6e0$eb65fea9@mycomputer>, Dr Alan Hassey
<alan.hassey@btinternet.com> writes

>Mike
>The NHS Encryption Programme Board will have to reconsider the use of
>encryption in the light of RIP. As far as I can tell, NHSnet is the same as
>the internet for legal purposes. The law may require NHS professionals to
>provide clear text of encrypted messages (initially path results) & even
>keys in the same way as for ISPs. NHS data is not to be treated as a special
>case to the best of my knowledge. I've got some background reading to do on
>all this & may be able to report further later...
>
>Mary's concerns are mostly justified, but she does need to remember that
>doctors do not have an absolute duty of confidence & never have enjoyed the
>same privileged client relationship that solicitors do. We always could be
>compelled to disclose confidential information or risk a contempt charge.

I appreciate that - but this used to require a court order - and only
apply to one individual...
My understanding of the R.I.P legislation is that it is aimed at
obtaining access to *all* the email addresssed to or sent by an
individual. If this is the case, having Al Capone as a patient could
comprimise the confidentiality of the other 2499 patients on the
list....

> I
>am not sure how we stand on disclosing to a patient that a request for
>access to "their" records has been made....

You can't - 2 years in jail for not disclosing the key - and *5* years
for telling anyone else that you've been asked!

> Each EDI message (initially at
>least) will contain multiple EDI transfers - potentially hundreds - for
>incorporation into individual EPRs. Disclosure of the the clear text EDI
>message will therefore be a breach of confidentiality for many patients at a
>time.
>
>For now the - message must be informed consent... Tell patients what's
>happening & talk to your medical defence society if any of the security
>agencies ask for clear text transcripts of EDI messages.

Is anyone frrom the GPC or BMA on this list?

>
>As for later - patient-held records look increasingly sensible
>
>Hope this helps...

Alan, I'm not on the ukcrypto list: if this doesn't get on, could you
copy it and tell me whether I could join - and if so, how?

Many thanks,
Mary
>
>===
>Dr Alan Hassey (mailto:alan.hassey@btinternet.com)
>RCGP Health Informatics Group
>Joint Computing Group (GPC - RCGP)
>
>
>
>I am forwarding this inot UKCRYPTO, in the hope that someone
>can answer Mary Hawking's list of rather frightening questions.
>
>Mike Wells
>------- Forwarded Message Follows -------
>Date sent:             Mon, 31 Jul 2000 08:13:39 +0100
>Subject:               R.I.P. and NHSNet
>From:                  Mary Hawking <maryhawking@tigers.demon.co.uk>
>To:                    gp-uk@mailbase.ac.uk, wisdom-informatics@mailbase.ac.uk,
>               PCGIT@Schin.NCL.AC.UK
>Send reply to:         gp-uk@mailbase.ac.uk
>
>Thinking about the RIP Act, confidentiality of medical records if
>transfered electronically and NHSNet, could someone enlighten me?
>
>Does the Act refer only to the Internet or does it apply also to
>intranets?
>
>Is NHSNet an internet service provider? or is it an intranet?
>
>If it *is* an intranet, is encrypted email, carrying confidential
>patient information, travelling between two NHSNet addresses subject to
>the same police  investigatory procedures as encrypted email travelling
>across the internet?
>
>To preserve a possibility of patient confidentiality, are we going to
>have to foreswear email?
>
>MaryH
>
>

-- 
Mary Hawking
Kingsbury Court Surgery Church Street Dunstable Beds LU5 4RS
tel 01582 663218
fax 01582 476488