Feeds

Doctors forced to use Hotmail for confidential medical records

Why? Because of politics and nosey spooks

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

Doctors, keen to benefit from the latest technological advances, are routinely using Hotmail accounts to send confidential patient information because of the bureaucracy and stalling of the NHS executive, we have learnt.

The depressing and worrying situation was uncovered after we spoke to a number of concerned doctors and IT specialists working within the health service and scoured an online GP-UK discussion forum.

The Hotmail accounts are the Net equivalent of writing patient details on a postcard rather than sealing them in a letter. However, many doctors use them because of the efforts being put into email access by the NHS.

The health service has its own firewall in the form of NHSnet, which ensures that no private information is leaked out to the wider Internet. However, because of confidentiality laws in this country, no patient details can be sent out unless secure from prying eyes (quite right too).

The problem lies with the continuing delays within the NHS and government over implementing a secure, ubiquitous system across the service. Battles are even being fought over the basic email system, let alone the security on top of it. Instead of just going with POP3 like everyone else and benefiting from the huge amount of software development in this area, fights from X.400 freaks keep breaking out.

The current EDIFACT system for patient details merely encodes data and is insufficient. However, encryption solutions have been years in coming and the NHS itself says its solution will only be ready by March 2002. It will then have to be rolled out all over the country. In the meantime, health staff are being discouraged from sending details even through NHSnet.

Why the maddening wait? Bureaucracy, politics and control-freakery. GCHQ has made it clear that it would like access to all accounts moving across the Internet - an apparently illegal desire, although you can't be sure with RIP legislation now in force. And it is being helped by the building of the NHS patient database. Doctors are strongly discouraged from using anything not officially sanctioned, but in-fighting and indecisiveness in the NHS executive has led to there being no solution at a all.

And while "solution" is a non sequitur in most IT situations (what was the problem?), it is very relevant here. The NHS is gearing up to modernise itself and the government is serious in its intention to do so. Doctors - especially GPs - have become increasingly aware of the advantages that email and the Internet bring them (mostly from their kids, it has to be said). Referrals under an efficient email system, for example, would save the health service thousands of work hours every month. It would lighten GPs workload, make consultants more efficient, allow a more effective management system etc etc etc. And this is before you even bring in patient interactivity.

So we currently have a situation where there is no solution but many doctors and managers are aware of the huge advantage of having one. This has led to a lot of resentment and a dangerous bypassing of even the NHS' system of security - the Hotmail accounts are a prime example. Why don't doctors and the like just use readily available encryption software, you ask. Mostly because the vast majority have no idea about such matters and aren't exposed to those that do. To get a wide usage of encryption software, it will have to be advertised from within the system.

One man has done precisely this with some free encryption software called ZeroClick. A CD with the software on is currently being distributed free with every copy of the drug database sent to doctors, but without a large push from within the service, it is extremely unlikely that health staff would even understand the possibilities behind the Internet and email, let alone how and why to include encryption software. This push is not being provided (even impeded in some cases) because the NHS executive is keen for control over one glorious all-encompassing system. Which is going backwards instead of forwards.

This is a very important issue if the NHS is to be modernised (you're only as fast as your slowest walker) and since the government has chosen to make it a political issue, one that requires much closer attention. We'll keep you informed. ®

Related Story

UK Govt throws £500m at NHS Net dream

Security for virtualized datacentres

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Apple CEO Tim Cook: TV is TERRIBLE and stuck in the 1970s
The iKing thinks telly is far too fiddly and ugly – basically, iTunes
Huawei ditches new Windows Phone mobe plans, blames poor sales
Giganto mobe firm slams door shut on Microsoft. OH DEAR
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Show us your Five-Eyes SECRETS says Privacy International
Refusal to disclose GCHQ canteen menus and prices triggers Euro Human Rights Court action
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.