Your shout: why is the PCT involved in the records breach?

Viewers give their take on Computer Weekly's stories

Why is the PCT involved in the records breach?

Mary Hawking

In reference to "Warning as NHS view celebrity record", the only thing surprising about this incident is that anyone should be surprised. Ross Anderson, of the Cambridge University Computer laboratory, pointed out the risks in 1995.

It would be interesting to know more about this incident - including whether it actually occurred. The report was put in by Primary Care Trust (PCT) but occurred in a hospital, and involved 50 staff accessing the patient record, the implication being that many of these accesses were inappropriate, and that 50 staff accessing the record was in excess of the usual number needing access: in a complex case, 50 might be conservative.

Why is the PCT involved? I thought this sort of access by people without a legitimate relationship was to be dealt with by the employer, ie the hospital trust.

The story may well be true - vulgar curiosity (and worse motives) exist - and controlling access in an environment where there may be no time to authorise a legitimate relationship, such as in a cardiac arrest, must be a nightmare, both organisationally and technically, but it does not explain the PCT's involvement.

Keystroke security can help NHS secure access

Steve Evans

Managing director, Letrex Holdings

I read with interest Tony Collins' article about unauthorised NHS staff accessing the medical records of a celebrity patient.

Collins' article highlights that doctors are sharing smartcards to save time. I do not doubt this is true. Doctors are often dealing with life or death situations and are under immense time pressures. It is, therefore, the responsibility of technologists to ensure that patient information is kept secure. The NHS needs to implement additional layers of security that prevent information from getting into the wrong hands.

Biometric technology, more specifically keystroke dynamics analysis, is one simple way of achieving this. Keystroke dynamics analysis prevents people from using borrowed log-in credentials. It works by building up a profile of a person based on how they type. Once an individual's unique pattern is identified only they will be able to log in using their password. Anyone else attempting to use their password will be denied.

By using this quick and effective method of logging-on, doctors do not need to share smartcards audit trails will accurately reflect who has been accessing information. In conjunction with this, remote desktop management systems can enforce preset time-out options that automatically log out of a system after two minutes of inactivity. This prevents sensitive information from sitting idle on a desktop if doctors are called away urgently and are unable to log out themselves.

Auditing software can enable the doctor responsible for a high-profile patient to lock that person's file and set strict authorisation criteria, ensuring that only people working with that patient can access information about them.

The NHS should take heed and implement these simple but effective procedures, or we could see some embarrassing lawsuits.

GCSE and A-level decline: the view of the examiners

Peter Dawson

Director, ICT AQA

I am writing in response to news that IT and GCSE entries are down.

Between 1995 and 2005 the entry rate for IT qualifications rose substantially, by more than 200%. The apparent downturn in the 2007 entry needs to be seen within this longer term picture. AQA aims to ensure that 2007 represents a temporary blip rather than the start of a sustained decline.

General qualifications (GCSE and A-level) are currently undergoing major revisions. Both higher education and the IT industry have made significant contributions to the development of AQA's new A-level IT specifications to ensure that they are relevant to the needs of future practitioners and that they reflect current views about key issues and best practices.

A new national (vocationally orientated) qualification, the diploma, will be made available to students from 2008/09. IT will be one of the first five lines of learning available here. E-skills, the sector skills council representing the IT industry, has played a hugely important role in the design and development of this particular IT qualification. AQA will be working in partnership with City & Guilds to launch a new suite of diploma qualifications. IT will be one of the first offerings to be made by this partnership.

All staff are happy to be poached at the right price

Jonathan McColl

The advice from your Strategy Clinic members on outsourcing suppliers poaching staff was interesting on several levels.

"Poaching" is regarded by most gamekeepers as theft, but this was not dwelt upon, nor was the trust issue in two companies discussing the disposal of people and work. Two respondents said to tie the potential thief to the contract, one said it was just life, but the fourth suggested that if the staff were happy where they were they would not be so open to being poached.

A long time ago only a few people joined companies expecting to rise up ladders by changing employers, but today it is the norm, and that is the employers' collective own fault.

I am getting an adequate salary (but would that it were bigger), I can live in my chosen area and I am able both to contribute to and gain from my current employer. When any of these factors shrivels up (especially pay) I will be available to be poached. My employer must value my presence so it will have to include that value in two places: its contract with any outsourcing supplier and its contract with me.

Read more on IT risk management