securing distributed partial medical records?

[Charles Lindsey]

On Sun, 26 Jul 2009 23:06:57 +0100, <signup at bealoid.co.uk> wrote:

> But that isn't what happens now - the GPs employ practice managers and  
> outsource the computer stuff.  So you've got the worst of both worlds -  
> people with sometimes scarily low levels of technical clue in charge of  
> data, getting support from a whole bunch of techies who may not have  
> best current practice in confidentiality.  And the GPs who you want to  
> be in charge sometimes have nothing (absolutely nothing) to do with  
> confidentiality.

I would hope that Practice Managers, being employed by the GP, would be  
well aware of all ethical procedures established by the Practice. The GPs  
in a Practice, plus the Manager, are a small enough group of people to  
know and understand each other well enough to knoe what OUGHT to be  
divulged and to whom.

The suppliers of the software may indeed be incompetent and unaware of the  
ethical issues, but I hope not so incompetent as to set up a system which  
their techies could pinch data from without authorization. So the  
remaining issue is whether the system leaves a backdoor allowing entry by  
"apparently authorised" NHS employees from outside, and whether the  
practice manager is aware of how those backdoors operate.

-- 
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131                       
   Web: http://www.cs.man.ac.uk/~chl
Email: chl at clerew.man.ac.uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5