MTAS and other NHS websites

[Mary Hawking]

>Are we really expected to be happy that medical profession 
>confidentiality is reduced to ``and I've have got away with it if 
>hadn't been for those pesky kids?''   The act of grouping together  all 
>information about a large number of people is itself a security 
>problem, before you then leak it out.  A clearance for level X will 
>have a clause in it about not having access to sufficient level X so 
>as to allow the holder to deduce information at level X+1, and that 
>principle should have applied here.
>
>ian

I agree - as a GP I am *not* happy, not only because of the lapse - 
although that was bad enough - but the underlying attitude that security 
is *only* important if lack of it gets, embarrassingly, into the public 
domain - by which time the damage is done!

I believe CfH says this work was out-sourced: if so, it would appear 
that the specifications were poorly drafted - or ignored.
Of course, if, as a previous poster suggests, this file was intended as 
a semi-public file containing documents related to the processes, that 
would not have been a major problem: is it possible that the problem lay 
with the confidential files being supposed to be under much greater 
protection and incompetently uploaded into this particular file? Are 
there any *fool-proof* (fools exist everywhere ;- to prevent incompetent 
or malicious uploading to the wrong place?

Mind you, the fact that http://www.informatics.nhs.uk/ is still down 
for, I'm told, a similar problem but with less serious consequences , 
doesn't inspire confidence!

vickyvicky, many thanks for joining the discussion

Mary Hawking GP
Dunstable



-- 
Mary Hawking