Doctors forced to use Hotmail for confidential medical records
Why? Because of politics and nosey spooks
Doctors, keen to benefit from the latest technological advances, are routinely using Hotmail accounts to send confidential patient information because of the bureaucracy and stalling of the NHS executive, we have learnt.
The depressing and worrying situation was uncovered after we spoke to a number of concerned doctors and IT specialists working within the health service and scoured an online GP-UK discussion forum.
The Hotmail accounts are the Net equivalent of writing patient details on a postcard rather than sealing them in a letter. However, many doctors use them because of the efforts being put into email access by the NHS.
The health service has its own firewall in the form of NHSnet, which ensures that no private information is leaked out to the wider Internet. However, because of confidentiality laws in this country, no patient details can be sent out unless secure from prying eyes (quite right too).
The problem lies with the continuing delays within the NHS and government over implementing a secure, ubiquitous system across the service. Battles are even being fought over the basic email system, let alone the security on top of it. Instead of just going with POP3 like everyone else and benefiting from the huge amount of software development in this area, fights from X.400 freaks keep breaking out.
The current EDIFACT system for patient details merely encodes data and is insufficient. However, encryption solutions have been years in coming and the NHS itself says its solution will only be ready by March 2002. It will then have to be rolled out all over the country. In the meantime, health staff are being discouraged from sending details even through NHSnet.
Why the maddening wait? Bureaucracy, politics and control-freakery. GCHQ has made it clear that it would like access to all accounts moving across the Internet - an apparently illegal desire, although you can't be sure with RIP legislation now in force. And it is being helped by the building of the NHS patient database. Doctors are strongly discouraged from using anything not officially sanctioned, but in-fighting and indecisiveness in the NHS executive has led to there being no solution at a all.
And while "solution" is a non sequitur in most IT situations (what was the problem?), it is very relevant here. The NHS is gearing up to modernise itself and the government is serious in its intention to do so. Doctors - especially GPs - have become increasingly aware of the advantages that email and the Internet bring them (mostly from their kids, it has to be said). Referrals under an efficient email system, for example, would save the health service thousands of work hours every month. It would lighten GPs workload, make consultants more efficient, allow a more effective management system etc etc etc. And this is before you even bring in patient interactivity.
So we currently have a situation where there is no solution but many doctors and managers are aware of the huge advantage of having one. This has led to a lot of resentment and a dangerous bypassing of even the NHS' system of security - the Hotmail accounts are a prime example. Why don't doctors and the like just use readily available encryption software, you ask. Mostly because the vast majority have no idea about such matters and aren't exposed to those that do. To get a wide usage of encryption software, it will have to be advertised from within the system.
One man has done precisely this with some free encryption software called ZeroClick. A CD with the software on is currently being distributed free with every copy of the drug database sent to doctors, but without a large push from within the service, it is extremely unlikely that health staff would even understand the possibilities behind the Internet and email, let alone how and why to include encryption software. This push is not being provided (even impeded in some cases) because the NHS executive is keen for control over one glorious all-encompassing system. Which is going backwards instead of forwards.
This is a very important issue if the NHS is to be modernised (you're only as fast as your slowest walker) and since the government has chosen to make it a political issue, one that requires much closer attention. We'll keep you informed. ®
Sponsored: Customer Identity and Access Management