A few months ago I received some forms about conditions we had to fulfill prior to connection to the NHS net. We were supposed to sign these and return to an IT bod, somewhere at the regional HA.
(This took me by surprise as we had not asked to be connected!)
On reading the forms, I was struck by the fact that *we* at the surgery were seen as a possible threat to security.
My reaction was one of - hang on - which is most secure:
1) our small surgery with everyone working within a few yards of each other, strangers immediately spotted, everyone directly employed by us clinicians, confidentiality written into our contracts with staff, and breach of confidentiality being punishable by instant dismissal, and a strong ethos of integrity and responsibility,
or
2) the NHS at large with its million employees ???
When I wrote to the IT bod responsible expressing my reservations at allowing the NHS access to *our* confidential data, he seemed surprised. Apparently, noone had questioned him before about this.
--
Ruth Livingstone
http://www.stamford.co.uk/littlesurgery/
-----Original Message-----
From: Ewan Davis <[log in to unmask]>
To: [log in to unmask] <[log in to unmask]>
Date: 01 May 1998 19:37
<snip>
The security model applied to NHSNet is inappropriate seeking as it does to
provide security at the perimeter and assume all authorised user can be
trusted.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|