Mary Wrote (in response to a suggestion of mine)
>, [log in to unmask] 
> writes
> 
> >Rather than encrypt the patient data, why not just encrypt the 
> >patient identity?   I appreciate that as you have steadily more data 
> >about a given patient, you have a steadily increasing probability of 
> >identifyint the patient, but if all the more obvious aspects such as 
> >name, address, NHS number (!!!), home phone number and the like were 
> >encrypted, the resulting system would make it quite difficult to 
> >identify whose records you were actually looking at.  
> 
> What about data trawling - and matching databases - * electronically* ?
> Suppose you have a relatively  uncommon condition?
> date of birth and postcode will identify you - if you have *ever* had
> time offf work for this...and the information is in the DHSS database..
> Seems to m this would give the worst of all poosible worlds - all the
> information needed to decide whether it's worth the effort of
> identifying the individual ... and precious little protection!

Please read the bit below:  there must be a strong system in place 
which ensures that only those with suitable authorisation can access 
the data.
>                                                                                                                                                      
> >This would be 
> >over and above the need to have got past whatever form of log on 
> >process you need to go through before gaining access to any records.
> 
> um .. data trawling and the "consultation" on Access to the NHS Tracing
> Service and Caldicott Guardians?
> We can impose a process in General Practices. if there was the will, it
> *might* be possible in some trusts.
I don't know what the proportion is, but I would guess that a VERY 
substantial fraction of the records that exist are in General 
Practice systems.  Now a typical GP set up has two imporatant 
properties

1     it is housed in a relatively compact location (or possibly 
spread over two or more locations, each of which is realtively 
compact).  It is therefore possible to make each location physically 
secure.

2	the staff of the practice (at all grades) know one another by 
sight, and almost certainly by name.

It is then possible (with training!) to ensure that strangers who are 
wandering about parts of the building(s) which have restricted access 
get challenged.  I know from experience that it is actually quite 
difficult to get staff to do this, but it can be done.  Provided that 
access to unencrypted data can only take place from edvices located 
in the building, and that any data going off-site is encrypted with 
the public key of the intended recipient, it will be quite difficult 
to carry out trawling of the kind Mary describes.   

Note that this implies some form of firewall between the Practice 
internal network and the rest of the world;  but the protected system 
(ie the system holding the patient records plus its local network is 
small).  I am not advocating an NHSNet style firewall round half the 
Universe.

Mike Wells

> Would *you* be confident if *your* records were involved?
> Don't trust "process" - we work in a caring (and trusting)
> organisation...
> Mary
If  by caring and trusting you mean the kind of thing I was 
describing, then the answer is 'Yes'.  It would after all be a big 
improvement on the sloppy control that is applied to paper records in 
at least some areas.

Mike Wells 
***************************************************
*     M. Wells                                    *
*     9 Hall Close                                *
*     Bramhope                                    *
*     Leeds LS16 9JQ                              *
***************************************************


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%