Why is the PCT involved in the records
breach?
Mary Hawking
In reference to
"Warning as NHS view celebrity record", the only thing
surprising about this incident is that anyone should be surprised.
Ross Anderson, of the Cambridge University Computer laboratory,
pointed out the risks in 1995.
It would be interesting to know more about this incident -
including whether it actually occurred. The report was put in by
Primary Care Trust (PCT) but occurred in a hospital, and involved
50 staff accessing the patient record, the implication being that
many of these accesses were inappropriate, and that 50 staff
accessing the record was in excess of the usual number needing
access: in a complex case, 50 might be conservative.
Why is the PCT involved? I thought this sort of access by people
without a legitimate relationship was to be dealt with by the
employer, ie the hospital trust.
The story may well be true - vulgar curiosity (and worse
motives) exist - and controlling access in an environment where
there may be no time to authorise a legitimate relationship, such
as in a cardiac arrest, must be a nightmare, both organisationally
and technically, but it does not explain the PCT's involvement.
Keystroke security can help NHS secure
access
Steve Evans
Managing director,Letrex Holdings
I read with interest Tony Collins' article about unauthorised
NHS staff accessing the medical records of a celebrity
patient.
Collins' article highlights that doctors are sharing smartcards
to save time. I do not doubt this is true. Doctors are often
dealing with life or death situations and are under immense time
pressures. It is, therefore, the responsibility of technologists to
ensure that patient information is kept secure. The NHS needs to
implement additional layers of security that prevent information
from getting into the wrong hands.
Biometric technology, more specifically keystroke dynamics
analysis, is one simple way of achieving this. Keystroke dynamics
analysis prevents people from using borrowed log-in credentials. It
works by building up a profile of a person based on how they type.
Once an individual's unique pattern is identified only they will be
able to log in using their password. Anyone else attempting to use
their password will be denied.
By using this quick and effective method of logging-on, doctors
do not need to share smartcards audit trails will accurately
reflect who has been accessing information. In conjunction with
this, remote desktop management systems can enforce preset time-out
options that automatically log out of a system after two minutes of
inactivity. This prevents sensitive information from sitting idle
on a desktop if doctors are called away urgently and are unable to
log out themselves.
Auditing software can enable the doctor responsible for a
high-profile patient to lock that person's file and set strict
authorisation criteria, ensuring that only people working with that
patient can access information about them.
The NHS should take heed and implement these simple but
effective procedures, or we could see some embarrassing
lawsuits.
GCSE and A-level decline: the view of the
examiners
Peter Dawson
Director, ICT AQA
I am writing in response to news that
IT and GCSE entries are down.
Between 1995 and 2005 the entry rate for IT qualifications rose
substantially, by more than 200%. The apparent downturn in the 2007
entry needs to be seen within this longer term picture. AQA aims to
ensure that 2007 represents a temporary blip rather than the start
of a sustained decline.
General qualifications (GCSE and A-level) are currently
undergoing major revisions. Both higher education and the IT
industry have made significant contributions to the development of
AQA's new A-level IT specifications to ensure that they are
relevant to the needs of future practitioners and that they reflect
current views about key issues and best practices.
A new national (vocationally orientated) qualification, the
diploma, will be made available to students from 2008/09. IT will
be one of the first five lines of learning available here.
E-skills, the sector skills council representing the IT industry,
has played a hugely important role in the design and development of
this particular IT qualification. AQA will be working in
partnership with City & Guilds to launch a new suite of diploma
qualifications. IT will be one of the first offerings to be made by
this partnership.
All staff are happy to be poached at the right
price
Jonathan McColl
The advice from your
Strategy Clinic members on outsourcing suppliers poaching staff
was interesting on several levels.
"Poaching" is regarded by most gamekeepers as theft, but this
was not dwelt upon, nor was the trust issue in two companies
discussing the disposal of people and work. Two respondents said to
tie the potential thief to the contract, one said it was just life,
but the fourth suggested that if the staff were happy where they
were they would not be so open to being poached.
A long time ago only a few people joined companies expecting to
rise up ladders by changing employers, but today it is the norm,
and that is the employers' collective own fault.
I am getting an adequate salary (but would that it were bigger),
I can live in my chosen area and I am able both to contribute to
and gain from my current employer. When any of these factors
shrivels up (especially pay) I will be available to be poached. My
employer must value my presence so it will have to include that
value in two places: its contract with any outsourcing supplier and
its contract with me.