 |
 |
> This plainly could have been anybody, not just a HA person, and so your > practice should have told them to 'XXXXX off' in no uncertain terms, Hear! Hear! (speaking as a patient) > If they didn't arrange it with you first, it shouldn't have happened. Even a phone call to arrange a meeting is not enough. Back in the days when I earned my living doing security consultancy for banks, one useful test I had was to ring up a branch and say `This is Ross Anderson here from the Security and Quality Assurance department. I'd like to come and check out your PCs. Would Monday afternoon be OK, or would Tuesday morning suit you better?' The 90% of bank branch managers who took the call at fact value and let me have unrestricted physical access to their equipment, without even calling back head office to verify, got a rocket. There really needs to be an authentication protocol in place here but why should the NHS Executive bother so long as HAs get away with pushing people around? Ross %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%