Feeds

Doctors forced to use Hotmail for confidential medical records

Why? Because of politics and nosey spooks

  • alert
  • submit to reddit

The Essential Guide to IT Transformation

Doctors, keen to benefit from the latest technological advances, are routinely using Hotmail accounts to send confidential patient information because of the bureaucracy and stalling of the NHS executive, we have learnt.

The depressing and worrying situation was uncovered after we spoke to a number of concerned doctors and IT specialists working within the health service and scoured an online GP-UK discussion forum.

The Hotmail accounts are the Net equivalent of writing patient details on a postcard rather than sealing them in a letter. However, many doctors use them because of the efforts being put into email access by the NHS.

The health service has its own firewall in the form of NHSnet, which ensures that no private information is leaked out to the wider Internet. However, because of confidentiality laws in this country, no patient details can be sent out unless secure from prying eyes (quite right too).

The problem lies with the continuing delays within the NHS and government over implementing a secure, ubiquitous system across the service. Battles are even being fought over the basic email system, let alone the security on top of it. Instead of just going with POP3 like everyone else and benefiting from the huge amount of software development in this area, fights from X.400 freaks keep breaking out.

The current EDIFACT system for patient details merely encodes data and is insufficient. However, encryption solutions have been years in coming and the NHS itself says its solution will only be ready by March 2002. It will then have to be rolled out all over the country. In the meantime, health staff are being discouraged from sending details even through NHSnet.

Why the maddening wait? Bureaucracy, politics and control-freakery. GCHQ has made it clear that it would like access to all accounts moving across the Internet - an apparently illegal desire, although you can't be sure with RIP legislation now in force. And it is being helped by the building of the NHS patient database. Doctors are strongly discouraged from using anything not officially sanctioned, but in-fighting and indecisiveness in the NHS executive has led to there being no solution at a all.

And while "solution" is a non sequitur in most IT situations (what was the problem?), it is very relevant here. The NHS is gearing up to modernise itself and the government is serious in its intention to do so. Doctors - especially GPs - have become increasingly aware of the advantages that email and the Internet bring them (mostly from their kids, it has to be said). Referrals under an efficient email system, for example, would save the health service thousands of work hours every month. It would lighten GPs workload, make consultants more efficient, allow a more effective management system etc etc etc. And this is before you even bring in patient interactivity.

So we currently have a situation where there is no solution but many doctors and managers are aware of the huge advantage of having one. This has led to a lot of resentment and a dangerous bypassing of even the NHS' system of security - the Hotmail accounts are a prime example. Why don't doctors and the like just use readily available encryption software, you ask. Mostly because the vast majority have no idea about such matters and aren't exposed to those that do. To get a wide usage of encryption software, it will have to be advertised from within the system.

One man has done precisely this with some free encryption software called ZeroClick. A CD with the software on is currently being distributed free with every copy of the drug database sent to doctors, but without a large push from within the service, it is extremely unlikely that health staff would even understand the possibilities behind the Internet and email, let alone how and why to include encryption software. This push is not being provided (even impeded in some cases) because the NHS executive is keen for control over one glorious all-encompassing system. Which is going backwards instead of forwards.

This is a very important issue if the NHS is to be modernised (you're only as fast as your slowest walker) and since the government has chosen to make it a political issue, one that requires much closer attention. We'll keep you informed. ®

Related Story

UK Govt throws £500m at NHS Net dream

HP ProLiant Gen8: Integrated lifecycle automation

More from The Register

next story
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
iPad? More like iFAD: We reveal why Apple fell into IBM's arms
But never fear fanbois, you're still lapping up iPhones, Macs
White? Male? You work in tech? Let us guess ... Twitter? We KNEW it!
Grim diversity numbers dumped alongside Facebook earnings
Bose says today IS F*** With Dre Day: Beats sued in patent battle
Music gear giant seeks some of that sweet, sweet Apple pie
HP, Microsoft prove it again: Big Business doesn't create jobs
SMEs get lip service - what they need is dinner at the Club
ITC: Seagate and LSI can infringe Realtek patents because Realtek isn't in the US
Land of the (get off scot) free, when it's a foreign owner
Amazon Reveals One Weird Trick: A Loss On Almost $20bn In Sales
Investors really hate it: Share price plunge as growth SLOWS in key AWS division
Dude, you're getting a Dell – with BITCOIN: IT giant slurps cryptocash
1. Buy PC with Bitcoin. 2. Mine more coins. 3. Goto step 1
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.