NHS IT Systems / Grievance / Verifying Integrity of emails and documents

[papasmurf1cx]

Hi hope someone out there can help and answer a query.

 

Briefly, my wife is sick having been bullied. She is being asked to change her contract. She works permanent nights because she is a carer to me and her mother. We have both serious disabilities. There has been a very lengthy grievance where we believe the Trust have forged emails and documents. We even know the file names of some of these.

 

The Trust have consistently refused to disclose a verifiable audit trail of the said documents, presumably because it will prove their criminality. Even the IT people have said that a verifiable audit trail is not possible when I know that NHS guidelines say these type of records are kept just so to prove the integrity of electronically made documents and that it is possible through the NHS Business Authority.

 

The matter has progressed to an Employment Tribunal for discrimination and victimisation.

 

What I want to know is the technicalities of how IT departments go about obtaining, searching and verifying data trails for emails and attachments to them and also what is technically possible? For example is it possible to show up the amendments, additions, deletions of a document from its creation, and by whom, to say printing? I believe the original document in one of the incidents was rightly created by a junior member of staff, sent to a senior manager, changed and printed and sent to us. I am confident that the changes were made because I recorded to grievance (permission given) and the two transcripts do not match up.

 

Thanks.

[supasnooper]

All e-mail messages are stored by the NHS on their mail servers which are backed up daily, weekly, monthly, six monthly and yearly.

Also, information logs of any access to a specific e-mail message or account are held, retained and backed up.

 

Remember, as the NHS are subject to many threats of legal litigation on various fronts, their IT systems must be legally compliant to BS BIP 0008 standard.

 

Send your dysfunctional NHS Trust a Subject Access Request specifying what documentation you require, supplying dates if you can.

They have 40 days to comply from the date of receiving your request.

 

Unfortunately, a Subject Access Request costs £10.00

[papasmurf1cx]

Supasnooper

 

Thanks for this. I am aware of their legal duties under the FOIA. I did this many months ago but they just ignore it. They say I am vexatious, which is not the case. After they said this there was a request to provide them with specific requests, which I complied with and hitherto documents were disclosed which had previously been hidden, so much for being vexatious!!

 

They did disclose policies (and I found info on the web on official government sites to back it up too) that told me of the daily, weekly etc back ups. They say that they cannot disclose as even their archives have had the information deleted!!

 

The reality is that they don't want to disclose because it would have disastrous repercussions. But I need to be able to counter their statements and prise it from them. Any ideas?

 

In any event FOI holds no worries to them, the Information Commissioner is a toothless tiger.

[diamondgirl]

I would do as above.

Have you got someone representing you with this case if you have they should b e helping you sort this out.

We had an employee who took the co. I work for to a tribual and she got help from ACAS on her case who did all the chasing for her.

 

DG

[papasmurf1cx]

Hi diamondgirl

 

Thanks for this. We do have legal representation. We are approaching the discovery phase but the Respondent's are playing hard to get and have attacked the procedure. There is a new procedure that is called Judicial Mediation and if the parties go to JM then Tribunal proceedings potentially are stayed pending the medication.

 

The tactic they have used to date is to delay (for months in a legal delaying way and by barefaced lying directly before solicitors were involved) just to get to JM. If it goes to JM they will try and negotiate out but without disclosing the documents that will prove how bad they are. Hence my desire to know as much about how they can access the material.

 

Our lawyers are good, but like all lawyers they don't tell you much until they have to. (And in my experience even then they can manipulate you to what they want eg an easy settlement!!)

 

ACAS............ never returned any of our calls!!

[supasnooper]

Send off the SAR for what you want. (£10.00 cost)

 

If they do not comply, send them a 7 day Letter Before Action.

 

If they still do not respond, then take them to court for compliance as a Judge will issue an order for them to comply and possible damages. (£30.00 cost)

 

Keep building up the evidence.

[Sali]

So, the incident(s) were recorded accurately by a junior member of staff, but later forwarded and changed by a senior member of staff following your grievance? Can we ask what the incident was? If I reported an incident at work (I do not work in the NHS) I would do so in writing and I would expect to receive a response confirming receipt.

 

If you know the document or email title, creation date, the creator and the type of document attachment (for example Word) and maybe a string of words in the body of the original document, you should specify this in your request. Knowing who the email and attachment were sent to, and an approximate date would also narrow down the search and make finding the email easier. I do not know what the back-up policy for holding data is within the NHS. I worked for a govt establishment where it was one year. They should be open about this policy.

 

It will be a difficult one for the IT dept though and will be very time-consuming. However, they are obliged to make the effort. Auditing is specific to people/groups/depts and events otherwise the system would just slow to a crawl and run out of space mor frequently.

 

I agree, the ICO are pretty rubbish for the individual's complaints.

[supasnooper]

I must say that I am rather disturbed that you are legally represented; and are looking here for advice.

 

If I was paying for legal advice, I'd be having a very sharp word in their ear.

 

I'm not being harsh; I am not legally qualified but I'm applying common sense.

 

I think you need to have a cards on the table discussion with your legal team to see if they know what they are doing ...................it's your cash they are taking from your wallet .......and your partners future at stake here.

[papasmurf1cx]

Sali.... can't be too specific as this is a public forum and detailing the events may identify it and that is not in our interests at the present. However I can say that one of the documents in question is very easily identifiable as the actual screen print out was produced by the creator in a botched attempt at pacifying us. That provided all the file names except the one that was actually sent to us which was not on the list, hence we know it must have been changed. They actually admit partially that it was changed but still will not release it.

 

Another document we know has been altered because I recorded the proceedings, with permission, and the Trust notes inexplicably have pages of dialogue missing that in no way could have been done accidentally, by mistake, or otherwise. Needless to say the missing notes damage their case.

 

We feel that this is not a case of them not being able to disclose, but one of not wanting to. Very specific information has been given to enable emails and documents to be found. Their policy is standard to all government departments and is published on the net. They know it.

 

Supasnooper........ thanks for your concern. The problem is not our legal reps. They have done a very good job. Ticking them off would only alienate them to us. They can only proceed in accordance with legal protocols and discovery has yet to be done. They actually haven't tried to obtain these documents under the tribunal rules. I am sure they will be up to the task once that occurs.

 

The Trust have employed top notch solicitors and are wasting public money in defence of the indefensible. I think the basic problem is that if they disclose under FOI or DPA then they are done for... I believe a series of criminal offences will emerge and if that happens quite a few careers will be ruined. So they lie to us and sit on the evidence. At discovery they will have to release the documents and verification or else be in contempt. However I fear they will just want to pay compensation and sit on them still.

 

They were desperate for mediation but that does not seem to be going to happen now so they will have to prepare for trial, which they don't want. What they do want is for us to just go away, which we won't.

 

Your concerns would be very welcome if they were rightly directed to ones who were not up to the task and who had sought legal advice, but in our experience one needs to be ahead of the game not let the lawyers direct you. That way one can ensure they too are doing their jobs, which they are. I am seeking information just to ensure I have not missed anything and forums such as these do provide that....and I for one is very grateful for that eg above the info on British Standards is something I had missed and now ties down a series of questions that they will now have to face. Plugging the legal gaps can only help our case and make it more difficult for the Trust to slip through the legal net.

 

All comments welcome, we are not big headed enough to assume we know it all. Thanks to all.

[borisbeaver]

How did you report the incident. Was it via some web application like Datix/PRISM/Safeguard etc. If so, all changes to the details on the incident are logged as this is a legal record under HASAW

[drpellypo]

It all depends on what the document is, and how it has been created/edited as boris says. Emails, are as has been mentioned, backed up daily, however, if an email is sent, then immediately deleted, before the backup, there is no trace of it held. If the document was a word document, it would all depend on where it was stored. If it was stored on a secure server, that would have been backed up, and say the document was changed between day 1 backup and day 2 backup, there would be evidence to prove the change. However, if the document was merely saved on a local hard drive, this would be almost impossible to audit trail. Whilst the NHS does have extensive measures in place to make sure there are audit trails, it all depends on staff using the correct systems. If they have not done this (saved to a local disk for instance) it makes the audi trail next to impossible.

[Sali]

Even if an email were deleted immediately after send, its recovery would depend upon the type of email being used and the configuration on the server.

[My Real Name]

And the logging levels being used on the server.