Computerised medical records - no security
Discussion
crmcatee said:
Busa_Rush said:
The Dr said that paper records could be physically stolen as they are on display in 100's of drawers, but the electronic records are on a hard disk in a locked room behind another locked door. They are also electronically protected so you'd need an encryption key or password to access the raw data or the application.
But that shows where his thinking has taken him - he's not in his career had to deal with electronic security. He's a good Dr, I have no issue with his qualifications, experience, knowledge or ability to perform a medical diagnosis but his knowledge of electronic security is limited to a level which is way below the required standard.
If he's not aware of what needs to be done and why and what the risks are then notes will be given to anybody . . .
But the records are available on the network to be stolen lots of times. Doesn't matter how many doors you put in front of the physical device - if it's on the network it's accessible from somewhere. I would have said that the paper records were more secure - and only accessible from a single place.But that shows where his thinking has taken him - he's not in his career had to deal with electronic security. He's a good Dr, I have no issue with his qualifications, experience, knowledge or ability to perform a medical diagnosis but his knowledge of electronic security is limited to a level which is way below the required standard.
If he's not aware of what needs to be done and why and what the risks are then notes will be given to anybody . . .
Deva Link said:
Busa_Rush said:
Why is this bad ?
As mentioned above, you go for a new job, get on great - get the offer and give notice to your old job. (You could be a partner with a Bank or a general IT bod - doesn't matter) In the meantime they manage to see your medical records, see that 10 years ago you had anti-depressants for 6 months (they won't know why and can't ask you obviously) - or that you had a leg operation with complications . . . so remove the job offer.
You're applying for life cover for yourself and your wife, you want a high level of cover, big mortgage, 3 kids etc . . . you make all the relevant declarations and get the cover but it's then revoked for no reason . . . because the Ins Co have seen that 18 years ago you had a slight heart issue . . . you know it was caused by some dodgy tablets the pharmacist gave you but they won't, so no cover.
You made both of those up, didn't you?As mentioned above, you go for a new job, get on great - get the offer and give notice to your old job. (You could be a partner with a Bank or a general IT bod - doesn't matter) In the meantime they manage to see your medical records, see that 10 years ago you had anti-depressants for 6 months (they won't know why and can't ask you obviously) - or that you had a leg operation with complications . . . so remove the job offer.
You're applying for life cover for yourself and your wife, you want a high level of cover, big mortgage, 3 kids etc . . . you make all the relevant declarations and get the cover but it's then revoked for no reason . . . because the Ins Co have seen that 18 years ago you had a slight heart issue . . . you know it was caused by some dodgy tablets the pharmacist gave you but they won't, so no cover.
In the second example, the life company will ask for permission to approach your Doctor anyway.
I'm sorry if my story telling isn't up to scratch
davepoth said:
say, for example, you'd been treated for The Clap, due to a "dalliance". How would you feel if one of your enemies got a copy of your medical records and started blackmailing you?
GUM systems tend to be seperate from other systems, usually firewalled off and even on a different domain.davepoth said:
say, for example, you'd been treated for The Clap, due to a "dalliance". How would you feel if one of your enemies got a copy of your medical records and started blackmailing you?
or just get a vicious b
h of an ex who works for the NHS to then start spreading rumors about you and getting the "confidential gum clinic" letter sent to your current Mrs .....wish I could prove what her and her cronies have been upto
Busa_Rush said:
Why is this bad ?
It's personal information and should be treated confidentially - that's what the DPA is for.
I agree with you totally, so I expect you've written a sternly worded letter of complaint to the practice so they can train the staff not to do it again.It's personal information and should be treated confidentially - that's what the DPA is for.
You have complained haven't you?
eccles said:
Busa_Rush said:
Why is this bad ?
It's personal information and should be treated confidentially - that's what the DPA is for.
I agree with you totally, so I expect you've written a sternly worded letter of complaint to the practice so they can train the staff not to do it again.It's personal information and should be treated confidentially - that's what the DPA is for.
You have complained haven't you?
My wifey is a medical records data protection professional. The hoops that you have to jump through to get someones medical records such as the Police for a mental health patient, are quite strict, like without a VERY good reason or a court order they are told no, go away.
She has to deal with freedom of information stuff and there are many many legal hoops to jump through too.
If someone leaked another persons records or, worst case, used them to blackmail someone else they would be investigated, lose their job and likely end up in prison.
She has to deal with freedom of information stuff and there are many many legal hoops to jump through too.
If someone leaked another persons records or, worst case, used them to blackmail someone else they would be investigated, lose their job and likely end up in prison.
Oilchange said:
My wifey is a medical records data protection professional. The hoops that you have to jump through to get someones medical records such as the Police for a mental health patient, are quite strict, like without a VERY good reason or a court order they are told no, go away.
She has to deal with freedom of information stuff and there are many many legal hoops to jump through too.
If someone leaked another persons records or, worst case, used them to blackmail someone else they would be investigated, lose their job and likely end up in prison.
It's only as strong as the weakest link though, which would appear to be receptionists in GP surgeries. She has to deal with freedom of information stuff and there are many many legal hoops to jump through too.
If someone leaked another persons records or, worst case, used them to blackmail someone else they would be investigated, lose their job and likely end up in prison.
OK but my point is, if you want to blackmail someone with their medical records, your login will give you away and you will get into trouble.
Do people risk this on a daily basis? I would say not but wifey does sit on disciplinaries regularly, usually for indiscretions but occasionally there is a serious one.
Wifey lectures the Trust about data protection also.
Also, if you request YOUR records, with appropriate id, I suspect you can bloomin' well have them! To get them, you have to go through the receptionist who may well seek advice on the 'data protection' hoops to jump through.
You may find that the ladies who work in GP's receptions are in fact quite savvy, well trained and not likely to fark about with sensitive information (if they value their job!)
Do people risk this on a daily basis? I would say not but wifey does sit on disciplinaries regularly, usually for indiscretions but occasionally there is a serious one.
Wifey lectures the Trust about data protection also.
Also, if you request YOUR records, with appropriate id, I suspect you can bloomin' well have them! To get them, you have to go through the receptionist who may well seek advice on the 'data protection' hoops to jump through.
You may find that the ladies who work in GP's receptions are in fact quite savvy, well trained and not likely to fark about with sensitive information (if they value their job!)
Edited by Oilchange on Wednesday 4th May 00:43
Oilchange said:
You may find that the ladies who work in GP's receptions are in fact quite savvy, well trained and not likely to fark about with sensitive information (if they value their job!)
In my experience as a PI about 95% of GP receptionists fit that description. They can still be persuaded to give out sensitive information though if you know what to say and how to say it.The other 5% obviously don't value their jobs.
A few months ago there was an investigative documentary on TV. The investigators managed to bulk buy UK medical records form a source in India.
IIRC they told the Indian supplier they wanted people undergoing cancer treatment so they could target them for fraud, selling false hope and quack cures to the desperate and dying. They chose this because they had information that other fraudsters had already targeted this group.
The suppler had a copy of the database and supplied the requested records for 50p each.
Don’t assume you have nothing worth keeping private and never will do. Many of us will be affected by things like cancer, either personally or someone close. If they are defrauded through their desperation for large sums then it impacts the next of kin who may be left widowed and impoverished.
IIRC they told the Indian supplier they wanted people undergoing cancer treatment so they could target them for fraud, selling false hope and quack cures to the desperate and dying. They chose this because they had information that other fraudsters had already targeted this group.
The suppler had a copy of the database and supplied the requested records for 50p each.
Don’t assume you have nothing worth keeping private and never will do. Many of us will be affected by things like cancer, either personally or someone close. If they are defrauded through their desperation for large sums then it impacts the next of kin who may be left widowed and impoverished.
I'm assuming that all on here know that you can opt out of the national programme relating to electronic records (the SCR)?
One of the early briefing papers is here: http://www.parliament.uk/briefingpapers/commons/li... - don't think the position has changed much since.
One of the early briefing papers is here: http://www.parliament.uk/briefingpapers/commons/li... - don't think the position has changed much since.
Gassing Station | News, Politics & Economics | Top of Page | What's New | My Stuff