SPINE not thanks

1 view
Skip to first unread message

anthony

unread,
Nov 21, 2006, 8:20:08 AM11/21/06
to
I wanted to make some effort towards preventing my personal medical details
being uploaded on the new NHS computer. Anybody on this group already
started taking steps? If so please let me know what you think is a good
course of action. Thanks

Peter Crosland

unread,
Nov 21, 2006, 11:40:13 AM11/21/06
to

On what basis do you think you are going to have the legal right to do so?

Peter Crosland

Dr Zoidberg

unread,
Nov 21, 2006, 12:20:08 PM11/21/06
to
And out of interest , why would you not want to?

--
Alex

"I laugh in the face of danger. Then I hide until it goes away"

www.drzoidberg.co.uk www.ebayfaq.co.uk

Peter Crosland

unread,
Nov 21, 2006, 12:50:07 PM11/21/06
to
Dr Zoidberg wrote:
> Peter Crosland wrote:
>>> I wanted to make some effort towards preventing my personal medical
>>> details being uploaded on the new NHS computer. Anybody on this
>>> group already started taking steps? If so please let me know what
>>> you think is a good course of action. Thanks
>>
>> On what basis do you think you are going to have the legal right to
>> do so?
>>
> And out of interest , why would you not want to?

Probably worried about his paranoia becoming public knowledge!

Peter Crosland

Stuart A. Bronstein

unread,
Nov 21, 2006, 1:20:05 PM11/21/06
to

Just because he's be paranoid doesn't mean someone's not out to get
him.

Stu

GB

unread,
Nov 21, 2006, 1:30:08 PM11/21/06
to

"Stuart A. Bronstein" <spam...@lexregia.com> wrote in message
news:Xns988268661E032sp...@130.133.1.4...

>
> Just because he's be paranoid doesn't mean someone's not out to get
> him.
>
> Stu

Thallium Sulphate is in the news at the moment as the poison of choice.


Alex Heney

unread,
Nov 21, 2006, 5:30:05 PM11/21/06
to

The only way of realistically avoiding that or similar is to emigrate
to a country without an NHS.

You have absolutely no rights whatsoever to prevent your details being
loaded on that computer, so long as you are a resident of the UK.
--
Alex Heney, Global Villager
Next time you wave at me, use more than one finger, please.
To reply by email, my address is alexATheneyDOTplusDOTcom

anthony

unread,
Nov 21, 2006, 2:45:43 PM11/21/06
to

"GB" <NotSo...@microsoft.com> wrote in message
news:IqKdnR3lBtq_2P7Y...@bt.com...
>Oh well, judging by the comments so far from this newsgroup I might as well
>un suscribe. Goodbye.

Periander

unread,
Nov 21, 2006, 5:05:04 PM11/21/06
to
"GB" <NotSo...@microsoft.com> wrote in news:IqKdnR3lBtq_
2P7YnZ2dnU...@bt.com:

Gosh, what a lot of helpful replies, so unlike uk.legal where the OP
would have the s*** ripped out of him for a post like that.

I find it interesting that NHS doctors share the OPs concerns (as do I)
as reported here yesterday http://news.bbc.co.uk/1/hi/health/6167924.stm

I can also envisage a whole host of ways in which the database could be
misused, for instance imagine the following mailshot through your door
...

Dear Mrs Bloggs,
We understand that you are clinically obese – well don’t worry our new
wonder drug at only £300 a month can make you look like a real person
again.

Or
Dear Mrs Bloggs,
We understand your husband isn’t satisfying you bedwise any more, our
new super Viagra will put some lead in his pencil ...

The old private dick looking for evidence of adultery, slips his contact
a few quid and lo and behold it turns out that in 2004 Mr Smith visited
the clap clinic.

The vengeful parent looking to tip the odds in a custody battle finds
out that partner suffered from clinical depression 8 years ago.

So good on the doctors for highlighting their concerns and meanwhile
perhaps someone who’s in the know could take a stab at answering the
question?

--
Regards or otherwise,

Periander

Steve

unread,
Nov 21, 2006, 5:25:02 PM11/21/06
to

I wouldn't worry, I work on the NHS spine project and it's pretty tight!
I know mistakes will happen but no more than ur card folder's contents
being stolen, copied or laughed at....

it could save ur life, the benefits outweigh etc...

The Todal

unread,
Nov 21, 2006, 6:50:03 PM11/21/06
to

"anthony" <anthony...@ukonline.co.uk> wrote in message
news:4-Sdnck-u-U...@bt.com...

I doubt if there is anything you can do other than add your voice to the
many who are complaining. You probably have no legal right to do anything
about it.

Michael Hoffman

unread,
Nov 21, 2006, 6:55:02 PM11/21/06
to
Periander wrote:

> The old private dick looking for evidence of adultery, slips his contact
> a few quid and lo and behold it turns out that in 2004 Mr Smith visited
> the clap clinic.

Yes, it has already been established recently that private investigators
are quite good at getting information out of big databases that lots of
people have access to.

> So good on the doctors for highlighting their concerns and meanwhile
> perhaps someone who’s in the know could take a stab at answering the
> question?

The question was "Anybody on this group already started taking steps?

If so please let me know what you think is a good course of action."

The answer is that no one is so far willing to say that they are doing
this, and there might not be a good course of action.

Chris Lawrence

unread,
Nov 21, 2006, 8:30:04 PM11/21/06
to
On Tue, 21 Nov 2006, Periander wrote:

> I can also envisage a whole host of ways in which the database could be
> misused, for instance imagine the following mailshot through your door

I can envisage a whole host of ways that everything can be misused.
The SPINE doesn't work the way you described, but it is a very popular
paranoid tabloid view. However perception is an important part of the
overall usage of the system, so such fears will need to be addressed
regardless. I hope this happens before any minor glitch gives the
tabloids a field day.

--
Chris

Harry the Horse

unread,
Nov 21, 2006, 8:00:09 PM11/21/06
to
"Steve" <stek...@mac.comns> wrote in message
news:R4CdnQ7itcx...@giganews.com...
No doubt all true, but why should the decision not be the patient's. If he
wants to be a paranoid old grouch, in your estimation, why should he not be
permitted to be so. Perhaps we are forgetting whose money is financing this
project.


Gorf

unread,
Nov 21, 2006, 10:00:11 PM11/21/06
to
Periander wrote:
...

> I can also envisage a whole host of ways in which the database could be
> misused, for instance imagine the following mailshot through your door

I get a cartload of junk mail based on the postcode for where I live.
Why would it be so bad to receive junk mail based on something a bit
more targeted like my medical history?

I'm not being funny. I get junk mail for broadband and mobile phone
services that I already subscribe to! It's such a waste.

Not that I'd get the "impotence" once, of course...


GB

unread,
Nov 22, 2006, 11:10:06 AM11/22/06
to

"Harry the Horse" <HarryAtT...@hotmail.com> wrote in message
news:116415691...@iris.uk.clara.net...

>>
>> it could save ur life, the benefits outweigh etc...
>>
> No doubt all true, but why should the decision not be the patient's. If
> he
> wants to be a paranoid old grouch, in your estimation, why should he not
> be
> permitted to be so.

Because it will cost an arm and a leg to do it and make the system less
useful. It will require a parallel system of paper records to be kept purely
to satisfy some peoples' whims.


> Perhaps we are forgetting whose money is financing this
> project.
>

Mine, and I want it spent cost-effectively please - or at least as
cost-effectively as the NHS can manage.


David Hearn

unread,
Nov 22, 2006, 6:15:21 AM11/22/06
to

So, what is to stop someone in the medical profession looking of a
colleague, relative or friend's medical records?

I'm aware of the logging of accesses and the use of smartcards to
identify the user - however that does nothing to stop the information
being viewed in the first place, it's only really useful for finding out
who may have accessed the information following a complaint - and the
patient may never know about it to complain!

I know at present you're pretty much limited to accessing the records
held by the surgery or hospital and not accessible outside of that as
they're all separate the information is limited.

For example, currently it's pretty easy to check up a friend's (on their
request) blood results. Often far easier than contacting your surgery,
and you get the actual values and not just told "everything's okay" -
which is often what people in the medical profession prefer as they
whether they're borderline or fine etc.

However, it's limited to people working at the hospital where the bloods
were processed.

In future with this new database, I believe it'll be just as possible to
do it across the whole country, thus greatly increasing the opportunity
for this to happen.

Similarly with GP surgeries. I've heard of receptionists who've been
told off for looking at the records of family members registered at
their surgery. For this reason, I know people who refuse to work for
the surgery they're registered at, to stop colleagues from being able to
find out about their medical conditions and history.

I can see the benefits of this new database, however, many many patients
do not need their information shared as it isn't related to saving their
life. Why does someone in A&E dealing with the injuries of a car crash
need to know that 5 years ago they were treated for a STD, or
depression. Yes, if they have a major heart condition, or similar - put
that on the central database (with their permission and full knowledge)
- but some of the more personal, embarassing and non-critical conditions
aren't necessary.

All it'll take is for one high profile front bench MP's embarassing
medical details to be made public and I'm sure MPs support will start to
turn.

D

Ian Stirling

unread,
Nov 22, 2006, 9:30:11 AM11/22/06
to

Ok...

If I was a rapist, I'd quite like to get a list of girls >12 <20, with a
history of assorted mental health problems, a nominal BMI, and no
history of STIs.

If I was a burglar, I'd like to know about OAPs, who are on 'care in the
community', and have had treatment in private hospitals.

Or people living alone, going into private hospital for a stay of
several days.

Or cases where a family has private health insurance, and has gone to
the doctor for immunisations for far off places.

If I was a vigilante, I might want people who've been in secure
hospitals.

If I was an identity thief, I'd like details of people who are
'confused'.

If you get access to medical records, you can read a hell of a lot
between the lines.


David J

unread,
Nov 22, 2006, 11:10:18 AM11/22/06
to
On Tue, 21 Nov 2006 23:50:03 +0000, "The Todal" <deadm...@beeb.net>
wrote:

When I recently asked my NHS Medical clinic to let me have a look
through my medical records, I was rebuked and told:

"These are not YOUR medical records - they are OURS!


a...@b.invalid

unread,
Nov 22, 2006, 2:50:03 PM11/22/06
to
> I wouldn't worry, I work on the NHS spine project and it's pretty tight!

You mean as tight as the PNC? Or the Met's payroll?

> I know mistakes will happen but no more than ur card folder's contents
> being stolen, copied or laughed at....

Do you have any evidence to back this statement up? I'd say it's almost
inevitable that the database will leak, if it hasn't already done so.

rob...@invalid.invalid

unread,
Nov 22, 2006, 3:20:08 PM11/22/06
to
On Wed, 22 Nov 2006 16:10:18 +0000, David J <da...@btelecom.invalid>
wrote:

If a patient wishes to exclude certain medical related information
from being held on the NHS wide system ( if it ever get going
properly), they should be fully aware that the treatment they receive
especially in an emergency may be compromised or delayed.

Robert
Robert

Nick

unread,
Nov 22, 2006, 4:10:05 PM11/22/06
to

"Ian Stirling" <ro...@mauve.demon.co.uk> wrote in message
news:45645cfe$0$8742$ed26...@ptn-nntp-reader02.plus.net...

Today I saw a banner at the side of a shopping street with an ad for GCSE
tuition in Maths (I think) at £5 per hour which just gave a mobile phone
number. I thought that it seemed a fairly good way for someone to make
contact with boys/girls in their late teens.

What sort of standard would be the teaching be at £5 per hour - even if it
were in a class?

Nick

Nick

unread,
Nov 22, 2006, 5:10:13 PM11/22/06
to

"GB" <NotSo...@microsoft.com> wrote in message
news:5I2dnTHwc6t56PnY...@bt.com...

And if the information is not there with the patient when they have that op
it might literally cost them the wrong arm or the wrong leg.

Nick

Nick

unread,
Nov 22, 2006, 5:15:07 PM11/22/06
to

"David Hearn" <da...@NOswampieSPAM.org.uk> wrote in message
news:4sippaF...@mid.individual.net...

Seems pretty sensible.

I have worked in PCT's in London and many of the female employees live
locally so that they can combine working with school runs etc.

When I was FoI Officer there was a request for information about our policy
on gender reassignment (sex change). This clearly was relevant to the person
making the request.

When I showed the request to a colleague before she saw the nature of the
request she observed that she knew the requester as working for the local
council.

Where people work and live in the same area such situations must frequently
arise.

My response to that was to keep requests under lock and key and not record
on the Intranet the identity of the individual making the request.

If this is a problem in London, where I live and work, in rural areas and
islands this must be even more of a problem.

See http://www.bma.org.uk/ap.nsf/Content/ncrsguidance for the BMA's take on
this.

Nick

Nick

unread,
Nov 22, 2006, 3:55:04 PM11/22/06
to

"David J" <da...@btelecom.invalid> wrote in message
news:dat8m2t132ja96m9f...@4ax.com...

I think that they are right in terms of ownership - although the practice
manager must be a pedant.

See "Guidance for Access to Health Records Requests under the Data
Protection Act 1998"

http://www.dh.gov.uk/assetRoot/04/03/51/94/04035194.pdf

which says:

"Original health records should not be given to patients to keep/take to a
new
GP outside the UK. The DH recommends that original patient health records
should not be sent to patients or their authorised representative because of
the potential detriment to patients should the records be lost and for
medicolegal
purposes."

The current standard for NHS records management is at:

http://www.dh.gov.uk/PublicationsAndStatistics/Publications/PublicationsPolicyAndGuidance/PublicationsPolicyAndGuidanceArticle/fs/en?CONTENT_ID=4131747&chk=tMmN39

(http://preview.tinyurl.com/hzlnt)

Nick

Periander

unread,
Nov 22, 2006, 5:05:04 PM11/22/06
to
Steve <stek...@mac.comns> wrote in
news:R4CdnQ7itcx...@giganews.com:

...


>>
>
> I wouldn't worry, I work on the NHS spine project and it's pretty

> tight! ...

So is PNC, CRIS, CRIMINT, MERLIN, CAD/CHS and a shed load of other systems
national and local but nevertheless they can be made to leak like a sieve.

It only needs one corrupt user in the right place and every single security
protocol/system is rendered useless. In a national system of this size,
complexity and type there will be thousands of "right places" and thousands
of potentially corrupt users.

Sorry and I don’t mean any disrespect at all but your blithe assurances are
unconvincing.

Harry the Horse

unread,
Nov 22, 2006, 5:15:05 PM11/22/06
to
"GB" <NotSo...@microsoft.com> wrote in message
news:5I2dnTHwc6t56PnY...@bt.com...
>
> "Harry the Horse" <HarryAtT...@hotmail.com> wrote in message
> news:116415691...@iris.uk.clara.net...
>>>
>>> it could save ur life, the benefits outweigh etc...
>>>
>> No doubt all true, but why should the decision not be the patient's. If
>> he
>> wants to be a paranoid old grouch, in your estimation, why should he not
>> be
>> permitted to be so.
>
> Because it will cost an arm and a leg to do it and make the system less
> useful. It will require a parallel system of paper records to be kept
> purely
> to satisfy some peoples' whims.
>
It is not a whim. It is a requirement. It's the patient's data.

>> Perhaps we are forgetting whose money is financing this
>> project.
>
> Mine, and I want it spent cost-effectively please - or at least as
> cost-effectively as the NHS can manage.
>

It's mine as well, and to spend it to preserve choice is an acceptable
reason.

a...@b.invalid

unread,
Nov 22, 2006, 5:25:03 PM11/22/06
to
>>> Perhaps we are forgetting whose money is financing this
>>> project.
>>>
>> Mine, and I want it spent cost-effectively please - or at least as
>> cost-effectively as the NHS can manage.

Is 30 billion pounds is cost effective?

> And if the information is not there with the patient when they have that op
> it might literally cost them the wrong arm or the wrong leg.

Would you care to suggest a scenario in which this might happen?

Steve Walker

unread,
Nov 22, 2006, 5:50:04 PM11/22/06
to
Alex Heney wrote:
> On Tue, 21 Nov 2006 13:20:08 +0000, "anthony"
> <anthony...@ukonline.co.uk> wrote:
>
>> I wanted to make some effort towards preventing my personal medical
>> details being uploaded on the new NHS computer. Anybody on this
>> group already started taking steps? If so please let me know what
>> you think is a good course of action. Thanks
>>
>>
>
> The only way of realistically avoiding that or similar is to emigrate
> to a country without an NHS.
>
> You have absolutely no rights whatsoever.....

Seems to cover it nicely. :o(

Harry the Horse

unread,
Nov 22, 2006, 5:20:16 PM11/22/06
to
"Nick" <tulse0...@yahoo.co.uk> wrote in message
news:Y_CdnVxp2q7cV_nY...@bt.com...

>
>
> And if the information is not there with the patient when they have that
> op
> it might literally cost them the wrong arm or the wrong leg.
>
Which of course is their look out. Perhaps this country could grow up and
allow people to be responsible for their own choices and not make those
choices for them.

Periander

unread,
Nov 22, 2006, 5:25:03 PM11/22/06
to
Chris Lawrence <new...@holosys.co.uk.invalid> wrote in
news:Pine.WNT.4.64.06...@holodeck3.holosys.wlan:

> On Tue, 21 Nov 2006, Periander wrote:
>
>> I can also envisage a whole host of ways in which the database could
>> be misused, for instance imagine the following mailshot through your
>> door
>
> I can envisage a whole host of ways that everything can be misused.
> The SPINE doesn't work the way you described, but it is a very popular
> paranoid tabloid view.

That’s quite a sophisticated ab hominem and certainly one up on the
catch 22 quote heard earlier in this thread, well done. Well I’m sorry
to inform you that it matters not how Spine is designed to work it’s how
it can be abused that is relevant.

There are dozens if not hundreds of supposedly secure systems in use up
and down the country, banks, police, various government departments all
have been misused, all continue to be misused and there is no prospect
of preventing misuse.

It is not even as though Spine is required (at least in the way it is
envisioned), I make no bones about it, I am not connected to the health
service but nevertheless I access peoples medical records often without
their knowledge (quite legitimately I hasten to add) on a very regular
basis, I have no trouble getting anything and everything I ask for. I
have no doubt at all that a doctor or a health worker has even less
difficulty then me in obtaining records - and feeding back information
as and when they need to.

Under the current system abuse is far more difficult - although granted
still possible then it will be under Spine. To abuse the current system
a local record holder has to be subverted and as the vast majority of
record holders are honest there is no guarantee that a potential abuser
could subvert a person in the right place. Under a national system it
doesn’t matter where the corrupt user is situated providing their access
level is sufficient. A good analogy in the national PNC system a corrupt
user in Cornwall can access records associated with anywhere in England,
Scotland, Wales or Northern Island. Indeed there is evidence that this
is done on a not to irregular basis.

> However perception is an important part of the
> overall usage of the system, so such fears will need to be addressed
> regardless.

A sentiment that I agree with, however it is very suggestive of
everything nu-labour ... don’t worry about what’s actually happening,
work on the perception, appearance taking on the role of substance. I
fear that although I do agree with your sentiment I suspect that your
view is to improve appearance rather than improve substance.

Periander

unread,
Nov 22, 2006, 5:25:11 PM11/22/06
to
"Nick" <tulse0...@yahoo.co.uk> wrote in
news:Y_CdnVxp2q7cV_nY...@bt.com:

...


>>
>> Mine, and I want it spent cost-effectively please - or at least as
>> cost-effectively as the NHS can manage.
>
> And if the information is not there with the patient when they have
> that op it might literally cost them the wrong arm or the wrong leg.

I understand that our surgeons now use a felt tip pen (bought at great
public expence). "X" marks the spot so to speak. I fail to see how a
computer record will assist in this instance.

Harry the Horse

unread,
Nov 22, 2006, 5:30:07 PM11/22/06
to
"Nick" <tulse0...@yahoo.co.uk> wrote in message
news:XM-dnUCMler3JPnY...@bt.com...

>
> Today I saw a banner at the side of a shopping street with an ad for GCSE
> tuition in Maths (I think) at £5 per hour which just gave a mobile phone
> number. I thought that it seemed a fairly good way for someone to make
> contact with boys/girls in their late teens.
>
> What sort of standard would be the teaching be at £5 per hour - even if it
> were in a class?
>
Pretty poor, I should think. In 1988 I was doing home tutition in
mathematics, mostly A level, and I charged £20 per hour and got it.

Steve Walker

unread,
Nov 22, 2006, 5:55:03 PM11/22/06
to
Chris Lawrence wrote:
> On Tue, 21 Nov 2006, Periander wrote:
>
>> I can also envisage a whole host of ways in which the database could
>> be misused, for instance imagine the following mailshot through your
>> door
>
> I can envisage a whole host of ways that everything can be misused.
> The SPINE doesn't work the way you described, but it is a very popular
> paranoid tabloid view.

When you say "it doesn't work like that", please bear in mind that any
reasonably talented programmer/hacker could easily make it do so. There
will be hundreds of reasonably talented techs employed to maintain SPINE,
and it's mathematically inevitable that some will be corrupt or greedy. PNC
is an obvious comparison.

Derek Geldard

unread,
Nov 22, 2006, 6:35:04 PM11/22/06
to
On Tue, 21 Nov 2006 22:25:02 +0000, Steve <stek...@mac.comns> wrote:

>anthony wrote:
>> I wanted to make some effort towards preventing my personal medical details
>> being uploaded on the new NHS computer. Anybody on this group already
>> started taking steps? If so please let me know what you think is a good
>> course of action. Thanks
>>
>>
>>
>
>I wouldn't worry, I work on the NHS spine project and it's pretty tight!

Minor credibility issue ...

GBP 2 Billion >>

GBP 6 Billion >>

GBP 14 Billion >>

GBP 20 Billion >>

+ Now they say "That's just the infrastructure cost, naturally the
hospitals will have their costs, they'll have to do their bit." >>

GBP 30 Billion >>

Computer Industry commentators reckon it'll run to GBP 50 Billion, if
the project ever gets finished. (The Department of Work and Pensions
Project didn't.)

Meanwhile Isoft loses £245 million in 1 year, share value falls 50%,
and the NHS fondly thinks they'll charge them penalty payments.

Accenture walks away from the project and gets "forgiven" GBP 1
Billion in penalty payments (Why ? BTW).

If it was a moonshot project the NHS would be lucky to get the Light
programme on it.

Apart from that it's not too bad...

>I know mistakes will happen but no more than ur card folder's contents
>being stolen, copied or laughed at....
>
>it could save ur life, the benefits outweigh etc...
>

:)

They said the same thing about the Titanic.

DG


Richard Oliver

unread,
Nov 23, 2006, 3:50:05 AM11/23/06
to
David Hearn wrote:

> So, what is to stop someone in the medical profession looking of a
> colleague, relative or friend's medical records?

Very little - my wife worked in Pathology until recently (too ill to
work at the moment). They would get samples to test with the full
patient name/HNS ID details (rather than some "sequence number" per
sample). I asked why it was necessary to actually know the patient name
- since if the sample showed signs of cancer it show signs of cancer
etc. and was marked as such and the results returned to the Consultant.

She told me that they can then lookup the patient's other records to see
if there was any other relevant medical data they could use to help
assess a case. She has argued that this is very important. However she
could be given a system that allows her to see that data without
actually identifying the patient name etc.

So she can have access to rather more data than she needs, identified by
name/address etc. This includes access to such mundane data as home
telephone number but a full medical history. This works for patient
data on the system held for the region she works in (probably upwards of
6 million NHS records) directly. She can also access other systems if
she needs.

If SPINE directly or indirectly provides the same data, with the same
access controls that are already in place for trusted NHS employees then
the potential for inappropriate access to patient data is enormous.

Of course my wife is honest - but there are large numbers of agency
staff employed who will have access to this kind of system - many are
from other EU Countries where I doubt the CRB style checks are
effective. Anyway a CRB check isn't much help and if dishonest people
sell PNC data then the SPINE system will suffer the same way.

I am pro-SPINE as long as fewer NHS staff are given access to full
patient data records - that would include my wife - who is beginning to
see my side of the argument. After all she has been in hospital for
seven months, the very same hospital she worked at!

The Todal

unread,
Nov 23, 2006, 7:30:10 AM11/23/06
to

"David J" <da...@btelecom.invalid> wrote in message
news:dat8m2t132ja96m9f...@4ax.com...

Not a problem. Just say "Okay, I'd like to look through YOUR medical records
relating to ME. Better?" And if they quibble and complain, you can print
out bits of this web page and show them. And if necessary complain to the
Information Commissioner.

http://tinyurl.com/n2qsf

Stuart A. Bronstein

unread,
Nov 23, 2006, 1:35:02 PM11/23/06
to
Periander <4rub...@britwar.co.uk> wrote:
> "Nick" <tulse0...@yahoo.co.uk> wrote

>>>
>>> Mine, and I want it spent cost-effectively please - or at least
>>> as cost-effectively as the NHS can manage.
>>
>> And if the information is not there with the patient when they
>> have that op it might literally cost them the wrong arm or the
>> wrong leg.
>
> I understand that our surgeons now use a felt tip pen (bought at
> great public expence). "X" marks the spot so to speak. I fail to
> see how a computer record will assist in this instance.

That kind of thing has happened in the US - due to unclear handwriting
or too brief a glance at a chart, one patient is confused for another.
Computerizing records, along with computer-readable identification
bracelets will help avoid that kind of problem.

Stu

David Hearn

unread,
Nov 24, 2006, 6:00:14 AM11/24/06
to

So computerising records helps avoid mistakes?

So that explains how my wife's outpatients visit ended up being logged
into another woman's records who had a similar name, location and
medical history?

No amount of computerisation or automation will remove human error.
Something as simple as checking a date of birth or postcode was ignored
and thus a similar sounding patient had my wife's records added to hers.
All the information was displayed on the screen - so easy for them to
check. I only noticed when the practitioner left the room with the list
of patients on the screen with this other one highlighted did I notice
and notify them.

Had I not noticed, this other lady (of practically the same age etc)
would have had wrong medical details, and my wife's visit wouldn't have
been on her file.

Humans can always find, without trying, a way to break an idiot proof
system.

D

Alex Heney

unread,
Nov 24, 2006, 9:15:05 AM11/24/06
to
On Fri, 24 Nov 2006 11:00:14 +0000, David Hearn
<da...@NOswampieSPAM.org.uk> wrote:

>Stuart A. Bronstein wrote:
>> Periander <4rub...@britwar.co.uk> wrote:
>>> "Nick" <tulse0...@yahoo.co.uk> wrote
>>>>> Mine, and I want it spent cost-effectively please - or at least
>>>>> as cost-effectively as the NHS can manage.
>>>> And if the information is not there with the patient when they
>>>> have that op it might literally cost them the wrong arm or the
>>>> wrong leg.
>>> I understand that our surgeons now use a felt tip pen (bought at
>>> great public expence). "X" marks the spot so to speak. I fail to
>>> see how a computer record will assist in this instance.
>>
>> That kind of thing has happened in the US - due to unclear handwriting
>> or too brief a glance at a chart, one patient is confused for another.
>> Computerizing records, along with computer-readable identification
>> bracelets will help avoid that kind of problem.
>>
>> Stu
>
>So computerising records helps avoid mistakes?
>

Yes.


>So that explains how my wife's outpatients visit ended up being logged
>into another woman's records who had a similar name, location and
>medical history?
>

Of course not.

>No amount of computerisation or automation will remove human error.

That does.


>Something as simple as checking a date of birth or postcode was ignored
>and thus a similar sounding patient had my wife's records added to hers.
> All the information was displayed on the screen - so easy for them to
>check. I only noticed when the practitioner left the room with the list
>of patients on the screen with this other one highlighted did I notice
>and notify them.
>
>Had I not noticed, this other lady (of practically the same age etc)
>would have had wrong medical details, and my wife's visit wouldn't have
>been on her file.
>
>Humans can always find, without trying, a way to break an idiot proof
>system.

Indeed.

But a properly written computer system will significantly *reduce*
such occurrences.

Nobody is saying it will eliminate them. At least nobody who knows the
slightest thing about computers will be saying that.
--
Alex Heney, Global Villager
Space is an illusion, disk space doubly so.
To reply by email, my address is alexATheneyDOTplusDOTcom

Steve Walker

unread,
Nov 24, 2006, 9:55:04 AM11/24/06
to

I'd still prefer to place my trust in the felt-tip pen

Stuart A. Bronstein

unread,
Nov 24, 2006, 12:20:09 PM11/24/06
to
David Hearn <da...@NOswampieSPAM.org.uk> wrote:

> Humans can always find, without trying, a way to break an idiot
> proof system.

As someone once said, never underestimate the creativity of stupidity.

Stu

Periander

unread,
Nov 25, 2006, 6:30:05 AM11/25/06
to
Alex Heney <m...@privacy.net> wrote in
news:9utdm2hb5kc0ri994...@4ax.com:

...


>
> But a properly written computer system will significantly *reduce*
> such occurrences.
>
> Nobody is saying it will eliminate them. At least nobody who knows the
> slightest thing about computers will be saying that.

Perhaps it would be more accurate to suggest that computers spread errors
more quickly than any other system known to man and that once an error has
been introduced to a computerised system it is far more difficult to locate
and set right?

--
Regards,

Periander

Alex Heney

unread,
Nov 25, 2006, 6:40:04 PM11/25/06
to
On Sat, 25 Nov 2006 11:30:05 +0000, Periander <4rub...@britwar.co.uk>
wrote:

No, that would not be accurate at all.


--
Alex Heney, Global Villager

Plagiarism prohibited, derive carefully.

m...@privacy.net

unread,
Nov 25, 2006, 5:55:02 PM11/25/06
to
On Tue, 21 Nov 2006 13:20:08 +0000, "anthony"
<anthony...@ukonline.co.uk> wrote:

>I wanted to make some effort towards preventing my personal medical details
>being uploaded on the new NHS computer. Anybody on this group already
>started taking steps? If so please let me know what you think is a good
>course of action. Thanks
>
>


I see that one of the companies responsible for the design and hence
security of the system (Logicamcg) has recently had its own web pages
hacked, and also was the company responsible for the loss of the Met
Police salary information.
Your medical records will be totally safe!!

Steve

unread,
Nov 25, 2006, 8:40:05 PM11/25/06
to

Of course I can't give any assurances and what u say is true.

We're working on future releases of the SPINE, most of us are
experienced computer guys if not hackers and it really is hard to break
in. Not impossible but I can't really think of a purely brute-force way,
it would have to be a serious breach led from a person in high
authority, like a smartcard admin for example.

I'm not so computer centric to say it's fool proof but it's not much
different than someone breaking into the docs safe under the paper
system and reading the records, there is only so far you can go.

From a personal POV i don't really care who reads my medical file, it's
no more embarrassing than my credit file...

BTW, Alex, glad to see ur hemeroids are on the mend, and which one of
you has the had two foot penis reduction? Oh, sorry, that was me....

Steve

Richard Oliver

unread,
Nov 26, 2006, 7:10:05 AM11/26/06
to
Steve wrote:

> BTW, Alex, glad to see ur hemeroids are on the mend, and which one of

> you has the had two foot * reduction? Oh, sorry, that was me....

Good to see moderation at work.

Ian Stirling

unread,
Nov 26, 2006, 8:05:08 AM11/26/06
to
Steve <stek1...@spam.mac.com> wrote:
> Periander wrote:
>> Steve <stek...@mac.comns> wrote in
>> news:R4CdnQ7itcx...@giganews.com:
>>
>> ...
>>> I wouldn't worry, I work on the NHS spine project and it's pretty
>>> tight! ...
>>
>> So is PNC, CRIS, CRIMINT, MERLIN, CAD/CHS and a shed load of other systems
>> national and local but nevertheless they can be made to leak like a sieve.
<snip>

> We're working on future releases of the SPINE, most of us are
> experienced computer guys if not hackers and it really is hard to break
> in. Not impossible but I can't really think of a purely brute-force way,
> it would have to be a serious breach led from a person in high
> authority, like a smartcard admin for example.
>
> I'm not so computer centric to say it's fool proof but it's not much
> different than someone breaking into the docs safe under the paper
> system and reading the records, there is only so far you can go.

The difference is that you cannot copy the docs safe contents in minutes, and
walk out with them under your arm.

At the moment, to steal a cities populations records, I've got to break
in to several hundred doctors surgeries, and load the contents into
hundreds of vans, in a coordinated raid.

In the future, I need to find one person, and subvert them, by whatever
means.

I suspect that with a gun to your (hypothetical) daughters head, you'd
cooperate quite readily.


The Todal

unread,
Nov 26, 2006, 8:35:03 AM11/26/06
to

"Richard Oliver" <richard...@goadsby.com> wrote in message
news:4stebiF...@mid.individual.net...

I thought long and hard before realising it was actually a joke about access
to medical records rather than an insult directed at another poster.

Mark Goodge

unread,
Nov 26, 2006, 11:15:04 AM11/26/06
to
On Sun, 26 Nov 2006 01:40:05 +0000, Steve put finger to keyboard and
typed:

>Periander wrote:
>> Steve <stek...@mac.comns> wrote in
>> news:R4CdnQ7itcx...@giganews.com:
>>
>> ...
>>> I wouldn't worry, I work on the NHS spine project and it's pretty
>>> tight! ...
>>
>> So is PNC, CRIS, CRIMINT, MERLIN, CAD/CHS and a shed load of other systems
>> national and local but nevertheless they can be made to leak like a sieve.
>>
>> It only needs one corrupt user in the right place and every single security
>> protocol/system is rendered useless. In a national system of this size,
>> complexity and type there will be thousands of "right places" and thousands
>> of potentially corrupt users.
>>
>> Sorry and I don’t mean any disrespect at all but your blithe assurances are
>> unconvincing.
>>
>
>Of course I can't give any assurances and what u say is true.
>
>We're working on future releases of the SPINE, most of us are
>experienced computer guys if not hackers and it really is hard to break
>in. Not impossible but I can't really think of a purely brute-force way,
>it would have to be a serious breach led from a person in high
>authority, like a smartcard admin for example.

My biggest concern about SPINE (and other, similar centralised
information repositories) is not that unathorised users will gain
illegitimate access to the data, it's that users with legitimate
access will abuse that privilege.

In other words, it's the politics of it that bother me, not the
security.

Mark
--
Visit: http://www.ukcommunityradio.info - Community Radio in the UK
"A singing bird in an open cage who will only fly, only fly for freedom"

Nick

unread,
Nov 26, 2006, 12:45:02 PM11/26/06
to

"Harry the Horse" <HarryAtT...@hotmail.com> wrote in message
news:11642344...@proxy00.news.clara.net...

I am sure that you are right regarding the quality but you were teaching
1-1.

And I hope that they got their A Levels as well;)

Nick

unread,
Nov 26, 2006, 12:55:03 PM11/26/06
to

"Alex Heney" <m...@privacy.net> wrote in message
news:c1lhm2t4l18pmdd18...@4ax.com...

> On Sat, 25 Nov 2006 11:30:05 +0000, Periander <4rub...@britwar.co.uk>
> wrote:
>
>>Alex Heney <m...@privacy.net> wrote in
>>news:9utdm2hb5kc0ri994...@4ax.com:
>>
>>...
>>>
>>> But a properly written computer system will significantly *reduce*
>>> such occurrences.
>>>
>>> Nobody is saying it will eliminate them. At least nobody who knows the
>>> slightest thing about computers will be saying that.
>>
>>Perhaps it would be more accurate to suggest that computers spread errors
>>more quickly than any other system known to man and that once an error has
>>been introduced to a computerised system it is far more difficult to
>>locate
>>and set right?
>
> No, that would not be accurate at all.

I used to work on mainframe computers submitting batch programs. If there
was a mistake in the program - and there were recognised procedures for
checking these - we would ask our colleagues and speak to Computer Support.

People who wrote programs or used computers were a specialised group and
there was a systematic training.

We would have an enormous IBM Manual in the corner of the room containing a
list of system errors etc and their meanings.

Before I started working it was a normal practice for statistical
tabulations (the equivalent of spreadsheets) to be checked by another person
and signed like in an engineering office. This lapsed before I ever started
working in the late '70's.

Then when PC's came along there was no recognised training or systematic
approach.

Even in a department of statisticians where I worked there was no recognised
approach to the use of these machines nor a means of sharing expertise. It
was like working at home - that is noone discussed with anyone else -
everyone was much on their own. This was in the mid to late 80's - 10 years
before the advent of the Internet.

10 years ago I took a qualification - the City and Guilds in the Use and
Support of the IT. This was the first time I had been on a formalised
training programme in the use of PC's.

More recently the ECDL (European Computer Driving Licence). The NHS and
other organisations now request this particular BCS (British Computer
Society) qualification when advertising jobs.

I have recently been doing some data quality work for a NHS client.

The central body had pointed out that the dates in the returns
(spreadsheets) that the organisation had supplied were not correct and this
would affect their qualification for funding.

When I examined this at the end of last week, I discovered that the database
was saving the data in one Excel format (Excel 4) and the organisation is
using Excel 2000.

The dates were then converted to text format and were presented in an
American version (ie 3 May 2005 was 05/03/05). As the date was in a text
format there was nothing that could be done with the "dates".

The staff where I am working are nurses and have little computer expertise.
It took me a short while to recognise the problem and less than the day to
by chance discover the reason for it.

Obviously if the staff were returning the information using pencil and paper
this problem wouldn't have happened.

But then we wouldn't be able to do online banking and I wouldn't be able to
participate in this newsgroup.

Nick

Periander

unread,
Nov 26, 2006, 11:55:02 AM11/26/06
to
"The Todal" <deadm...@beeb.net> wrote in
news:4stjf1F...@mid.individual.net:

Sorry to sound like the local netcop but it appeared to be evidently
humourous and as such is specifically permitted in the charter. IOW good
call.

--
Regards,

Periander

Periander

unread,
Nov 26, 2006, 12:05:03 PM11/26/06
to
Ian Stirling <ro...@mauve.demon.co.uk> wrote in
news:45698cac$0$8758$ed26...@ptn-nntp-reader02.plus.net:

...


>
> I suspect that with a gun to your (hypothetical) daughters head, you'd
> cooperate quite readily.

More likely £5,00 in used fivers, holiday in a new villa in Spain, free
tickets to Disneyworld etc

--
Regards,

Periander

Periander

unread,
Nov 26, 2006, 12:10:03 PM11/26/06
to
Steve <stek1...@spam.mac.com> wrote in
news:IY5ah.32000$yz3....@newsfe4-gui.ntli.net:

> Periander wrote:
>> Steve <stek...@mac.comns> wrote in
>> news:R4CdnQ7itcx...@giganews.com:
>>
>> ...

>

> We're working on future releases of the SPINE, most of us are
> experienced computer guys if not hackers and it really is hard to
> break in. Not impossible but I can't really think of a purely
> brute-force way, it would have to be a serious breach led from a
> person in high authority, like a smartcard admin for example.

Depends on what you deam to be "damage" and your definition of "serious".

--
Regards,

Periander

Periander

unread,
Nov 26, 2006, 12:20:02 PM11/26/06
to
Alex Heney <m...@privacy.net> wrote in
news:c1lhm2t4l18pmdd18...@4ax.com:

...


>>
>>Perhaps it would be more accurate to suggest that computers spread
>>errors more quickly than any other system known to man and that once
>>an error has been introduced to a computerised system it is far more
>>difficult to locate and set right?
>
> No, that would not be accurate at all.

Oh nonesence every major database I'm aware of in fact I suspect I should
say "we're" aware of has errors in vast amounts, DVLA, passports, PNC,
insurance database, every local authorities HB database, income tax half
the posts here and in the other place (at least the halfway serious ones)
are either about or related to database erros ... OK well perhaps I
exagerate but nevertheless there is plenty of them.

--
Regards,

Periander

Steve

unread,
Nov 26, 2006, 5:00:08 PM11/26/06
to

I can say it's taken me three weeks to get my card reader and smartcard
working, it's gonna be as tight as a drum, cos no one will have access....

We are forced to use Windows on the desktop tho. We are all Solaris guys
not used to clicking on things.

Steve

Steve Walker

unread,
Nov 26, 2006, 5:35:02 PM11/26/06
to
Richard Oliver wrote:
> Steve wrote:
>
>> BTW, Alex, glad to see ur hemeroids are on the mend, and which one of
>> you has the had two foot penis reduction? Oh, sorry, that was me....

>
> Good to see moderation at work.

Quite so - it's exactly the sort of harmless humour which is welcome here.
Glad to see that you approve, Richard.


Alex Heney

unread,
Nov 26, 2006, 8:10:04 PM11/26/06
to
On Sun, 26 Nov 2006 17:20:02 +0000, Periander <4rub...@britwar.co.uk>
wrote:

In what way does any of that (which is correct) mean that I was wrong?


I will grant that any automated system will mean that errors will
propagate faster - that is an inevitable part of the fact that they
are designed to propagate data.

But it is NOT true at all to suggest that it is far more difficult to
locate and correct errors in automated systems. If the system is
anywhere *near* well written, error location and correction should be
trivial.


--
Alex Heney, Global Villager

Pobody's Nerfect!

Alex Heney

unread,
Nov 26, 2006, 8:15:03 PM11/26/06
to

The charter of this group does not disallow profanity, so it will not
be moderated out.

Even if that had been profanity, which it wasn't.


--
Alex Heney, Global Villager

I've no idea what I'm doing out of bed. - Shadwell

TD

unread,
Nov 27, 2006, 12:55:03 PM11/27/06
to

"Periander" <4rub...@britwar.co.uk> wrote in message
news:Xns9887AC208EF4...@80.5.182.99...

As if by magic,

'Plans to upload medical records onto a central database - the so-called
spine - will put patient confidentiality at risk, Connecting for Health
(CfH) has been told by its own consultants.
'In its own risk analysis of the project, the agency responsible for
centralising the country's medical records has acknowledged that GPs'
concerns about patient confidentiality have merit, and that it would be
safer to store records locally...'

<http://www.theregister.co.uk/2006/11/27/care_record_conf/>

TD

unread,
Nov 27, 2006, 2:50:05 PM11/27/06
to

"anthony" <anthony...@ukonline.co.uk> wrote in message
news:4-Sdnck-u-U...@bt.com...
>I wanted to make some effort towards preventing my personal medical details
> being uploaded on the new NHS computer. Anybody on this group already
> started taking steps? If so please let me know what you think is a good
> course of action. Thanks

There is a campaign called The Big Opt Out.

Its website is here:

<http://www.nhsconfidentiality.org/>

TD

unread,
Nov 27, 2006, 3:10:03 PM11/27/06
to

"Ian Stirling" <ro...@mauve.demon.co.uk> wrote in message
news:45645cfe$0$8742$ed26...@ptn-nntp-reader02.plus.net...
<snip>
> Ok...
>
> If I was a rapist, I'd quite like to get a list of girls >12 <20, with a
> history of assorted mental health problems, a nominal BMI, and no
> history of STIs.
>
> If I was a burglar, I'd like to know about OAPs, who are on 'care in the
> community', and have had treatment in private hospitals.
>
> Or people living alone, going into private hospital for a stay of
> several days.
>
> Or cases where a family has private health insurance, and has gone to
> the doctor for immunisations for far off places.
>
> If I was a vigilante, I might want people who've been in secure
> hospitals.
>
> If I was an identity thief, I'd like details of people who are
> 'confused'.
>
> If you get access to medical records, you can read a hell of a lot
> between the lines.

May I use your examples on my blog?

You will be credited!

TD

unread,
Nov 27, 2006, 4:10:03 PM11/27/06
to

"Michael Hoffman" <cam....@mh391.invalid> wrote in message
news:ek03ho$jp6$2...@gemini.csx.cam.ac.uk...
>Periander wrote:
>
>> The old private dick looking for evidence of adultery, slips his contact
>> a few quid and lo and behold it turns out that in 2004 Mr Smith visited
>> the clap clinic.
>
> Yes, it has already been established recently that private investigators
> are quite good at getting information out of big databases that lots of
> people have access to.

Yes, abuse is prevalent, but why make it easier?

>> So good on the doctors for highlighting their concerns and meanwhile
>> perhaps someone who’s in the know could take a stab at answering the
>> question?
>
> The question was "Anybody on this group already started taking steps? If

> so please let me know what you think is a good course of action."
>

> The answer is that no one is so far willing to say that they are doing
> this, and there might not be a good course of action.

Mr Hoffman, Ross Anderson of your university describes 'three things you
should be able to opt out from' here:

<http://www.lightbluetouchpaper.org/2006/11/01/opting-out-of-the-nhs-database/#comments>

From a legal perspective, I find it interesting that the individual has no
legal right to prevent his data from being stored on the Spine.

Michael Hoffman

unread,
Nov 27, 2006, 4:30:07 PM11/27/06
to
[Michael Hoffman]

>> Yes, it has already been established recently that private investigators
>> are quite good at getting information out of big databases that lots of
>> people have access to.

[TD]


> Yes, abuse is prevalent, but why make it easier?

For the record, you are preaching to the converted here. I don't think
that is a good state of affairs, and is probably one of the best reasons
to avoid centralization.

TD

unread,
Nov 27, 2006, 5:00:23 PM11/27/06