> From: Alan Cooper <[log in to unmask]>
> To: "(GP-UK, Distribution)" <[log in to unmask]>
> Subject: Select Committee report
> SELECT COMMITTEE ON
> SCIENCE AND TECHNOLOGY
>
> INFORMATION SOCIETY:
> AGENDA FOR ACTION IN THE UK
> CHAPTER 4 VIEWS OF WITNESSES
>. The Department of Health, whilst agreeing
> with the significance of this legal constraint, said that "the major
> barrier in many places is the willingness of hospitals to allow it
> to happen".
Eh ? I don't get this. Why are hospitals unwilling to let this
happen ? Also, why should hospitals be telling me how to run my
practice ?
> 4.97 One of the main concerns raised by the Royal College of Nursing
> (RCN) was security. The RCN said that the NHS needed to communicate
> with social services and the private sector and patient information
> would need to be transferred to these agencies. "However the
> standards within the NHS Wide Network do not apply to [these
> agencies]. The RCN is concerned that the same stringent standards
> must be applied ...."
> One of the problems identified was the lack of a formal approval
> process for software used throughout the NHS: as well as causing
> problems for compatibility this also raised concerns over whether
> data could be protected from corruption and unauthorised access. In
> addition, "the guidance issued by the Department of Health only
> considered the threat from external (to the NHS) unauthorised
> access" and the RCN said that there was also a risk from `internal'
> unauthorised access and use of patient information. The RCN called
> for encryption to be used ..... and suggested that it was a role of
> Government to provide a framework for security standards.
I thought they were trying , no ? Or is it the feeling generally
that the only security will be by keeping NHS net secure ? Surely,
with adequate encryption, the need for intranet security will be
lessened and, as has been pointed out, the real threat is from
internal sources. The code of connection says, if you want
to connect to NHS net you MUST disconnect from all other external
networks (the intenet, Compuserve, AOL etc). This will, surely, slow down the development of
NHS/Health services on the information highway, lead to zero
competition and restrict GPs (and others) from accessing all kinds of
other services. Encryption has to be the answer, not restrictive
practices.
> ..... The facility of GPs to book hospital
> appointments on-line would make life easier for all concerned, both
> patients and practitioners, and the Department of Health should set
> in place policy guidelines to encourage this. .... within a secure
> intranet system designed to ensure confidentiality.
With encryption ?
> 5.84 The standards applying to the security of health related
> information within the NHS Wide Network should apply equally to
> local authorities and the private sector.
>
So, already it is no longer NHS workers we want to not connect their
networks externally. Now the city councils and social work department
can't either. It will end up the whole planet can only connect to
NHSNet. Pipex will not be chuffed. :-)
Paul
Dr Paul Miller
Bridgeton Health Centre, Glasgow
http://users.colloquium.co.uk/~p_miller/index.htm
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|