Comments on: Which services should remain offline?

By: Ross Anderson

Ross Anderson — Mon, 09 Oct 2006 10:07:31 +0000

Thanks for pointing that out. I’ve fixed the link

By: ant

ant — Mon, 09 Oct 2006 01:00:00 +0000

Try this:

http://www.cl.cam.ac.uk/~rja14/Presentations/emis-sep2006.ppt

By: ant

ant — Mon, 09 Oct 2006 00:57:11 +0000

@nickj - not just you:

http://www.cl.cam.ac.uk/~rja14/Presentations/emis.ppt not found

By: nickj

nickj — Sun, 08 Oct 2006 22:20:07 +0000

hi, I’m getting a 404 on the talk on confidentiality link - is this just me?

By: Gavin Jamie

Gavin Jamie — Fri, 29 Sep 2006 10:06:47 +0000

At the risk of seeming a bit obsessive another issue has arisen this week, which perhaps gives some idea as to the online thinking.
A GP had an appointment made using the “Choose and Book” system. When a patient has a referral made under this system two sheets of paper are produced. One has booking details and a booking number (UBRN) and the second has a password. The password is in the format of all of those AOL CDs that used to fall out of magazines - two random words.
Crucially every time that the patients details are brought up in the choose and book application - and that could be anyone with access to choose and book - at least 50,000 people - the password is displayed next to the name and address. Much of the security of the NHS system is dependant on all people in it being trustworthy.
It probably pays to stop and consider the threat model here. The password prevents somebody guessing the UBRN and booking an appointment in that name at one of the hospitals specified in the referral in a clinic that is also specified. By guessing it would be difficult to pinpoint a specific individual and if you had access to the application to tie a UBRN to an individual you could see the password anyway.
So back to the GP. Having some regard to security he decides to change his password. He goes to the Choose and Book website and changes his password. As with most people he has a pool of passwords which he uses. He picks one of them.
He then discovers that his new password is visible to all through the Choose and Book application. What was previously a somewhat pointless password has been converted to something which would allow a user who was less than straight and true to get his password to other sites, email etc,etc
But was it really pointless?
Well this is not a one time password. This is a password for life. Its existence and use on the healthspace site suggest that it will be the key to many of the services Ross talked about above.
Password management across 50 million people with differing and changing levels on competence and not even and email address is at best difficult at worst ignored. The foundations are in, and they are made of cardboard.

By: Gavin Jamie

Gavin Jamie — Mon, 25 Sep 2006 08:08:12 +0000

I was not at the conference although I am sitting here with an EMIS system running in front of me!
On line access to the full medical record is still a niche product. By far the greatest requests to view records come from lawyers rather than directly from the patients themselves. The nature of consent to these requests has occasionally been questioned - along the lines mentioned above. On line access would certainly make things easier, and cheaper, for practices. From the patients point of view their representative gets the details more quickly. Still it is hardly of earth shattering significance.

Where the systems are likely to cause problems is in partial access to medical record which is increasingly common and popular. A prime example of this is EMIS’s own system for getting repeat prescriptions. There is obviously a demand for this sort of service but the system will present you with a list of your current medication.
Medication lists are arguably the most sensitive part of a medical record. Most chronic conditions leave a distinctive ‘footprint’. Salbutamol=asthma, fluoxetine=depression, mifepristone=termination of pregnancy or foetal death, olanzepine=psychosis etc etc.

So certainly full access to medical records is not the top service to go on line, but the issues involved are not limited to that case.

By: Clive Robinson

Clive Robinson — Fri, 22 Sep 2006 11:03:07 +0000

Unfortunatly in some parts of the country you have no chocie, dorctors ect have grouped together and put your details on line through things like chose and book.

You get no choice, you receive a piece of paper through the post saying you have consented and that you have been through it with your doctor / consultant / who ever and that you have a password that you selected.

Well the sad truth (in my case and many others I have spoken to) is that there was no consultation they select your password and they might remember to send it to you (or as in my case they don’t). But more importantly this same self paswword ends up on a piece of paper that gets sent to the doctor / consultants secretary….

So much for a secure reliable system where you can make a choice….