I dare to comment on everything - as I agree to much of it, but would like to point out few bits... } Helpful extra: make available communications services which incorporate } the said standards and which can be bought by A or B. } } Another helpful extra: use the communication infrastructure to also offer } web stuff. That's exactly the right point - the right solution is not only to make the NHSNet internally compatible, but preferably also to use open standards - to avoid overwhelming costs in future. The current development is clear - it's the Internet which will drive it! Locking yourself with an "obsolete" communication platform is not a wise solution. } 2. Security and confidentiality related to communication is a worry. } Well, it's now being addressed. Leaving the major threat: dodgy practice } internal to each organisation. Privacy/confidentiality would be one thing, though essential, but safety and medico-legal issues are driving it anyway. If you start building the trust structure of your `secure' communication the wrong way, you might end up having a nicely locked house with all the bullet-proof equip., but might be not the only one having the duplicable keys to it. Working along a centralised trust structure as seems the current `flavour of the day' makes any idea of even some self-regulation of practitioners, privacy of information between doctor and the patient, and also non-repudiation of actions and authentication of information/source in a very shaken position, to be optimistic. Not speaking about professional bodies like GMC or UKCC losing any influence and control over future developments... Moreover, being able to authenticate information sources, then add ways to enforce accountability (audit, etc.) and you can point who-did-what within your domain-practice - then it's up to the administrative solution. The problem of the whole currnet concept of the NHSnet security is, that you'll waste money to ensure information against lower-level hackers, while anyone with sufficient resources can breach the `suggested' level of confidentiality, but - what's worse - hardly any contermeasures against threats of the internal breaches within the system. } 5. The NHSweb, being an intrAnet ring-fenceded by firewalls, is the } wrong approach. How else to safely get helpful web page stuff to the } clinical coalface? Once you have the basic trust structure and can actually rely on it, then using network like Internet with proxy-like solutions, digital signatures and encryption where necessary would seem the way I'd try to go. The costs saving when buying equipment developed for millions for an obsolete and almost-proprietary solution (to save investments of BT :-) ) would not be choice of mine. } PS I don't work for IMG and can't therefore speak for them. Scotland :-) Neither do I - but enjoy to see the "work" ;-) -- Vashek Matyas <[log in to unmask]> Computer Laboratory, New Museums Site, Pembroke Street, Cambridge, CB2 3QG, UK. Tel: +44 (0)1223 33 46 76 - Fax: +44 (0)1223 33 46 78 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%