NHS database opt out

[My Real Name]

Quote:

Originally Posted by mree

Thank God - some common sense! I bet the people who opt out of this would be the first to sue when something happens which could've been prevented if they hadn't opted out.

You lose any credibility for your opinions by making absurdly facile claims like that.

Quote:

Originally Posted by mree

I'm sorry, but this is a load of b*llocks - NHS trusts conduct regular audits of who's accessed which records when, they are very good at spotting when someone's accessed a record without a valid reason, and I know of people who were sacked for doing this when our computerised records system first came in. For that reason (plus the fact that most NHS employess are, in fact, trustworthy), I have never come across anyone, on any ward I've worked on, accessing patient records out of anything other than clinical need.

Password sharing much?

Systems need to be designed with the assumption that people will break them. Not with the assumption that each and every user will follow arbitrary usage rules.

Your own personal experience may be one of honesty, trust and best practice, but this is often not replicated elsewhere.

Quote:

Originally Posted by mree

But hey, at least when someone's away from home, dying from an allergic reaction to a medication after an emergency admission to A&E, they can go on their way safe in the knowledge that at least their neighbour the nurse won't be able to read about it when doing her nightly snooping into his medical records!

Then it would be daft for someone with known allergies to opt out (if the allergies were unknown, it wouldn't make much of a difference), or not carry some form of notice of their allergies. Personal responsibility must still carry some weight, surely.

Extrapolating from your own experience, or from a limited straw man, does not refute the suggestion that people be given the choice to opt out of Spine / ECRs.

To address another fallacy posted above:

Information maintained by hospitals / GPs is local. There is accountability and control that cannot be replicated on a nationwide scale.

Of course any system is open to abuse. The larger the system, however, the larger the potential for abuse. Imagine if an insurance provider gained access to even a part of the database.

The Big Opt Out does not advocate that no such sharing should exist, but that individuals have the right to not participate.

It also highlights the dangers of vast, centralised, one-size-fits-all databases.

[MrShed]

Theres so much scaremongering on this thread!!

Yes, security breaches occur. But by that token, NO-ONE should hold ANY data on ANYONE. As part of a team who deals with IS security, it is very well known that security is a constant balancing act between restrictive security preventing functionality, and open security allowing functionality but allowing potential security breaches. If someone is determined enough though, they WILL access your data, no matter how strong the security.

To say everyone has access to everything is a complete fallacy - it will clearly be used in the way all business databases are administered - i.e. minimum access given only to those who require it. Yes, some people will share passwords, but this is minimal(irrespecitve of scaremongering that it is widespread), and generally will allow access to only a very small subset of the data.

On a seperate note, the accusation above about the NHS employing people requiring CRB checks before the checks are completed is, in my opinion, a very serious one, and I would suggest that the poster posts something to back up the allegation....otherwise, it is tantamount to libellous behaviour.

[My Real Name]

Quote:

Originally Posted by MrShed

Theres so much scaremongering on this thread!!

Not so much scaremongering, as challenging the premise for the database, and challenging the specifics of its implementation.

Simply calling those arguments scaremongering does nothing to refute them.

Quote:

Originally Posted by MrShed

Yes, security breaches occur. But by that token, NO-ONE should hold ANY data on ANYONE. As part of a team who deals with IS security, it is very well known that security is a constant balancing act between restrictive security preventing functionality, and open security allowing functionality but allowing potential security breaches.

Nobody is suggesting that no data be held. That's a scenario of your own design. The suggestion is that the data be held proportionately and accountably, and that individuals may exercise their right to not be included.

Quote:

Originally Posted by MrShed

If someone is determined enough though, they WILL access your data, no matter how strong the security.

And, as I pointed out, the wider the scope of the database, the wider the scope for abuse.

There will always be a trade off between security and functionality - However, the specification of the proposed database does not make adequate provision for security, a concern that is magnified by the sensitive nature of the information held.

If adequate security is not possible without punitive restrictions on functionality, the premise for the database is flawed. As part of a team who deals with IS security, you would know that, if a project has a fundamental flaw, it does not go ahead.

National IT schemes are, and have always been, ill conceived and poorly implemented. The costs notwithstanding, the string of IT related fubars over the past few years ought to be of concern.

Quote:

Originally Posted by MrShed

To say everyone has access to everything is a complete fallacy - it will clearly be used in the way all business databases are administered - i.e. minimum access given only to those who require it. Yes, some people will share passwords, but this is minimal(irrespecitve of scaremongering that it is widespread), and generally will allow access to only a very small subset of the data.

Widespread password sharing is a documented and known issue - suggesting otherwise is to ignore the abundant evidence. The existence of password sharing calls into doubt the reliability of any access audit.

[MrShed]

Quote:

Originally Posted by My Real Name

Nobody is suggesting that no data be held. That's a scenario of your own design. The suggestion is that the data be held proportionately and accountably, and that individuals may exercise their right to not be included.

You are not suggesting it, others in this thread are implying so.

[MrShed]

Quote:

Originally Posted by My Real Name

Widespread password sharing is a documented and known issue - suggesting otherwise is to ignore the abundant evidence. The existence of password sharing calls into doubt the reliability of any access audit.

Define "widespread". As a percentage, I think you will find it to be minimal.

[My Real Name]

Quote:

Originally Posted by MrShed

You are not suggesting it, others in this thread are implying so.

No - you are inferring so.

Quote:

Originally Posted by MrShed

Define "widespread". As a percentage, I think you will find it to be minimal.

I'm sure that you have as little access to a specific number as I do.

From the very first google result, however:

Quote:

The UK's largest NHS trust has discovered endemic sharing of passwords and log-in identifications by staff, recording 70,000 cases of "inappropriate access" to systems, including medical records, in one month.

That may be a small percentage, but is doesn't take more than one access to represent a breach. As part of a team who deals with IS security, you would know that breaches are not judged relatively.

[Madamfluff]

I have opted out and would like to make the following points

If I am unconcious with no ID and the hospital doesnt know if I am Jane Doe or sweet Fanny Adams whose notes will they access on the computer, so having my details on the spine wont help me will it?

If I have a specific allergy or problem I can wear an SOS necklace like thousands already do its called taken responsibility for my own health info

And for those of you with the nothing to hide nothing to fear mentality what happens when you arrive at a Hospital And E with say a broken nose and are suddenly surrounded by man in white coats asking if you have taken your medication as some low paid driod has inputted the wrong info on your computer records and you are down as a manic depressive with suicidal tendancies - try getting out of that ( and please dont tell me it wont happen - it will)

As for the poster who is embarrassed about having to give his details in front of everyone in a packed waiting room - er- you dont you tell them it is a breach of your medical confidentililty and insist that you are taken somewhere private - they have to do that I know I have done that countless times

Once it is all on computer then the large and very vocal federation of empolyers and insurers will insist in gaining access ( so if you are down as a manic depressive etc try getting a job or any insurance)

[flyingdoc]

As an ex A&E nurse I think that this system will be invaluable and totally agree with poppy... Many's the time that I have thought it would be a great idea not only to have such a database. but for individuals to be "chipped" so that when they come in comatose you can find out all about them and decide appropriate treatment quickly.

As a night manager I had occasion more than once to have words with some night staff who thought it acceptable to check the computer system for results for friends, family and neighbours and so I know that will go on also.

How would you like to be this girl,(The woman with a hairspray can up her bottom and the most incredible x rays in the world ever - mirror.co.uk )and have your med records available for all to see?

[poppynurse]

Perhaps instead of the proposed identity cards we could all be microchipped at birth....then we could be scanned on arrival at hospital and bingo our records would pop up....

[Sali]

My only concern with opting out is that the NHS will use this as an excuse if they are faced with the evidence that they made a mistake with patient care. In the case of my relative the notes were not read, so when she was re-admitted the 'new' consultant did not know what tests she had had previously and repeated them, but more seriously did not read the notes relating to a drug's toxicity. Will it be possible to query the computerised records against certain criteria and will the data be searchable I wonder. Having said that I have made the decision to opt out. I know enough about IT to worry that my data will not be safe in their hands. Just recently it seems my personal details - name, address, dob - were handed over by the Dept of Health to a company (Biotech if I recall correctly) who wrote to me asking if I'd like to take place in a clinical trial. I complained to the Information Commissioners Office, but they haven't even acknowledged by communication. If I ever were the victim of ID fraud how I would go about tracing the source would be anyone's guess!