British doctors are almost unanimous in not trusting the government to adequately secure patients' medical records. A survey from the British Medical Association found that 93 per cent of doctors are "not confident patient data on the proposed NHS centralised database would be secure". Which makes you wonder which newspapers the …
GPs race to panic stations as usual.
It's good to see that despite many GPs (but by no means all), having little or no real understanding of SPINE or the Summary Care Record, they are still quite happy to whip up patient concern and generally cause a panic about nothing.
GPs are happy to gloss over the significant potential benefits but more importantly also overlook that their own paper files / records are far from safe given most Practices are more than happy to let various pharmaceutical sleaze bags rummage through their patient records for the purposes of "disease audits" provided a nice "educational trip" to the Bahamas is forthcoming.
If there's any concern at all, it's that GPs don't seem to trust other medics not to access records inappropriately - but that's a completely different issue.
Surely a better measure would be the number of Connecting for Health staff who have chosen to opt out?
This makes is sound like...
...at least 20% are mad
"Eight out of ten doctors would not want their own medical records on the system"
What was the sample size - we need to confirm the statistical significance so that this can be taken seriously. Look at the MMR scare, the sample size was too small.
The principle is a good one - if you have an accident, A&E can look up your records instantly no matter where you are from in the UK. If the data is entered accurately, this could save many lives.
Hmmm, pretty scary
Assuming that these numbers would reflect business as usual, then we can expect 11,400 cards to be lost or missing at any one time. (For the pedants: 4147/438314 * 1200000).
<...>GPs are happy to gloss over the significant potential benefits but more importantly also overlook that their own paper files / records are far from safe<...>
Look I'm happy for YOU to put YOUR records on-line but why are we being told that it will be all but compulsory? I CHOOSE not to have mine on-line and I accept that I will miss out on all the "significant potential benefits" you claim.
As for paper records the difference is that you would have to break into a significant number of practices to build a useful (saleable) data set. It would also be fairly obvious that the records were missing.
It should be a completely opt-in choice. As it is nobody in their right mind would trust the security of a large HMG IT project with a million clients. The way HMG is heading nobody should assume that the information would not fall under future amendments to RIPA either.
Have card, will hack?
I really, really hope that possession of a card is not the only requirement for access.
But, why gather all the data into one pile for anybody to dig into. The ease of access to patient records cuts both ways. If it's easy for a paramedic to dial up the records for someone lying in the road, it's almost as easy for some hacker to do the same.
There is no reason for someone in Southampton to have default access to the records of someone living in Newcastle but that seem to be the only advantage that government spokesdroids can come up with.
re: GPs race to panic stations as usual
Not really, what you are suggesting is there's nothing wrong with over 4000 cards needed to access personal, and possibly damaging information going walkabout.
Yes this is slightly less than 1% of the cards issued, but that's actually an extremely large percentage for things like this.
I accept that just because something has been lost doesn't mean it was necessarily found by someone who knew how to use it or even what it was, but the very fact the possibility exists is troubling and given the numbers would be enough for most reasonable people to decide this isn't a particularly secure system of access.
What I would be interested to know is the time it takes to a/find out a card is missing and b/once found to be missing, how long it takes to unauthorise it's access.
My guess is most people that lose them take too long to report the loss, usually because they have to stump up something like a 10 or 20 quid to have it replaced, or they're too embarrassed to admit they lost it.
Eventually they'll have to do so, because for whatever reason, they'll no longer be able to borrow one from someone else and won't be able to do their jobs.
But in the mean time there's plenty of opportunity for miscreants to peruse medical records for things like aids victims or other vulnerable groups.
So yes it is serious, and no doctors are not overreacting by opting out.
I've been trying to opt out of this for years ever since it was first announced - I keep getting fobbed off with 'try again in a few months'.
Many are just naive.
Cognitive dissonance: the feeling when your generally intelligent and computer savvy girlfriend doesn't equate 'downloading' to watching tv online and is surprised by the nasty letter from the ISP.
Most of the world has far worse an understanding of IT than that. The coffee cup holder story is not a joke.
re: Data missing
>A&E can look up your records instantly
Assuming you're awake so you can give a name+NHS number+NI number+postcode. Otherwise unless everyone carried some sort of identifying card to store all these it is a waste of time.
>If the data is entered accurately, this could save many lives.
If you were a medic, would you assume that the J Smith just brought in matched the J Smith on the database with the rare blood type - or would you just give them O-neg to be on the safe side as you do now?
Leaving aside the fact that your medicla records don't list blood type anyway!
@ Andy Bright
"Not really, what you are suggesting is there's nothing wrong with over 4000 cards needed to access personal, and possibly damaging information going walkabout."
But the smart cards need a pin number....
Even this misses the point. I've worked long enough in the NHS to know that innapropriate access to medical records is very much the norm - even though no-one likes to admit it.
AC has been listening to the propaganda
Leaving aside the question of how they know who you are to look up the much vaunted information, you need to know how many people have something on their records which would affect their treatment at all, never mind enough to ``save many lives''.
The implication is that there are people who die in A&E, having been hauled in unconscious, but would live if only their records were available. Penicillin allergy? Rare, rarely fatal (especially if you're in an A&E unit already), and if you intend to ever travel outside the UK best dealt with with a medalert bracelet. Allergy to anaesthesia? Again, rare (about one in 10,000 anaesthetics, and 3% fatal), and again, best dealt with with a medalert thingie. And as tonsilectomies and dental GA are becoming rarer, the majority of the population don't know anyway --- my wife and I are in our forties, and not merely have neither of us had a surgical GA, we know few people who have either. [*]
And as the only way they could look up your records were you hauled in unconscious would be by getting your identity from the contents of your wallet, you could always write ``I am allergic to the following antibiotics and the following GA agents'' on a piece of paper --- in several languages, if you're smart --- and put it in your wallet as well.
We're geeks, right? So `use cases' are where the action is. What's the use case for records in A&E where you die without them but live with them, and why aren't the newspapers full of such cases now?
[*] Without my records to hand, oooh scary, I was given 50mg of IV ketamine by a full colonel in the RAMC. Which wasn't the end to my bike ride I was planning.
Paris, because she'd make a more convincing case.
Yeah Right !
Apparently they are the experts again....I'll remember that next time they email patient data in a password (not) protected spreadsheet or send their notes homes to work on, or ask how do I transfer data to my flash key thingy. Solid Security Eh!
Or god forbid they loose that laptop with that Access Database they created out of the data from the Read on Screen PAS/HIS system.
Data Security thats for SHO's to control.! Yeah Right !
Leave data security to IT Crowd at least we can just pop it in the post.
@ 3 x 2
"As for paper records the difference is that you would have to break into a significant number of practices to build a useful (saleable) data set. It would also be fairly obvious that the records were missing."
Isn't the problem that most GP practices are already using practice clinical systems hosted in LSP data centres? So isn't the "alternative" actually the same thing - millions of records stored electronically in data centres?
"only requirement for access"
"I really, really hope that possession of a card is not the only requirement for access"
From someone who knows the system.
@GPs race to panic stations as usual. The problem here is that the geeks, propeller heads and kids with MBAs don't understand the finer points of privacy and confidentiality. What they do understand is how to extract money from the dimwit govt.
@Data missing. nnnyeees, when I turn up in A&E the doctor is going to start pissing about with a computer? I'd rather have the airway and circulation sorted first, if it's all the same to you. Of course, if I was carrying my ID card, I wouldn't have had an accident in the first place...
only reason for spine'less' was a slipping in a centralized identification database.
Without doctor support they will choose another avenue, but for now the tides of oppression are on the back ebb.
The health profession does need IT, but it needs the right kind, a database on people is not it.
Collaboration tools, and databases on different treatments and tests are what they need, amongst a plethora of other knowledge boosting and mistake lowering tools.
The fact I had an ingrown toenail, and halitosis in 1985 does not need to be on the internet, whoops :)
How on earth do you quote on this thing?
> It's good to see that despite many GPs (but by no means all), having little or
> no real understanding of SPINE or the Summary Care Record, they are still
> quite happy to whip up patient concern and generally cause a panic
> about nothing.
Great! You understand what the spine is for? My wife's a GP. She thinks it's pointless, and all her colleagues think it's pointless. They frequently ask me about this, and I'm afraid that my answers are rather lame. You know, "when you're lying on the roadside bleeding to death A&E needs to be sure that you have a requirement for blood; that's got to be worth £20bn", or "sure, the government *does* need to know that you had an STD 20 years ago"; that sort of thing. Go on, fill me in. I need a better answer next time.
> GPs are happy to gloss over the significant potential benefits but
> more importantly also overlook that their own paper files / records are far
> from safe
Too true. Those receptionists are frequently down the pub discussing patient's plumbing problems. Just imagine what they'll do when they work out how to get access to *everyones* plumbing problems.
> given most Practices are more than happy to let various pharmaceutical sleaze
> bags rummage through their patient records for the purposes of "disease audits"
> provided a nice "educational trip" to the Bahamas is forthcoming.
If only. The most my wife has got in the last 10 years has been a free Thai at our local sleaze pit, to which I'm not invited. Actually, I tell a lie. The best freebie was a USB memory stick, which I confiscated, a few years ago. I'd never seen one before. Maybe we just haven't got the right pharma company. Can you give me any pointers?
Anyway, I can't wait to get one of these lost smart cards. Or maybe I'll just ask for one. As soon as I find out how to use them, I'm emailing all the cabinet's medical records to the papers. I figure that Gordon's piles will make excellent Sunday morning reading.
Electonnis er Ellict er
Down here in New Zealand , we will not have to worry about all this new fangled 21st century stuff for about another 30 years.
That's the usual time lag for us
Statistics (YET AGAIN)
Look - can we PLEASE stop trusting statistics. It's ALL cr4p psychologically designed to cause a shift in the reader's perception.
93% "don't trust" DOES NOT MEAN 7% do trust... it means 7% opted for something other than specifically "I do not trust"... they MIGHT have answered "I do not trust". They might just as easily have answered "I sort of trust", "I am not bothered", "I don't understand the question", "I am unsure", "I am a foreigner and wouldn't need to add my details anyway" or just forgot to tick the correct box in such a way that the bloody computer could read it so it got registered as a "no response".
Oh, and since 25% (yes, another bloody unreliable statistic) of the world's population is regardeed to be technically diagnosable as schizophrenic, I think that if there is credence to the 7% of doctors mentioned above then that is a bloody good ratio.
Now then - Where is Paris when I need her? We could play Doctors and nurses.
What a load of claptrap and fevered hear -say!
The doctors don't design, test and implement the infrastructre. I do!
To hammer this point home
All my innards are found in the same place they are on most people. I am not diabetic or anything like that. I have no weird allergies to medicines, or at least if I do, they haven't been discovered yet so they aren't on any records. There is no conceivable reason why my medical details should need to be called up with the push of a button. If any of the above does apply to you, fine, but what does that have to do with me?
I think the "this will save lives" brigade have been watching too much House. Not everyone who goes into hospital is suffering from some esoteric condition or allergy which will only be fully understood after exactly 42 minutes and three ad breaks have elapsed and the comic relief bit where House takes the piss out of some mentally ill unfortunate has been wound up.
From the inside...
I work in the Registration Authority who issues the cards and administers the SPINE in the local PCT. I'm actually pretty dissappointed on the scaremongering that goes on. Our department is the tightest IT department I have ever worked in, and it tightened even further with all the benefit user CDs in the post malarky.
When carding users on site at GP surgeries I've seen paper-based patient records in boxes in the WAITING ROOM, UNATTENDED. The SPINE is the least of everyone's worries. And to clarify, to have a card you need to also have a password that only the user knows. If the user shares this, it is gross misconduct. If they leave their card unattended (further than 10 feet away) without it being locked up, it's gross misconduct. That means they get FIRED. Even if someone else gets the card then as soon as the user lets us know we cancel the card remotely.
I'm no big fan of the database state but working behind the scenes I'd rather have my intimate details here than in the benefits department.
It's not just for A&E
The main benefit of access to patient records is not in emergency situations. I certainly wouldn't want the medics wasting time looking up my records while my ticker is packing up. Just wire me up and shock me! The real benefit will be in routine or follow-up treatment. I read of a case of a surgeon performing elective surgery, who had to contend with four different sets of patient records for the same patient, each with a different patient number, and no single one of which contained all of the necessary information. One set even had the patient's name spelt differently. It's situations like this where mistakes arise.
Re: from the inside...
> When carding users on site at GP surgeries I've seen paper-based patient
> records in boxes in the WAITING ROOM, UNATTENDED. The SPINE is the
> least of everyone's worries.
You've missed the point. Ross Anderson (or was it Bruce Schneier? I've forgotten) has specifically commented on this, but stating no more than the obvious: a few lost paper records is not a security issue. GP's notes are not "secret"; some will get lost. It's not the end of the world. On the other hand, 60m electronic records on a computer system *is* a *major* security issue.
> If they leave their card unattended (further than 10 feet away) without it being
> locked up, it's gross misconduct. That means they get FIRED.
Do you really think that anyone in their right mind will have one of your stupid cards if it means that they run the risk of being fired? Do you really think that my wife (the GP in my post above) is going to spend her days prowling around making sure that the staff are all within 10 feet of their cards? And that no-ones given their PIN away? BTW: practically no-one ever gets fired from a GP's surgery (and certainly not partners). It's far to difficult; it's a legal minefield.
Reality check: these people have real, important, work to do. They don't give a damn about your cards. It's just one more pointless and futile government initiative on top of the hundreds they've already had to put up with over the past few years.
The only thing that distinguishes this from all the rest is that it's vastly more expensive.
These would be the same GPs...
...that are quite happy to use www.logmein.com to access their work PCs from home because it makes their lives easier - thus maintaining connections out from their desktops to the States...
How many cards not reported lost?
The problem is not the number of smartcards lost its how the active ones are misused. I don't care how many cards are lost as long as they are removed from the access control system as soon as they are reported lost. Security procedures anyone?
If they are true smartcards then they would be "PIN" or passphrase protected (or biometrics 8-) and physically block themselves if this is entered in wrong a defined number of times. You could also have them removed automatically from access control systems if they have not been used in a number of days / weeks / months. Plus the access they give should be commensurate with the role of the user and immutably logged and these logs kept for a long time. Full audit trail of all smartcards from their "birth" to "death" should be kept for a long time as well. Do all that as a minimum and have it all independently audited at random intervals and with random sampling and I'd be happy for my details to be kept .. otherwise let me decide who I give my details to (I'll carry them around on a big SD card embedded in my neck 8-).
What are you doing over here, the point is over there
"I read of a case of a surgeon performing elective surgery, who had to contend with four different sets of patient records for the same patient, each with a different patient number, and no single one of which contained all of the necessary information. One set even had the patient's name spelt differently. It's situations like this where mistakes arise."
.. and a massive centralised database is going to cure the problem of bad data entry or maybe b) make it even more dangerous because, as with the National Identity Register and the ID card the data will be "Right". It is automatically assumed to be the plain, god's honest, reference TRUTH.
So *when* someone suffers from a mistype the doctor will simply follow his nose and potentially kill someone.
"The doctors don't design, test and implement the infrastructre. I do!"
From what I read, this is a major part of the problem; not that you *do* design, test etc (I'm sure you do a fine job, you are certainly proud of what you do, which is good), but that the actual end users *didn't*. Many articles around the subject have stressed the point that the design may be great, but it is not relevant to the needs of the clinicians that are supposed to be the end users.
Another major point is that once the database is complete and the NIR number is embedded (plans already made public), all it would take is another carefully stage managed "Emergency" to enact legislation allowing this database to get pulled into the mix along with the other "NIR enabled" gubmunt databases. Forget NHS login cards. Now they (read any civil servant or agency employee, cf the NIR act) have a high definition picture of your entire life. Imagine how valuable THAT will be when the lose the next 60,000,000,000,000 records on a BluRay disk.
PH Because as a rich celeb she probably won't be on any of these databases for "Security" reasons.
(Apparently important people's security worries are more valid than mine)
The details are a distraction
I think supporters of this project (and some of it's opponents) are missing the point. I don't really care what security measures are in place or how many benefits you can count on your fingers. I DO NOT WANT MY CONFIDENTIAL CONSULTATIONS WITH MY GP TO BE ON-LINE.
End of argument - they are MY private records. The fact that they are going to go on-line anyway say's everything I need to know about the project and the people who support it.
NHS "Spine" services
I am a GP. No-one in their right minds would trust the Spine system to keep data secure.
There is an illusion that having information about the previous illnesses of patients is crucial. It is useful. In a handful of circumstances it is lifesaving. Mostly it just saves time and makes the job easier.
The driver for the program is to ensure that the NHS can be fragmented - same process as the railways - and micromanaged - same process as Ofstead.
The results will be dismal and we will all regret it in the future.
100% of anonymous cowards are running scared
It's very simple.
Anonymous Coward and his/ her ilk are frightened of losing his/ her non-job that is a part of Gordon Brown's client and surveillance state. That explains his hysterical ramblings and unfounded slurs against GPs
"Surely a better measure would be the number of Connecting for Health staff who have chosen to opt out?"
Why? Would turkeys vote for Christmas?
We are not sleepwalking into a surveillance state. We are living in it already. When the revolution comes, those anonymous cowards who inflicted this on us without our consent will be first up against the wall
I'm a GP too
There is no medical benefit whatsoever in having your whole health record online. If you have an odd illness, an alert bracelet will work just fine, and be far more reliable, even if they do look a bit naff.
But the bottom line is that the spine is the biggest Trojan in the history of computing. Doctors know there are minimal health benefits. Put simply, most of the time we don't need the full notes. What we need is a précis.
In Wales, already we have a cheap effective system, where key, non-confidential medical problems, and current medication for each patient is summarised, uploaded nightly, and accessible only by other doctors via a secure NHS only network. It's all that's needed for healthcare, and all I as a GP would need when treating a patient I don't know.
The Spine is about giving your full medical record away to private providers, to allow private companies to operate within the NHS, and to allow other agencies (social services certainly, police probably) to also have basic data on the UK population.
And on top of that, would you want your full medical record, available for anybody with an NHS connection to read. Because you know full well that in an organisation as massive as the NHS, there are bound to be at least a planeload of hapless idiots who hasn't got a clue how to secure their PC.
As for the anonymous coward. If your wife was a secretary in the NHS and you'd caught a dose of something suspicious needing a discrete clinic visit, or if you were running away from an abusive family, would you still be happy for your record to be on the spine? It's easy for the healthy and smug to say we have nothing to hide. You don't have anything to hide. But real life isn't like that.
As for paper notes and the Bahamas - you plainly have no clue about how modern General Practice works, and I find your suggestion that we'd breach our patient's confidentiality with a non healthcare professional crass and insulting. Perhaps you should pop over to Wales to see how a simple straightforward, integrated IT system works to quickly benefit patients. And any of the IT experts here would tell you that what the NHS needs is a series of databases that have a standard system of communicating securely with each other, and not one big, ridiculously expensive database that anybody with any knowledge of the history of government IT, knows full well is not going to work.
All the spine should be would be a protocol for existing IT software to intercommunicate.
The fact that it doesn't do this, and that the filesize is a lot biger than you'd expect confirms it's a Trojan.
p.s. re logmein and Gp's hosting their records on LSP - yep those GP's are mad too.
Some so called PCT IT experts have told GP's that using logmein is fine. The consensus of the GP community at large is that it's madness. I guess perhaps a cross NHS bulletin to inform of the risks is in order.
Re the data security of paper records - finding the right set of notes you want to read from a mountain of poorly organised boxes would lead in you being caught. And the patient would need to be registered in the practice with the poor security, and that pile would have to relate to that particular date......A box of notes, despite being daft, is more secure than it seems.....
But the security of all of my patients (if I was an English GP) would only be as secure as the most idiotic secretary in the most bungling hospital.
But I do like the idea of sacking anybody more than 10m away from their card. We could nick the cards of the legion who strut around clinics, pretending they are qualified doctors but don't tell patients they aren't. We could get rid of them all in one fell swoop.
I'm a GP too...
Let's look at what happens in real-life. I send a patient into hospital as an emergency with a detailed paper printout from our comprehensive GP computer clinical records (we've been computerised for 20 years), which lists in a structured way their past medical history, recent medication, recent investigations, and recent consultations with me (their GP). The doctor in Casualty says - "I haven't got time to read that" and ignores it. That same patient during that admission gets prescribed drugs to which they are either intolerant or allergic. (The first section of the printout after their address lists Drug Allergies/Intolerances)
The reality is that:
a) A&E doctors are probably too busy to go and log on to the Spine to get the records of a patient (the "security" required means that it takes ages to log on - and do you think that the doctor will immediately log off the A&E workstation when they have accessed the patient's details - or will they leave it logged on to save time when dealing with the next patient in 10 minutes? Anyone see any problem with a doctor leaving an unattended A&E workstation logged into the Spine while they attend to a patient...?)
b) A lot of hospital doctors cannot be bothered to read anything sent in by GPs (patients have also described consultants in outpatients saying to them "I can't be bothered to read this [detailed letter sent by me] - tell me what's wrong with you")
c) The information on the Spine will not necessarily be up to date. A patient may have been seen by someone without the ability to update records on the Spine, and diagnosed as allergic to penicillin. Good clinical practice is to ask EVERY patient when prescribing a drug if they are allergic to anything. The unconscious patient requiring immediate antibiotic scenario is incredibly rare - and they are in the best possible place to deal with any allergic reaction anyway.
d) A simple diktat by the Government would allow access to e.g. pharmaceutical or Insurance companies to patient data (for a fee, of course). Once the data is on the spine, it ceases to be "owned" by the original creators of the data and can be used by the new data owners as they see fit with no real means of sanction from the original data owner. Apart from the fact that if your data on the Spine (most of which will originate from GP) was leaked to an inappropriate third party, you could probably successfully sue your GP for breech of confidentiality!
Not a single patient record from our GP practice in St Helens will be submitted to the Spine undwer any circumstances - I have been speaking out against the scheme ever since it was first proposed, as have many other GPs. Our voices have been completely ignored by central NHS management.
Dr Laurie Miles
Twice. The first time it took 6 months to get a replacement, the second time I still await one. It hasn't made a big difference, since the application it is intended to provide access to - Choose & Book - doesn't work (it does for 40% of GPs, I'm one of the other 60%).
The effective, working GP software was written initially by GPs, or developed by companies and other groups controlled by or heavily involving GPs.
And we have been looking after medical records since Hippocrates, and controlling automatically searchable ones since Cope-Chat. (Not Babbage, alas)
- Geek's Guide to Britain INSIDE GCHQ: Welcome to Cheltenham's cottage industry
- 'Catastrophic failure' of 3D-printed gun in Oz Police test
- Game Theory Is the next-gen console war already One?
- BBC suspends CTO after it wastes £100m on doomed IT system
- Peak Facebook: British users lose their Liking for Zuck's ad empire