back to article Prime Minister's health records breached in database attack

Personal medical records belonging to Scotland's rich and powerful - including Prime Minister Gordon Brown and Holyrood's First Minister Alex Salmond - have been illegally accessed in a breach of a national database that holds details of 2.5 million people. The files contained names, ages, addresses, and occupations of the …

COMMENTS

This topic is closed for new posts.
  1. Henry Cobb
    Black Helicopters

    You left out the most interesting bits

    Oh come on and spill the beans.

    What's Gordo taking?

    My guess would be drugs to combat high blood pressure, hypothyroidism and depression.

  2. Anonymous Coward
    Paris Hilton

    I'll Be Opting Out, Then

    I think I'll be opting out, then.

    Just this morning, I got a letter from my local NHS patch telling me about the NHS Care Records Service. Amongst other things, the letter says, "The new service is being introduced to help deliver better, safer care and give you more choice about who you share your healthcare information with."

    The letter goes on to say, "If you would like to have a Summary Care Record, and the added protection it can offer, you do not need to do anything - your GP will automatically create your new record on or just after 22nd June 2009." Brief details are then given on how to opt out.

    With the letter came an accompanying leaflet about the NHS Care Records Service. Throughout the leaflet, the following marketing tag-line is repeated: "It's good to share." The leaflet also says, "The NHS Care Record Service uses the strongest security measures - stronger than those used for internet banking."

    In light of this government's appalling track record on data security with people's personal details - not to mention the growing police state - I was already anticipating opting out. This article has pretty much decided it for me.

    For those interested, the NHS Care Records Service have their own website: http://www.nhscarerecords.nhs.uk/ Their FAQ contains the following gem:-

    "Is the NHS Care Records safe from hackers? How secure is the NHS Care Records Service?

    "It would be very difficult to hack into it because the system uses the strongest national and international security measures available. It uses stronger safeguards than internet banking."

    Paris - do I need to list reasons?

  3. yossarianuk
    Happy

    Nothing to hide ???

    Sorrry last post should have read:-

    Now will they see how stupid the 'nothing to hide' argument is?

  4. Anonymous Coward
    Pirate

    Sweet

    Maybe eventually they will realise.

    Muppets.

  5. Anonymous John

    Never mind.

    If they've nothing to hide, they've nothing to fear.

  6. Anonymous Coward
    Anonymous Coward

    It will just keep happening

    and notice it is the staff that are doing it, you can just not trust anyone in the NHS cabal, they are more interested in putting into place Sharia law, and tithing to the pharmaceutical companies.

    Scots are soon not to be allowed to drown their sorrows, oh alcohol naughty, but patented prescription drugs good, it is so obvious and immoral, but people just blindly follow this corrupt lot.

  7. mittfh

    The weakest link...

    It doesn't matter if you have 128 different 1,024 bit encryption algorithms stacked on top of each other - the weakest link in any electronic database is its users. Give them access to the entire database, and sooner or later someone will abuse their privileges and access records they have no business to be accessing.

    Dare I mention "ContactPoint"?

    Now here's a simple idea to make these databases a bit more secure - without the need for additional encryption algorithms etc.

    If you request access to a record for a patient / client who's not normally dealt with by your team / practice, you have to get the request electronically authorised by a manager (social care databases already require manager's electronic authorisation to 'sign off' and complete certain assessments). Even when authorisation has been granted, it should create an audit trail that can be accessed by their manager - even better, automatically notify their manager of whose record has been accessed. It shouldn't create too much of a burden - I'd assume "out of area" requests are fairly infrequent...

    OK, so it's not foolproof (no system could be), but the countersignature should put off the majority of people intent on nosing around...

  8. Andy ORourke
    Happy

    Ha ha ha ha ha ha

    Ha ha ha ha ha ha ha ha ha ha ha

    Don't worry though, the ID database will be totaly secure, this kind of thing could never happen. All users will be heavily vetted.

    Ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha

    It's in the database!

  9. Anonymous Coward
    Pirate

    Brilliant

    Simply brilliant! Gordo's first into the (inter)national database.

    Now, we still need volunteers from the DVLA to ransack other high-up politicos data, come on people, we need to get Wacky Jacky!

  10. Anonymous Coward
    Boffin

    To the latently Caledonophobic Dan Goodin:

    Brown isn't Scottish, he's British.

    Haven't you been listening to /anything/ he's been saying?

  11. Anonymous Coward
    Flame

    I'll Be Opting Out, Then - Part Deux

    Same Anonymous Coward here.

    Turns out you can't opt out of the Detailed Record, only the Summary Care Record. I've downloaded, printed and filled in the opt-out form. Looks like I'll have to talk to my GP surgery about restricting access to the Detailed Record. I'll make it absolutely clear to them that I want access restricted as much as possible, with as little sharing as possible.

    I'll also tell the NHS just what I think of their FUD. For example, the leaflet they sent me includes this bit of gentle FUD:-

    "Not sharing means:

    * doctors may not have all the relevant information when making decisions about your treatment

    * you might need to remember and regularly repeat information about your treatment, medical history and medication

    * your treatment might be delayed while paper notes and results move around."

    No mention of serious data security breaches, though. Or the risks of living in a Big Brother police state.

    I'm frankly disgusted with how they're trying to FUD people into going along with it.

  12. Alan

    Is a title needed

    Quote;

    The letter goes on to say, "If you would like to have a Summary Care Record, and the added protection it can offer, you do not need to do anything - your GP will automatically create your new record on or just after 22nd June 2009." Brief details are then given on how to opt out.

    This sounds a bit like p***m --- surely if you want to opt out, the record should not be created at all, if it is you are already in whether you like it or not! No, it should be opt IN then if you say no, no record is created.

    The letter should say

    "If you would like to have a Summary Care Record, and the added protection it can offer, see your GP who will automatically create your new record on or just after 22nd June 2009."

  13. Anonymous Coward
    Anonymous Coward

    @Alan, Re: Is a title needed

    Opting out means no Summary Care Record is created. Or if it's been created, it gets deleted. It's automatically created unless you opt out before that happens.

  14. Graham Marsden
    Boffin

    "highest standards of security."

    *WHOOOOP* *WHOOOOP* *WHOOOOP*

    Danger! Danger!

    Irony level overload...!

    *WHOOOOP* *WHOOOOP* *WHOOOOP*

  15. Anonymous Coward
    Joke

    I'm following Gordo

    I'm posting my health records on Google Health to share them with everyone.

  16. Anonymous Coward
    Anonymous Coward

    Re: I'll be opting out then

    The thing about a list of medication and alergies is that it is often required for a person who is unconcious or unresponsive. That pretty much means that you need to trust medical staff who (a) know that an inappropriate access will be detected, and (b) can expect to suffer consequences if they do so. If you have a better idea, then write it up and become famous, but that's the best one going at the moment.

    In this case, the system worked as designed. A person in a position of trust abused his access, was detected, and has been arrested.

    If you want to opt out, then I'm guessing you aren't strongly allergic to any common medications, and don't have any other conditions that an emergency medical team would need to know about, so go ahead. For people who regularly take fifteen or twenty medications, it is not just annoying but scary to have to tell hospital staff what they are taking. If they forget one, or the person admitting them copies the list incorrectly, they may be given something that conflicts. A database like this gives peace of mind (and better care) to a lot of people. Specifically, it can improve and speed up care for a group that makes up a minority of the population, but a significant fraction of casualty admissions.

    If you are more worried about someone learning about that Viagra prescription than you are about informed emergency care, then it's good to be able to opt out. You may have a stroke and be given something that reacts badly with it while you can't think straight, but what are the chances of that? For a lot of people, the risk is much higher.

  17. Paul Thomas

    sharing

    "Not sharing means:

    * you might need to remember and regularly repeat information about your treatment, medical history and medication"

    there are very good reasons why doctors ask you to repeat things that have nothing to do with their ability to access your records or not, similarly nurses administering drugs don't ask you questions because they don't have your records

    just more government claptrap

  18. Stuart Butterworth
    Black Helicopters

    @ Gerhardt

    re: To the latently Caledonophobic Dan Goodin:

    Sorry, you've got entirely the wrong end of the stick there - as a Scot, Gordo Broon is allowed, nay, ENCOURAGED to celebrate his Scottishness.

    Its only being ENGLISH thats illegal.

  19. TeeCee Gold badge
    Joke

    @Gerhardt

    Exactly what do you have against the English, Welsh and Northern Irish that makes you say that?

    I think it's highly unfair of you, not to mention insulting and insensitive, to tar the rest of us with that particular brush.

  20. Anonymous Coward
    Paris Hilton

    I'll be opting out too.

    No need for any potentially embarrassing medication here and I'm only allergic to peanuts, house dust and animal fur so I reckon I'm fairly safe in casualty unless they inject me with a bag of dry roasted and make me clean up the dog's bed with a leaky vacuum cleaner.

    If I was strongly allergic to any medication I'd be wearing a medicalert tag of some description just in case my medical records weren't accessible.

    Although I don't disagree that a nationally accesssible medical database is a good idea, the problem is that I don't trust them to run it securely, accurately or even efficiently.

    FFS the NHS can't even manage to keep their machines patched with Windows updates which any admin who has an ounce of knowledge can do automatically with minimum/no disruption to users.

    As with almost all public IT projects, this will be out of date by the time it's implemented, it will be massively over budget, it will be unreliable and prone to failure, there will be the usual gang of corporates with their snouts in the trough suckling on tax payers money and taking no part of the blame when it falls over in a smouldering heap.

    Paris, no need for viagra.

  21. Pete Laird
    Unhappy

    @AC - 07:26

    Unfortunately, previous comments are not just about Emergency Care Records, but the full scale, we're recording everything from coughs and colds to mental illnesses, database, not just which prescriptions are being used. The information on the database that was stolen, was a small subset of that which could be stored on the full NHS database. Someone finds out that I am allergic to pennicillin, fine, I'm not that worried, someone finds out that I have a mental illness, that's a different matter. Emergency Care Records that can only be accessed, with my permission, or when I'm unconscious, I'd be prepared to do that. Full medical records, available to anyone I have cause to meet in the NHS? I don't think so. I'll be opting out too.

    Oh, and how about people just take responsibility for their own emergency medical information. People with allergies tend to wear those rather funky bracelets with all the necessary in. Bet nobody would have been able to nick Gordo's info if he'd kept it in one of those.

  22. lIsRT

    @ Anonymous Coward 03/03/09 07:26 GMT

    If I had been found to have a seriously bad reaction to a particular drug (or any substance not generally expected to cause harm) I would certainly not want to rely on records (computerised or otherwise) or my ability to remember any of them - it would be on one of those bracelets (http://en.wikipedia.org/wiki/Medical_identification_tag) or, more reliably, tattooed on my chest.

  23. Nick
    Paris Hilton

    ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha!

    ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha!ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha! ha!

    Paris, cos she likes a good laugh!

  24. Paul

    @Gerhardt

    I try not to. He gives me a migrain... I wonder if that should be on my records...

  25. Anonymous Coward
    Stop

    @AC 07:37

    "n this case, the system worked as designed. A person in a position of trust abused his access, was detected, and has been arrested."

    But DID the system work as designed? Had this doctor accessed my record or yours would anyone have noticed?

    I suspect that what actually happened is an audit was run on access to one of these individual's records. Then all individuals who had accessed that record were audited.

    This may catch those who access records of the rich and famous but does nothing to protect Ms Jones from Cardiff from a stalker or similar.

  26. Bob

    *sigh*

    I despair of this country when this kind of thing happens so regularly and the general public care so little that we're still on track for a national ID database. Soon enough disinterested British people will get the invasive and overbearing regime they deserve...

  27. Anonymous Coward
    Stop

    @AC 07:26

    "n this case, the system worked as designed. A person in a position of trust abused his access, was detected, and has been arrested."

    But DID the system work as designed? Had this doctor accessed my record or yours would anyone have noticed?

    I suspect that what actually happened is an audit was run on access to one of these individual's records. Then all individuals who had accessed that record were audited.

    This may catch those who access records of the rich and famous but does nothing to protect Ms Jones from Cardiff from a stalker or similar.

  28. Anonymous Coward
    Paris Hilton

    the thing about ignorance

    "The thing about a list of medication and alergies is that it is often required for a person who is unconcious or unresponsive. That pretty much means that you need to trust medical staff who (a) know that an inappropriate access will be detected, and (b) can expect to suffer consequences if they do so. If you have a better idea, then write it up and become famous, but that's the best one going at the moment."

    Sorry I do not believe that you have understood the critique at all. I am sure that most people here in the UK who are against this particular scheme are not necessarily against all of the foundational ideas underpinning the NHS. The problem in your argument is down to the overgeneralised use of "need to trust medical staff" nonsense. First of all it is not true that all medical staff need to be trusted. Second, the use of this database is NOT limited to "medical staff" (what ever that may be?). Third even if we had a selective vetting process (which we do not) the problem with the current agenda is the move towards centralised control not the advertised ambition. Basically it is not true that everyone who "might" under special circumstances need to have access to some medical data should under all circumstances have access to most of the data! Your proposition about "If you have a better idea, then write it up and become famous, but that's the best one going at the moment." is patronizing and either politically grounded or based on ignorance. Seriously - are you really that blind that you think the UK solution is the only one? Yes the NHS is based on an extremely worth while idea and ambition - but do you actually believe that the issues with access to healthcare data has not been dealt with anywhere else in Europe? Many countries have developed their national health systems - but without the all encompassing NHS central database or the slack "trust all medical staff without personal vetting" or selectiveness attitude. There is no need to have "one" database and there is a serious need to spend more time to develop different type of access protocols with different type of restrictions with personalised vetting models. Sorry there have been many papers and governmental reports written on this issue which is not new in any way. In the Scandinavian countries these things have been discussed since the 1970's and also in countries such as Germany and Austria there have been plentyful of "papers" written since at least the 1980's in their political strive to solve exactly the same problem. But in very different ways! As usual the UK suffers greatly from being populated by many people who seem to believe that the world is constituted only by those countries where people speak a variant of the english language... And some of those are rather developed.

  29. Anonymous Coward
    Linux

    Funniest thing I've heard in ages....

    Gerhardt - I think you'll find Brown 'started in America' and is now a global pratt.

    My guess for Brown's medication is something to counter his obvious mental decline. Lithium perhaps maybe some heavy anti psychotic's.

  30. John Smith Gold badge
    Thumb Down

    @AC 07:26

    "If you want to opt out"

    No, whoever you are. The correct question is if I want to opt *in*.

    The fact it's phrased that way says a lot about the arrogance of the people who thought this one up. The solution chosen was to rely on natural apathy to avoid any questions. Rather less "informed consent" than informed contempt (from the NHS).

    Your right that that system did catch this person. But what level are they? An A&E doctor should logically have more access than a GP who will normally only treat people on their practices list. Consultants (logically) would need individual files from multiple practice lists.

    But is that the way it really works? 5 minutes thought sugests some sort of hierarchy.

    But what of the benefits.

    "The thing about a list of medication and alergies is that it is often required for a person who is unconcious or unresponsive"

    I would expect people who regularly visit their local A&E to become a recognised patient. Unless they get in trouble away from home. Don't A&E staff look for ID? Contact details of Next of Kin, GP etc? Most people I've know with such alergies and needs (typically diabetics and antibiotic allergy) wear bracelets or pendants with this information inscribed.

    "For people who regularly take fifteen or twenty medications, it is not just annoying but scary"

    Call me a bit of anorak but I'd be carrying a laminated (waterproof) card with that many different meds, their dosages, schedules and contact details seperatley from my wallet, possibly around my next. Who needs that range of meds? Survivors of 90% 3rd degree burns (how did they get our of Intensive Care), multiple transplant recipients?

    So this system could really benefit a)People who egularly end up unconcious in their local A&E but are unrecognised by staff (their face is beaten till its unrecognisible perhaps) and have no ID of any kind on them or b) A hard core group of multi-medicated people who travel round the country (individually) getting into situations where they end up unconcious with no ID and no one to answer questions about them.

    So how much of that £12.7Bn did this system consume.

    Let us make it clear. We stay out of their hospitals, they stay out of our medical records.

    It just hit me. You don't by any chance work A&E at one of the Glasgow hospitals at the weekends, do you?

    Otherwise what is Gordo (and Alex for that matter) taking these days.

  31. Anonymous Coward
    Stop

    Minor Correction!

    This is all well and fine, but this story relates to the Scottish NHS computer system which has nothing to do in terms of design, solution, security safeguards of the English Care records service. I dont think anyone can opt of the scottish solution.

  32. DutchOven
    Heart

    RE: You left out the most interesting bits

    "Oh come on and spill the beans.

    What's Gordo taking?"

    It's not just him it's Salmond too.

    ...and the answer is "too many greasy fry-ups and too many pies"

    <-- is this the "hardened arteries" icon?

  33. Anonymous Coward
    Thumb Up

    @mittfh

    Mittfh - everything you suggest is already built into ContactPoint and is being applied.

  34. MGJ

    The Irony

    If his records were still on paper, no one would have known that someone was surfing them. Just because it became easier to do, also means it is easier to catch someone doing it. If you think that your paper medical records are securely held, you haven't been to GPs surgery recently, or been pregnant.

  35. Dunstan Vavasour

    Opt out for important people

    Well, the solution is obvious: there should be a special provision for important people. Only us plebs should be left vulnerable to such unauthorised access of our medical records.

  36. Anonymous Coward
    Stop

    @AC Re: Re: I'll be opting out then

    Opt-out Anonymous Coward here.

    I do have an allergy to a very common medication. And I agree, the official purpose of these Summary Care Records is essentially good, but the official purpose isn't necessarily the real motivation. I'm concerned about this increasingly tyrannical government we have, and how they're turning this country into some kind of fascist state (where the individual is the property of the State). I'm not going to let this government succeed by holding my health hostage in an effort to take control and therefore ownership of my identity and privacy.

    Before the introduction of this NHS Care Records Service, how are people with dangerous allergies to common medications protected? One simple method is for the individual to wear an easily found medical alert bracelet. They don't have to be concious for medical staff to look for such things. It's an existing system that works well, makes sure the relevant medical information is with the patient at all times, and is pretty much immune to system crashes, data breaches, etc. It leaves the patient's medical details in the possession and control of that patient, along with their identity and privacy.

    This new system puts the State in control, and relies on the State doing it right. It takes responsibility and control away from the individual, and puts them in the demonstrably unreliable and untrustworthy hands of the State. It is the Nanny State at best, fascism at worst.

    You say, "In this case, the system worked as designed." It did not. While an individual suspected of the unauthorised and abusive access has been arrested and is being prosecuted (not convicted yet, might be innocent), the prospect of such a criminal conviction did not deter whoever it was who did breach the allegedly "strongest security measures". Such a breach simply wouldn't have happened without this State-centralised system.

    As for how this system is supposed to protect unconcious patents, I would say that's exactly what demonstrates this system to be unnecessary. An unconcious patient can't say who they are, and without knowing the ID of the patient, the NHS Care Records Service can't be used to access their Summary Care Records - useless! That means the patient has to have suitable ID on their person for medical staff to find - essentially the same as the existing system with, say, medical alert bracelets!

    Medical alert bracelets, and the like, provide important medical information immediately, then and there. No need for database look-ups. No accompanying risk of data security breaches. No problem if, for some reason, the database can't be reached at the time of a medical emergency. The individual, not the State, remains in control and possession of their own identity, personal details, and privacy. So your argument in defence of Summary Care Records is actually an argument against the whole scheme.

    And then there are wider questions, such as how to make sure potential patients always have adequate ID on them - ID cards? And then there's the stuff going through parliament right now about data sharing across the State, not just within the NHS. Add it all together, and this NHS Care Records Service turns out to be more a part of New Labour's increasingly fascist State than about genuinely helping patients.

    I think your FUD has backfired.

  37. Sam

    The Prime Mentalist

    My money's on largactil...is the list online yet?

  38. Gavin Jamie
    Heart

    The Unconscious Emergency

    The old chestnut of the Unconscious Emergency gets trotted out a lot in these circumstances.

    First of it is pretty rare that someone pitches up unable to communicate (or without someone else who can). It is even rarer that this is caused by some pre-existing condition. Mostly they have had some sort of catastrophe such as being hit by a car or a heart attack or some blood vessel stopping working for some reason. None of these helped by past history much.

    Allergies? Well occasionally relevant but again not that common - and certainly not as common as medical records say they are!

    But that is not the biggest problem. The big problem is that for these few cases where past history is useful - say epilepsy, type one diabetes etc a centralised record is a rubbish way of dealing with it. Medic alert jewelry conveys the same information, does not have too many access problems and works where the record does not - supermarkets, England, France, Mt Kilimanjaro.

    So please no more about Mr Unconscious (one of the duller Roger Hargreaves books) - it is a myth.

  39. Vincent Ballard

    Allergies

    If there's something which an emergency medical team ought to know about then surely you ought to rely on one of those bracelets with engraved information about your allergy/condition. If you rely on them being able to find your records then that assumes you carry your primary key on your person. So AC, do you have a photocopy of your NHS card in your wallet?

  40. NB
    Unhappy

    nice

    Nu-Lav IT security at its best.

    What a bunch of clueless, brain-dead, mind-numbingly ignorant, holier-than-thou, we-know-best, fucking cocks. Also don't forgot to join the facebook group Say NO to Clause 152 (http://www.facebook.com/home.php?#/group.php?gid=54487688497) and No2ID itself. We're just one step closer to goose-stepping our way into fuhrer Broon land.

    Fucking one-eyed scottish idiot.

  41. Anonymous Coward
    Alert

    Idiots..

    I'm sorry but the majority of the responses on here are made by idiots who have no idea about information security.. "just cos you run linux dont make you a security expert" reading the story it looks like the perpetrator was caught so theres your "audit trail" working. The NHS has over 1 1/2 million employees, 22,000 network endpoints and saving lives will always trump security (any CISSP's here?) theres bound to be a few bad eggs and yes humans will always be the weakest link.

    And a message to all those who are now hurrying to "opt" out.... Im sure your decision will bode you well when you are lying on a trolley unconcious in a hospital A&E dept.... again... idiots

  42. Anonymous Coward
    Anonymous Coward

    @Re: I'll be opting out then

    Tsshh oh fuck allegies, most people who have a severe allegy have a plathera of options (wrist bands may be more useful then relying on a less then perfect database, keeping a list on them, they're your meds and allergies you manage them.)

    How about you suffered perlonged sexual abuse, information that may in the wrong hands lead to any number of personal issues (limiting job opportunities (let's face it you'll probably be a liability of some sort) making you sex offenders, making you a black mail target.)

    How about you've spoken to a psychiatrist about your desires towards children, again this information could be used to blackmail you, remove your ability to work and put your life at risk and also risking undue interest from the law.

    There are a great many other things but those were just the first two I thought of (and they go together.) More include a wide range of mental illnesses, concerns, quibbles,

    As with most personal data centralisation, it's stupid and dangerous. Sure in a perfect world where everyone one is nice and happy then there wouldn't be a problem. However that isn't what the world is like, just becouse someone can gain the trust of the idiots in charge of a database doesn't mean they arn't an evil scheming basterd.

    And what kind of people have access to database, well data inputters, nurses, doctors, dba's, data anallysts, data cleansers, administrators, secretaries, trust managers, so on and so forth.

  43. Adam Salisbury
    Alert

    @ AC

    "If you want to opt out, then I'm guessing you aren't strongly allergic to any common medications, and don't have any other conditions that an emergency medical team would need to know about, so go ahead. For people who regularly take fifteen or twenty medications, it is not just annoying but scary to have to tell hospital staff what they are taking. If they forget one, or the person admitting them copies the list incorrectly, they may be given something that conflicts"

    That's all well and good but I've seen friends like that admitted to hospital recite their list verbatim and then still have the staff get it wrong, and besides just because the system is the best a bunch of incompotent muppets can cobble together whilst presumably drunk doesn't mean we should use it lieu of something more secure than a wet paper bag

  44. Anonymous Coward
    Anonymous Coward

    @ Anonymous Coward 07:26

    You're talking about an edge case that affects very few people here. There's no need to spend billions on a database to get round this problem; use a tag.

    Also, if you're seriously ill, do you want the medics to start sorting you out or start faffing about with a computer?

    "That pretty much means that you need to trust medical staff who (a) know that an inappropriate access will be detected, and (b) can expect to suffer consequences if they do so." - this is bullshit, NHS staff routinely abuse their privileges, are not detected or if they are, they are not penalised. This being the exception that proves the rule.

    "In this case, the system worked as designed. A person in a position of trust abused his access, was detected, and has been arrested." - stupid. sounds like you're making money out of the NHS IT bandwagon. No database means abuse of privilege is limited to the doctor's or hospital's premises, and that's the way I like it. If you construct a database it will be abused. If it's a big database on the internet it will be massively abused. FFS these fuckwits are going to put put your medical records on the fucking internet - have a look at some morons here: http://www.nhsalliance.org/media.asp?display=press_release&press_release_id=387

    If this scheme is sooo fucking good how come it's getting forced down our throats? IF there are people with allergies (this appears to be the _only_ justification for siphoning £billions off to a load of dodgy IT contractors), then by all means set up a database for them, if they _want_ to be on it. My guess is that the number of takers would be in the low thousands.

    The point about this farrago of bullshit is that people don't go down the pub and drone on about how there should be an NHS database - the reason being that no one wants it. This fucking monster is the bastard offspring of a politician out of a global technology services provider and we're going to be paying for it and have our details stuck on it whether we like it or not.

  45. Anonymous Coward
    Stop

    FFS

    Surely doctors should only have access to their own patient's records.

    From the Department of Common Sense.

  46. Anonymous Coward
    Anonymous Coward

    @Idiots..

    You evidently know nothing about the trust, even if you work in it.

    And you're also talking junk when you talk about A&E.

    People with allergies, serious medical needs, etc, should have on them at all times identifying materials that will tell medical professionals what they need to know. Why? Well becouse you never know when an emergancy will strike.

    Terrorist attack/misc disaster(plane crash in a residentual area)/Natural disasters with 100's of people injured, do you think authorities have time to check every persons medical records? No they just want to check around your neck or on your wrist then do what they need to stabilise you.

    What if you get ill abroad where they don't have access to the magic database?

    What if you have the same name as someone who has no allergy and they get that record first?

    How are they to know you are a person in a medical record? Your national id card perchance? A medical card? If you already have a god damn medical card why doesn't have the immediate medical details of interest on it? What happens if your in a blast or a fire and the card is rendered unreadible? Will the medical card have rfid? What if the rfid has broken? No the wisest course is a necklace and wrist band, possibly ankle band aswell, anything else is rubbish.

    There are probably thousands of reasons this unified database is stupid and will put lives at risk.

  47. Alexander Hanff
    Stop

    Charged under the DPA?

    So exactly how is this Dr being charged under the DPA? For the past year the ICO have been telling members of the public that they have no powers to take DPA breaches to court and that the only option for court is a private civil prosecution where "damage" must be proved in order for a case to stand a chance.

    So it is interesting to see that when the rich and famous get their data abused suddenly the ICO are taking criminal action?

    Thereis not enough info in the article to determine exactly what action is being taken and how - I would be very interested to find out.

  48. Anonymous Coward
    Pirate

    Re: Idiots..

    "saving lives will always trump security"

    That's just wrong. So, so wrong.

    I'm fed up with this sheep-scaring propaganda that uses the threat of death to try to herd people into submission. It's wrong, it's evil.

    See the "LIVE FREE OR DIE!" comment under another article for why: http://www.theregister.co.uk/2009/03/02/convention_liberty/comments/

  49. The Fuzzy Wotnot
    Thumb Up

    Fantastic!

    Let's hope that this little example is recorded in the agenda for the next Wacky J meeting on the national comms DB. Yeah, I know. Fat chance!

    Couldn't have happened to more deserving people.

  50. John Smith Gold badge
    Coat

    @Gavin Jamie @AC11:04

    "First of it is pretty rare that someone pitches up unable to communicate (or without someone else who can). "

    Yes that's what I suspected.

    @AC 11:04

    One staggering figure to keep in mind. The NHS is the 3rd largest institution in the *world,* after the Indian Railway and the Chinese Army. But I doubt its anywhere near as unified.

    But having said that hello Mr NHS person again (or are you another one).

    "reading the story it looks like the perpetrator was caught so theres your "audit trail" working"

    Impossible to say given the available details. I'd have thought the NHS would have liked to publicise this as an example of exaclty this kind of eternal vigilance.

    "Im sure your decision will bode you well when you are lying on a trolley unconcious in a hospital A&E dept"

    I'm a bit slow so help me out. I'm unconcious with no ID on me and no one with me (the case your predecessor was fond of). How will you get my NHS number or other key to an NHS medical record off me? Or will you treat me the old fashioned way. Treat as usual but watch for allergic reaction with existing drugs.

    Since you sound like you're accessing some kind of NHS stas system perhaps you could also give us the ball park figure of how many of patients need more than 10 seperate drugs? lets get some bounds on how big a *real* problem this might actually address.

    I'll be waiting.

    By the way I know drugs exist for delusions but are there any specifics for low self-esteem and paranoia?

    The last party conference. Gordon Brown high on a positive vibe. Tony's gone. No one (not even Gordon it appears) suspects whats coming with the banks. Polls good. Never a bette time to go to the country and get the peoples mandate. Even I would have voted for him. so with all systems go he goes Lister on us.

    "Sir. All sensors indicate this is a fully working time/space engine."

    "So whats the catch"

    "There is none. If we set the co-ordinates it will take us anywhere in time and space instantly"

    "There's always a catch Kryt's. It never works like its supposed too."

    Seriously how else to explain what actually happened? A complete bottlectomy. I think Gordo should be topping up on his 'scripts

    We have no need to know this information. And the doctor had no need to ask. So how could he in the first place?

    You can guess whats in my jacket pocket.

  51. Eponymous Cowherd
    Flame

    Re:Idiots

    ***"it looks like the perpetrator was caught so theres(sic) your "audit trail" "***

    But he still did it. The data was still accessed. There is cold comfort in knowing the "audit trail" is going to result in the perp being brought to book after your intimate details have already been rifled and passed to unknown persons.

    ***"The NHS has over 1 1/2 million employees, 22,000 network endpoints and saving lives will always trump security (any CISSP's here?) theres (sic) bound to be a few bad eggs and yes humans will always be the weakest link."***

    That should be up to the individual. If someone is happy to be placed on an all-encompassing Government ultra-database on the off-chance that it *may* save their life, then that should be a *personal* choice, an informed opt-in.

    The Government's current model is to slap any and all personal and private details on a variety of databases without our consent and, often, without our knowledge. That is unacceptable.

    And the fact that "there's bound to be a few bad eggs" is absolutely true. Which is why the "Database State" is such a *bad* idea. The more people who can access the data, the more chance that one of those is a "bad egg".

  52. Anonymous Coward
    Thumb Up

    Astroturf

    Is it just me, or are the NuLab astroturfers just so obvious now that they're sticking out like sore thumbs these days?

  53. amanfromMars Silver badge

    Plonkers 'r' Us ...... When will the Farce End?

    "Astroturf ...... Is it just me, or are the NuLab astroturfers just so obvious now that they're sticking out like sore thumbs these days?" .... By Anonymous Coward Posted Tuesday 3rd March 2009 13:48 GMT

    AC,

    I've just spent a pleasant half hour sat somewhere in comfort in the UK having a video chat for free [Messenger/Skype type AVOIP] with family and friends in the Middle of Eastern Europe and Mr Bean/Crash Gordon wastes everyones Time, Effort and Public Money Poncing around in Washington, flogging a Dead Horse.

    MeThinks the Myriad Technologies, so readily Available to One and All, would and will Show them up for what they Really are, and they aint got nowhere to Run and nowhere to Hide. Oh Happy Days,...Oh Happy Days :-)

  54. chris
    Happy

    Not just the records that're escaping

    "the NHS cabal, they are more interested in putting into place Sharia law, and tithing to the pharmaceutical companies."

    Hi. Have Your Say is over that way, behind the door marked "Psychiatric Outpatients".

  55. chris
    Boffin

    @ Stuart Butterworth @Tee Cee

    If you were up on the politics and "positioning" around devolution, you'd know that Labour and Gordon Brown are staunchly Unionist / anti-Independence and under serious pressure from the SNP.

    Hence, every time he speaks on the issue he bigs up "Britishness" not Scottishness and there is also a consistent Unionist bias in the media here.

    If you're outside Scotland, this would be invisible to you, as it's pro-Independence sentiment is generally ignored as an issue. Gerhardt's point has bugger all to do with some nationalisms being "acceptable".

  56. Anonymous Coward
    Paris Hilton

    Oh jeebus...

    amanfrommars is making more sense than NuStasi...

    May %deity% help us all.

    Paris, I've been really really good and I've prayed every day... Can I have her now?

  57. Jimmy

    Schadenfreude

    Oh, the exquisite, shuddering, orgasmic pleasure to be derived from the discomfort of the arrogant ruling elite. I tell you, it's almost better than sex without a rubber.

    The architects of The New World Order and the database state hoist with their own petard, exposed as credulous morons wandering around in an evidence-free zone where only opinion, belief, faith and conviction are allowed to prevail. Mere facts, evidence and experience count for nothing in the eyes of this dismissive clique of New Scientologists.

    Even the spectre of the City of London crashing and burning around their ears won't persuade them of the error of their ways because zealots are always convinced that "there is no alternative". Which at least leaves us with the delicious prospect of another moment of schadenfreude when their uber database inevitably goes tits-up.

    Y'all have a good laugh, now.

  58. Pierre

    Re: Idiots (and @ other idiots)

    What the fuck happened to the medical cards you can keep in your wallet? There goes your "saving lives" benefit (which is faster for the paramedic: reading a card you carry or finding a NHS computer, logging in, finding your record, browsing it and finally spotting that allergy among pages of irrelevant info?)

    So the database is not terribly useful as far as "saving lives" is concerned. Now it is a very good way of monitoring your life (did you lose your cold medication while on holiday, or are you a meth guy?). And a goldmine for stalkers and other miscreants (to take an extreme case, using a known food allergy is a much more convenient way to kill someone than using a gun).

    Useless and dangerous database. Not want.

  59. David Hicks
    Unhappy

    Won't stop them for a second

    They'll write this down as an isolated incident and carry on regardless.

    The morons in power here do not understand that if you create the database it *will* be hacked. Someone will be bought, or someone will give up a password by accident, or the technology will be inadequate.

    But that's no concern, lets move on and put all of everyone's details in a single place and hope that it all goes well. Fingers crossed the software guys are the world's best, the public employees with access are all incorruptible and security minded.

    Yeah right.

    (All of the above is an aside to how the horrible idea this is in the first place)

  60. RW

    @ Bob

    "Soon enough disinterested British people will get the invasive and overbearing regime they deserve..."

    They already have it. Or, to be more precise, are subject to such a regime.

    Someone should really make an effort to extract Hazel's, Harriet's and Our Jacqui's records from as many gubbmint databases as possible, then broadcast the content far and wide.

    Except I have a funny idea that the records of the Beloved and Maximal Leaderesses have all been removed lest that very thing happen. Gee, I thought that if you had nothing to hide, you had nothing to fear!

    Perhaps someone might *claim* to have done so and broadcast false, but credible, information, then watch the fur fly. Normally I'd say that merely telling a white lie is no crime, but knowing NuLabour, they've probably criminalized it at least ten times since B. Liar became PM. Anonymous printouts glued to hoardings, anyone? Or sent to the editors of major newspapers and magazines and websites?

    No icon today. The whole thing with NuLabour and its love of the lie (Our motto, the bigger the better!) is just too depressing for any kind of humor.

  61. Anonymous Coward
    Stop

    The BBC have been thorough with their reporting on this.

    This is the only thing that the BBC website has to say about this situation: http://news.bbc.co.uk/1/hi/scotland/edinburgh_and_east/7760903.stm

    I've emailed them and asked them where the rest of the info is, the details about the failure of the security, etc.

    Obviously the country only needs to know that we'll catch the miscreants AFTER they have sold you up the river and blackmailed you. We don't need to know that the little monkeys can get their hands on our data despite assurances of security.

    I will post their response (if they bother to send one).

  62. Anonymous Coward
    Paris Hilton

    Re: The BBC have been thorough with their reporting on this.

    This is off-topic, but one of the "most popular stories now" caught my eye: http://news.bbc.co.uk/1/hi/england/lincolnshire/7923718.stm

    "CCTV simulated-sex pair sentenced

    "A couple who were caught on CCTV cameras simulating sex to torment their neighbours have both been given two-year restraining orders.

    ...

    "Deputy District Judge Alan Fowler said the CCTV cameras, which had been pointed into the couple's back garden by the four neighbours, did invade their privacy but they were entitled to do this by law as they were detecting a crime.

    "He said: "The response of Mr Jarman and Miss French to the cameras was entirely unnecessary and bizarre in the extreme, with Miss French holding up her jumper and walking up and down with a sign saying 'pervert' on it.

    ""Behaving in the way they did was very odd."

    "He added: "What happened, from what I saw on the CCTV and I heard in evidence, was that the behaviour of Miss French and Mr Jarman, which they cannot deny because there is visible evidence, was bizarre behaviour which amounted to harassment.""

    It does sound like there's more to the harassment than just how they responded to the CCTV. But even so, this interpretation of the matter is more than just worrying. It sounds like if your privacy is invaded, and you respond to that invasion of your privacy by larking about and expressing your objection to such intrusion, your response can count as "harassment", thereby justifying the invasion of privacy itself, which then counts as "detecting a crime"!

    We really do need a Big Brother icon these days. Paris instead, because she looks like she's keeping a watchful eye on things.

  63. Anonymous Coward
    Anonymous Coward

    @The BBC have been thorough with their reporting on this.

    lol. BBC. You don't arn't under the illusion that they're a legitimate news organisation are you'?

  64. John Smith Gold badge
    Joke

    AC@15:06

    "He added: "What happened, from what I saw on the CCTV and I heard in evidence, was that the behaviour of Miss French and Mr Jarman, which they cannot deny because there is visible evidence, was bizarre behaviour which amounted to harassment.""

    Let me see if I got this right

    So 4 different neighbours spy on your garden

    You respond with a something designed to upset them and discourage them from spying, which is what you think they have been doing.

    This behaviour is on completly private property and therefor you have an expectation of a right to privacy.

    You are accused of harassment.

    Nosey, officious busybody neighbours spying on other people when its none of their business.

    This isn't Redditch by any chance?

This topic is closed for new posts.

Other stories you might like