Today I received a letter from the NHS "Buckinghamshire & Oxfordshire Cluster" advising me that unless I object, a "Summary Care Record" will be created on my behalf. The letter suggests that this will be a good thing as information will then be readily available for my care in an emergency.
"The record will contain information about any medicines you are taking, allergies you suffer from and any bad reactions to medicines you have had, to ensure those caring for you have enough information to treat you safely"
Now, on the surface, this seems a good idea, until one looks at the detail and in particular the security detail.
"Healthcare staff will ask your permission before they look at your record, except in certain circumstances for example if you are unconscious."
To me, this means there is no security, anyone with access to the system can look up the details of any patient whose records are on the system. Logically, if they can look up my record if I am unconscious, they can also look up my record when I'm miles away.
"By law, anyone working for us or on our behalf must respect your confidentiality and keep all information about you secure".
I don't doubt that is the legal situation, but laws are frequently broken, as in the case of the phone hacking saga and the number of public officials who subsequently have been arrested for selling information to the media.
To access the data, Healthcare staff will "need to have an NHS smartcard with a chip and passcode" and "will have their details recorded". But then similar rules apply to the Police National Computer and this has been subject to quite a bit of misuse by both police officers and administrative staff in order to obtain personal details. Whilst this occasionally comes to light in the course of some other investigation, it would seem that the majority of misuse goes unnoticed. Why would the NHS be any different?
The concluding paragraph is rather disingenuous
"No matter how careful we are, there are always risks when information is held on computers as there is when they are held on paper"
No, the risks are far higher when they are held on computer. It takes a matter of just a few seconds for someone, anywhere in the country, to access records on a computer and copy them to a memory stick. With paper records, only someone at the hospital where you are being treated or at your GP's surgery could access the records, and copying requires time either at a photocopier or to make notes longhand, either of which I would suggest is a far more risky business.
Finally, regarding children it seems that parents may opt out, but "In some circumstances your GP may feel it is in your child's best interests to have a Summary Care Record". Big Brother now knows what is best for your child.
I strongly oppose these nationwide computer systems and have a strong dislike of the "Unless we hear to the contrary, we will ... " attitude. The only way you can keep your data secure is to keep it yourself, and I would have been quite happy to put a small memory stick with the information onto my key ring which is always in my pocket. My wife, who is on warfarin blood thinner, always carries her record booklet in her handbag along with a list of the other drugs she takes, and if one believes what one is told, this is all that will be on the Summary Care Record, so this information will presumably meet any emergency care needs.
Another point of interest is who outside the NHS will be given access to the information, and for what purposes? In this contest it is worth noting that DVLA has banned more than 150 councils from accessing their database after they had breached motorists' privacy (Daily Mail). How long will it be before the NHS allows access, say, "for research" and the priviledge is similarly abused?
I have 12 weeks to make a decision but I will probably decide to opt out.
Showing posts with label computer security. Show all posts
Showing posts with label computer security. Show all posts
Saturday, 8 December 2012
Monday, 26 July 2010
Wikileaks and Garry McKinnon.
Each time Garry McKinnon is mentioned in the press, I wonder how it was that he was able to hack into the US Defence Computers, and why so much fuss is being made over something which, whilst illegal, scarcely did any significant harm. I have always felt that there was more to this "than meets the eye".
Today, we have the news that someone has leaked some 90,000 US military documents to Wikileaks covering events in Afghanistan between 2002 and 2009.
Now, if I'd had responsibility for computer security at the time of the Garry McKinnon incident, my main priority would not have been chasing the criminal but asking "Why on earth are our security systems so bad that someone with an ordinary home computer could conduct a sustained hacking exercise which took place over fourteen months and involving 96 computers in five US government departments, and which we only knew about because he left messages behind?". My next question would have been "If someone like this can hack into our computers, who else, with far superior resources, has also hacked into our computers but kept quiet about it?".
Today's news proves that nothing has changed. US government computer security seems as lax a ever and it would seem that nothing on their computers is secure from a determined hacker. Most developed countries have their own equivalents of our GCHQ with resources which are far superior to those used by Garry McKinnon, and there is no doubt in my mind that some of these countries will also have been accessing US government computers - why shouldn't they, Russia, China, Israel and many others would consider this to be a normal intelligence activity.
Which brings me back to my original thoughts - The fuss over Garry McKinnon and his extradition wasn't so much to punish him, but more of the nature of a smoke-screen to distract the media from asking questions as to how it happened, and protecting the individuals responsible for security.
If David Cameron wants to get one up on Obama over the recent treatment of the UK, he should issue a warning (albeit tongue in cheek) to all our government departments that they should be wary about sharing secrets with the US until GCHQ is satisfied with the security of the American government computer systems!
.
Today, we have the news that someone has leaked some 90,000 US military documents to Wikileaks covering events in Afghanistan between 2002 and 2009.
Now, if I'd had responsibility for computer security at the time of the Garry McKinnon incident, my main priority would not have been chasing the criminal but asking "Why on earth are our security systems so bad that someone with an ordinary home computer could conduct a sustained hacking exercise which took place over fourteen months and involving 96 computers in five US government departments, and which we only knew about because he left messages behind?". My next question would have been "If someone like this can hack into our computers, who else, with far superior resources, has also hacked into our computers but kept quiet about it?".
Today's news proves that nothing has changed. US government computer security seems as lax a ever and it would seem that nothing on their computers is secure from a determined hacker. Most developed countries have their own equivalents of our GCHQ with resources which are far superior to those used by Garry McKinnon, and there is no doubt in my mind that some of these countries will also have been accessing US government computers - why shouldn't they, Russia, China, Israel and many others would consider this to be a normal intelligence activity.
Which brings me back to my original thoughts - The fuss over Garry McKinnon and his extradition wasn't so much to punish him, but more of the nature of a smoke-screen to distract the media from asking questions as to how it happened, and protecting the individuals responsible for security.
If David Cameron wants to get one up on Obama over the recent treatment of the UK, he should issue a warning (albeit tongue in cheek) to all our government departments that they should be wary about sharing secrets with the US until GCHQ is satisfied with the security of the American government computer systems!
.
Subscribe to:
Posts (Atom)
