This is exactly what I'm talking about - the idea that NHSnet is magical safeland and all is fine if you don't set foot outside of it. I saw all sorts of confidential data emailed all over the place and when I raised it as issues, the reply invariably came back "it's okay, it stays inside NHSnet".
The NHS is not some small private group of competent people, all with one access level of privilege to see everything within. There is all sorts of granularity and levels of privilege, there are all sorts of distinct areas within the NHS with boundaries of responsibility, confidentiality... And yet the DoH kept repeating this mantra that all was safe within NHSnet. It's like drawing a line in chalk around London and saying there's no need for locks on doors or anyone to have any papers saying what they're allowed to do or not.
You obviously know a bit about this because you hone straight in on inter-trust communications. Yes, there are big howlers like this. But the whole system is riddled with countless bad practices every day. And always the same mantra: it's safe inside NHSnet. For example, you have no idea how hard we had to fight to get even basic confidentiality requirements put in place in CfH / Spine. Statements went out to concerned memebers of the public that they need not worry because all people had committed to strict NHS confidentiality requirements. Whilst at that stage, what it meant was that every receptionist and secretary at every practice in the country had scrawled their name on a bit of paper when they started and could then look up data on anyone in the country. Yes - CfH really was that bad when it first started being set up. I know, I looked up my medical records that were under a completlely different trust with no audit trail of who had looked it up. I could have as easily looked up anyones and any of the secretaries at the place could have looked up anyone else in the country. Let me repeat that - they didn't even have an audit trail in place to see who accessed what. We eventually - only by raising a big fuss - got some basic security measures in place.
Lot of good people in the NHS. But not many at the top. And don't even get me started on the corruption when it comes to American corps milking the NHS for profit and giving fuck all in return!
The biggest reason I left the NHS was because I recognized that the actual problems were above the level that I had the authority to fix. (Well, that and a creepy married manager who fancied me).
Okay, rant over. I assume you're still inside the NHS. Good luck!
- Updated Microsoft Azure goes TITSUP (Total Inability To Support Usual Performance)
- The Return of BSOD: Does ANYONE trust Microsoft patches?
- Review Apple takes blade to 13-inch MacBook Pro with Retina display
- Munich considers dumping Linux for ... GULP ... Windows!
- Pic iPhone 6 flip tip slips in Aussie's clip: Apple's 'reversible USB' leaks