Feeds

Doctors forced to use Hotmail for confidential medical records

Why? Because of politics and nosey spooks

  • alert
  • submit to reddit

Top three mobile application threats

Doctors, keen to benefit from the latest technological advances, are routinely using Hotmail accounts to send confidential patient information because of the bureaucracy and stalling of the NHS executive, we have learnt.

The depressing and worrying situation was uncovered after we spoke to a number of concerned doctors and IT specialists working within the health service and scoured an online GP-UK discussion forum.

The Hotmail accounts are the Net equivalent of writing patient details on a postcard rather than sealing them in a letter. However, many doctors use them because of the efforts being put into email access by the NHS.

The health service has its own firewall in the form of NHSnet, which ensures that no private information is leaked out to the wider Internet. However, because of confidentiality laws in this country, no patient details can be sent out unless secure from prying eyes (quite right too).

The problem lies with the continuing delays within the NHS and government over implementing a secure, ubiquitous system across the service. Battles are even being fought over the basic email system, let alone the security on top of it. Instead of just going with POP3 like everyone else and benefiting from the huge amount of software development in this area, fights from X.400 freaks keep breaking out.

The current EDIFACT system for patient details merely encodes data and is insufficient. However, encryption solutions have been years in coming and the NHS itself says its solution will only be ready by March 2002. It will then have to be rolled out all over the country. In the meantime, health staff are being discouraged from sending details even through NHSnet.

Why the maddening wait? Bureaucracy, politics and control-freakery. GCHQ has made it clear that it would like access to all accounts moving across the Internet - an apparently illegal desire, although you can't be sure with RIP legislation now in force. And it is being helped by the building of the NHS patient database. Doctors are strongly discouraged from using anything not officially sanctioned, but in-fighting and indecisiveness in the NHS executive has led to there being no solution at a all.

And while "solution" is a non sequitur in most IT situations (what was the problem?), it is very relevant here. The NHS is gearing up to modernise itself and the government is serious in its intention to do so. Doctors - especially GPs - have become increasingly aware of the advantages that email and the Internet bring them (mostly from their kids, it has to be said). Referrals under an efficient email system, for example, would save the health service thousands of work hours every month. It would lighten GPs workload, make consultants more efficient, allow a more effective management system etc etc etc. And this is before you even bring in patient interactivity.

So we currently have a situation where there is no solution but many doctors and managers are aware of the huge advantage of having one. This has led to a lot of resentment and a dangerous bypassing of even the NHS' system of security - the Hotmail accounts are a prime example. Why don't doctors and the like just use readily available encryption software, you ask. Mostly because the vast majority have no idea about such matters and aren't exposed to those that do. To get a wide usage of encryption software, it will have to be advertised from within the system.

One man has done precisely this with some free encryption software called ZeroClick. A CD with the software on is currently being distributed free with every copy of the drug database sent to doctors, but without a large push from within the service, it is extremely unlikely that health staff would even understand the possibilities behind the Internet and email, let alone how and why to include encryption software. This push is not being provided (even impeded in some cases) because the NHS executive is keen for control over one glorious all-encompassing system. Which is going backwards instead of forwards.

This is a very important issue if the NHS is to be modernised (you're only as fast as your slowest walker) and since the government has chosen to make it a political issue, one that requires much closer attention. We'll keep you informed. ®

Related Story

UK Govt throws £500m at NHS Net dream

Top three mobile application threats

More from The Register

next story
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
Sorry London, Europe's top tech city is Munich
New 'Atlas of ICT Activity' finds innovation isn't happening at Silicon Roundabout
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
It may be ILLEGAL to run Heartbleed health checks – IT lawyer
Do the right thing, earn up to 10 years in clink
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.