securing distributed partial medical records?

signup at bealoid.co.uk signup at bealoid.co.uk
Mon Jul 27 19:02:51 BST 2009 

Quoting Charles Lindsey <chl at clerew.man.ac.uk>:

> On Sun, 26 Jul 2009 23:06:57 +0100, <signup at bealoid.co.uk> wrote:
>
>> But that isn't what happens now - the GPs employ practice managers  
>> and outsource the computer stuff.  So you've got the worst of both  
>> worlds - people with sometimes scarily low levels of technical clue  
>> in charge of data, getting support from a whole bunch of techies  
>> who may not have best current practice in confidentiality.  And the  
>> GPs who you want to be in charge sometimes have nothing (absolutely  
>> nothing) to do with confidentiality.
>
> I would hope that Practice Managers, being employed by the GP, would  
> be well aware of all ethical procedures established by the Practice.

But we've already moved a (perhaps small) step away from "GPs rule  
data" to "people employed by GPs rule data" and towards "employ good  
people, give them good training".

Sure, they should be trained, and they should know what the rules are,  
but in my (limited) experience you get scary answers from some of them  
about stuff like confidentiality and proof of ID.  I stress again that  
this a small number of practice managers - only about 20 - 25.

> The GPs in a Practice, plus the Manager, are a small enough group of  
> people to know and understand each other well enough to knoe what  
> OUGHT to be divulged and to whom.

Small groups can work both ways, with some shortcuts being overlooked  
because 'we all know how horrible it is to work the front desk'.

> The suppliers of the software may indeed be incompetent and unaware  
> of the ethical issues, but I hope not so incompetent as to set up a  
> system which their techies could pinch data from without  
> authorization.

I'd hope so, but I imagine a determined techie would find social  
engineering, or just guessing poor passwords, would be really easy,

Have you seen the NHS screensavers about data security? They exist  
because NHS employees often do the daft things that we know everyone  
does with data - they let other people use their logins, they use a  
good password but write it on a post-it stuck to the screen etc.

> So the remaining issue is whether the system leaves a backdoor  
> allowing entry by "apparently authorised" NHS employees from  
> outside, and whether the practice manager is aware of how those  
> backdoors operate.

Yes.  Maybe better than a spine would be a protocol for medical data  
in England.

Also, don't forget apparently authorised NHS employees from inside.   
I'm surprised my comments (have good audit trails, restrict access to  
data, employ good staff and give them good training) generated so much  
traffic when right now medical data is available for a whole bunch of  
people (clerical, not medical, staff) to read, when those staff have  
different levels of training (and understanding), where that data has  
little audit trailing.

More information about the ukcrypto mailing list