The NHS Summarry care record

[TW]Fox;16389705 said:
No, there won't be. Because of the way it works, there is absolutely no way for a thief to access SCR via a laptop left on a train. You can't do it - the better security you've been waiting for is here.

There is no logical reason to opt out, in my opinion.
Click to expand...

Yup, famous last words :) I remember when the the chip and pin terminals were 100% uncrackable. 1024 bit encryption was unbeatable and my council files were unreadable because it was in DB format.

I work for a company connected to RSA and even if the security i've been waiting for was here don't bet on the NHS using it or having it up and running day 1. Common rule with new systems - they don't really go secure until their first few public mishaps then someone pays attention.

How are these concerns any different to the paper based data that already exists and gets posted around in the most inefficient way possible?
Click to expand...

Once on the DB it can obtained be without a patient being informed, ‘in the public interest’.

Sure, they could do that now but there is a paper trail when they do it formally. I feel on the centralised DB they can find any excuse to do so. The potential for snooping is increased massively and I have no idea who will have one of the smart cards.

My details go from being available to the right people to available quickly to a wide range of people.

There's no way this huge DB can be policed well - at least not to start with.
 
Vanilla said:
Common rule with new systems - they don't really go secure until their first few public mishaps then someone pays attention.
Click to expand...

This is true for new systems where security is usually an afterthought (which is most of them imo). However because of the sensitive nature of this project and the political ramifications of security failures, security has been engineered into the system from the outset. I confidently predict that there will be no lost data associated with this project.
 
I'll agree with Halfmad here, I work in IT for the NHS as well and again all SCR records are typed up in house, accessed via a smartcard and only viewable on a terminal linked to our network....There is the option to use a VPN connection and dial in from home to check these records but once again any connection into any clinical software is accessed via a smartcard/pass code combination and now with all the laptops we issue encrypted the system is pretty secure......for now. So unless really paranoid i cant see much of an issue with opt in for this. In the long term it means less hassle for yourself.
 
scorza said:
This is true for new systems where security is usually an afterthought (which is most of them imo). However because of the sensitive nature of this project and the political ramifications of security failures, security has been engineered into the system from the outset. I confidently predict that there will be no lost data associated with this project.
Click to expand...

Sorry, but I disagree so completely due to hard earned experience. There's always some level of protection and even when it's the number 1 thing on the list (like with ALL banks - 'protecting your information is our top priority') it's never enough and the list of mishaps over the years from the government, bank, institutions is staggering. These were all systems designed with security in mind because losing data is the most embarassing thing that can happen to a company. In America they have to notify people if their data has been lost or stolen but it still happens with alarming regularity.

I work for a company that has pretty much the worlds best known security company in its portfolio and I see it first hand all the time!! There is no way such a large DB with so many user having access will be secure which is why when I have the choice i'll just opt out!
 
Vanilla said:
I work for a company connected to RSA and even if the security i've been waiting for was here don't bet on the NHS using it or having it up and running day 1. Common rule with new systems - they don't really go secure until their first few public mishaps then someone pays attention.
Click to expand...

Except that those "first few public mishaps" have already happened - just not in SCR.

Given the ease with which existing records get lost, never to be seen again, I'll certainly be in. I don't even particularly care if anyone sees my records anyway - I'd rather they had access at the time of need than not. In fact, I wouldn't be surprised if what's in the SCR isn't that different from what insurance companies can get access to already.

Far more important things to worry about than whether someone knows what medication I'm on, my height, weight and blood pressure, etc.
 
Vanilla said:
There is no way such a large DB with so many user having access will be secure which is why when I have the choice i'll just opt out!
Click to expand...

Infact this is probably very true so i may retract my earlier statement of the system is secure....The system may be, now the users on the other hand....
 
Vanilla said:
Sorry, but I disagree so completely due to hard earned experience. There's always some level of protection and even when it's the number 1 thing on the list (like with ALL banks - 'protecting your information is our top priority') it's never enough and the list of mishaps over the years from the government, bank, institutions is staggering. These were all systems designed with security in mind because losing data is the most embarassing thing that can happen to a company. In America they have to notify people if their data has been lost or stolen but it still happens with alarming regularity.
Click to expand...

Sorry but I disagree due to my hard earned experience. Don't mistake the lip service that banks (and other companies/governments) pay to security with the very real need for security to be built in to this system from the outset.

I've worked on projects (private and public sector) where the only consideration to data security is a security plan, which is produced only because our QA system says we have to have one, and then it is promptly forgotten about by everyone except for audit time when there's a mad panic (and yet somehow the auditors never find anything significant).
 
scorza said:
Sorry but I disagree due to my hard earned experience. Don't mistake the lip service that banks (and other companies/governments) pay to security with the very real need for security to be built in to this system from the outset.

I've worked on projects (private and public sector) where the only consideration to data security is a security plan, which is produced only because our QA system says we have to have one, and then it is promptly forgotten about by everyone except for audit time when there's a mad panic (and yet somehow the auditors never find anything significant).
Click to expand...

Sounds like those projects where they get so wound up on security they forget what they're supposed to be implementing ;)
 
[TW]Fox;16388253 said:
Why would you possibly want to opt out of this service? It is completely secure and requires a smart card, which will ONLY work on certain terminals, and a passcode, in order for a member of staff to access it.

It means wherever you go for treatment, staff can access your records to ensure you receive the best possible care for whatever is wrong with you.

Opting out just seems so utterly pointless and conspiracy theorist like.
Click to expand...

i agree
 
Vanilla said:
Yes, in the other huge DB, NHS chip and pin, terminal accessed systems such as....?

We learn from mistakes but new systems present new issues
Click to expand...

Anyone who suggests chip and pin is secure needs to stop smoking. The chips themselves may be secure, but the terminals definitely aren't and never were. All the security breaches I've heard off have involved the terminals.

As for DB security, that's simply down to ineptitude. Decrypted copies of databases should not be accessible to anyone - ever. Remove that threat and the worst that can happen is - guess what - back to the terminal.

NHS terminals are far different from the cheap chip and pin terminals manufacturered by the lowest bidder. In fact, they're almost certainly just regular PCs (in a closed system). Smart card systems have been proven secure for years (just ask your RSA friends).
 
[TW]Fox;16388253 said:
Why would you possibly want to opt out of this service? It is completely secure and requires a smart card, which will ONLY work on certain terminals, and a passcode, in order for a member of staff to access it.

It means wherever you go for treatment, staff can access your records to ensure you receive the best possible care for whatever is wrong with you.

Opting out just seems so utterly pointless and conspiracy theorist like.
Click to expand...

cymatty said:
I hope the people who opt out don't receive a drug in an emergency which disagrees with them.
Click to expand...

AmTechFox said:
Summary record is only between your local PCT / Hospital and your GP?

Whats the problem? Eventually it'll be accessible anywhere in the UK which is good is it not?
Click to expand...

I have a list of medical conditions as long as my arm and for at least one of them I am receiving very specialist treatment from via consultant. There have been times when I've needed treatment from a doctor that isn't my usual and it has been a nightmare. I know more about the drugs and my condition than they did. At least if they had access to my records they could see what treatments I'm on or have been on or what they really should NOT be giving me...

There are a lot of things on my record I don't want Joe Public seeing but a medical professional is just fine by me.
 
platinum87 said:
I dont see why anyone should care about people looking at their medical records?
Click to expand...

If by people you mean medical professionals with the correct training to understand data security then I don't have a problem either.

If by people you mean potential employers, banks etc. then I can totally understand why people wouldn't want those records available.
 
I would be more concerned about the NHS selling all our personal medical data if the medical records they keep didn't have so many mistakes. :D

I keep my own personal medical records because there are so many mistakes in my medical records it's unreal, I've read letters that the doctors have sent to one another about my treatment and history and some of them almost seem like they've been written about another person.
 
[TW]Fox;16388253 said:
Why would you possibly want to opt out of this service? It is completely secure and requires a smart card, which will ONLY work on certain terminals, and a passcode, in order for a member of staff to access it.
Click to expand...


Just ask Barclays about how secure we are ;)

I've opted out.
 
VoG said:
stick to your guns & opt out again, otherwise, they will no doubt rationalise your lack of reply as a change of mind & opt you back in, as is ukgovs wont when it comes to such things.
Click to expand...

If you have opted out, it should have been added to your records. This should mean that if you don't reply, it still counts you as opted out. I am pretty sure that it is an information leaflet and an opt out letter so if you have not opted out before, you can do so now. We got told that this is for people who do not normally go to their doctors.

The system, as said before, is indeed smart carded, and everyone who accesses the system needs one.

Edit: Holy thread revival batman.
 
Last edited:
You must log in or register to reply here.
Back
Top Bottom