Monday, 24 December 2007

Yet more personal details lost by the UK State, this time the NHS

You really can’t trust these cretins with your data.

The Department of Health has now admitted they have lost data pertaining to 168,000 people!

Unable to look after the data they have they are planning a single giant database of 50 million patients.

The scope for loss on that will be so much more spectacular, but then they don’t really care if they loose it or if someone else can use it – as long as they have access to every detail of every citizen.

Then let's not forget the National ID Database these authoritarian incompetents are so desperate to force on the citizen.

And what a perfect time to bury bad news, when everyone is busy rushing around trying to think if they have everything they need for Christmas guests and the family. Chasing last minute presents… too busy to pay attention to the news?


Louis said...

To be fair, having worked in the NHS and having dealt with data, the database of 50 million people may help prevent this happening in future. The problem with the NHS is that at the moment none of the systems talk to each other. If they could all link into a central database, you would not have to send data through the post.

However, the NHS is such a big organisation that whether such a system can be delivered, particularly by the state, is another question entirely.

Phil A said...

Louis, Re: “the database of 50 million people may help prevent this happening”.

From where I am sitting such a database would merely give more scope for the leaking and/or loss of details.

Your argument would appear to have as it’s logical extension a national compulsory database containing everything the state wants to know about every citizen, shared throughout all organs of the state, including Quangos and contractors.

Much of the problem with these databases is that very low level clerks can access far too much sensitive information. The potential this has for identity theft, if their integrity is in any way compromised is enormous.

I agree the state is unlikely to be able to deliver such a system. I do not think it is it’s legitimate business to even attempt it.

Louis said...

I agree with much of what you are saying, but you have got to understand the reasons behind the data issues that have recently been publicised.

The government is asking for a lot of data so it can check its targets and find out where money is being spent in the public services and potentially reallocate this. They are doing this with systems that in the NHS for example were designed long before such targets were ever dreamt of. Indeed, at Sandwell Hospital until a month ago they were using a DOS-based patient administration system, and there is no way that even windows based systems can monitor the 18 week referral to treatment target because there has never been the need to match a referral to an inpatient episode before. Ignoring arguments about whether this is the best way to deliver healthcare, it is sensible therefore on a national basis to deliver a IT solution which will meet the needs of the Government and the health service which will as part of the package be more secure. In the new database, you will need a smart card with specific restricted permissions to get on, and an audit trail of every viewing will come as standard. This is a lot more secure than what we have at the moment, and should prevent low level clerks and for that matter nosy consultants accessing unnecessary information.

I agree there is an uncomfortable extension of this argument into a national ID database, which is why I believe the government should go back to its original plan to allow people to opt out of this database.

Phil A said...

Louis, Explicit personal details are not needed to monitor a referral to treatment target, or most other targets.

It is also questionable weather such targets actually achieve anything worthwhile. An unfortunate effect of targets, in the NHS or Education or Policing is that they tend to result in anything, including important things, that are not being measured falling by the wayside, introducing distortions in what is being measured and the temptation to ‘fiddle’ the figures that are being measured.

Quite frankly I do not believe the State should be allowed to retain personal data (excepting possibly details of convicted felons) without explicit permission. The automatic presumption should be that they may not retain traceable personal data.

The problem with the NHS data is simply one more example of why the State should not be permitted to retain such data. The real concerns about access to data are as much in the future plans the state has for sharing such data and just how unlimited access to it is likely to be, if they have their way.

Louis said...

I have confused issues slightly here, I was just pointing out how out of date the current IT systems in the NHS are.

The database will contain all medical records related to visits within the NHS. Currently these are held at paper at individual surgeries/ hospitals and take up a lot of space. In hospitals, notes can often go missing, creating potential clinical risks. If you change your GP, notes have to be posted (hopefully securely)from one surgery to another. It seems amazingly out of date for the 21st century, and I guess we have to ask which will create more risk, a central database with all the details on it that can be accessed from any computer with the proper permissions, or the mountains of paper that are currently being stored in NHS buildings around the country often duplicating the same information.

I guess my position is that if you accept that the state should provide healthcare (I do not necessarily) then you need to accept that when you register with a doctor there will be some sort of records held about you, either electronically or manually. It also makes sense to me that transmission of such data between medical experts should be made as efficient and as safe as possible.
So in a sense, I believe registering with a GP is implicit permission to store your data in any way they see fit - but there must be an option to opt out for those with concerns.

Having said all that, I totally understand opposition to such a complicated project given the way the Government has handled data previously. Although such a project is aimed to be part of the solution, it can also make the problems worse. There also needs to be safeguards that this data will not be used in any way other than the way it is used at the moment.

Phil A said...

Louis, I do not believe the State should be in the business of providing health care. They have amply demonstrated that they are not competent to do so. I have no strong objection to them providing health insurance, but not health care.

I do not object to my GP keeping records on me, either in paper, or electronic form. I do not object to them sharing relevant information, on request, with another medical practitioner - if I have specifically agreed to it, or am not in a position to agree it due to incapacity, but would reasonably be likely to do so.

Registering with a GP implies permission for the GP to hold the data, not the State. I believe my GP is the appropriate person and level for any medical data to be held, in confidence - It is no business of the State in the form of the NHS.