Ross.Anderson at cl.cam.ac.uk
Sat Jan 8 10:48:21 GMT 2011
> Going back to the main issue - is the ability to get hold of
> someone else's NHS number any sort of problem?
(1) "De-identified" databases of med records used in research often
have the NHS number even if name and address have been removed
(2) The PDS system which people use to look up your NHS number lets
users find anyone in the country, including ex-directory numbers; it
has an audit trail showing all the health organisations you've dealt
with. If you're a celeb who's an outpatient at the Maudsley, that
could be bad news.
At a more down-to-earth level, I know of one case current being
litigated where a woman was tracked down by an ex-husband after a
relative of hers used PDS to find her. He went round and seriously
assulted her. She's now suing the hospital where his relative worked
More information about the ukcrypto