« November 2008 | Main | January 2009 »
December 10, 2008
Electronic NHS records: security concerns
Britain's National Health Service (NHS) is now starting to store our medical records electronically. Clearly, this can have benefits; however, these records can contain very sensitive information, and the security arrangements currently in place seem woefully inadequate. The BBC's All in the Mind programme - listen here for the next few days - was discussing the security measures around these records. What should happen is that - when a member of NHS staff tries to access a patient's records - they will be denied access unless they have a legitimate interest in seeing these records (for example, are the patient's doctor).
Unfortunately, the programme made clear that staff can now get around this problem by the brilliant hack of ticking an 'admin' box.
Harry Cayton, Chair of the National Information Governance Board for Health and Social Care, was on the show to defend the electronic records system. However, he acknowledged that - while it might be good to improve security - this is in the process of being rolled out: in other words, they are installing the system before adequate security measures are in place. Cayton emphasised that an audit trail would allow people abusing the system to access records inappropriately to be caught after the fact - but, by the time certain sensitive information is out, it could be too late.
To be blunt, listening to the programme gave me a nice clear sense of how I could get a temp job at my local hospital, access any patient records I was curious about, and then be gone before anyone noticed. This wouldn't require great hacking skills: so far as I could tell, it would just require basic computer skills and the ability to tick an 'admin' box. This is rather worrying.
To make things worse, there is no apparent way to opt out of the system and issues of consent are extremely muddy. The NHS psychiatrist Dr Hashim Reza argues that "[l]egally, it is patients' privilege, and it is my duty to write" a patient's electronic record, and a patient choosing to sit in the doctor's waiting room is seen as "implied consent". If one cannot turn an offer down, I am not sure that it counts as a privilege.
Posted by jon_mendel at 11:35 PM | TrackBack
December 04, 2008
Mumbai attacks: "This was not terror...This was war."
In an odd accident of timing, I gave a (pre-planned) lecture this week about counter-insurgency, and the blurring of boundaries between insurgency, war and other types of violence. I was talking about a trend towards an increasing escalation of the type of non-war violence we have seen in various terrorist and insurgent attacks. It would be tempting to read the events in Mumbai as a continuation of this trend - but I very much hope that this is not the case, and that these events are a one-off aberration.
Giridharadas' New York Times article on this is particularly striking, arguing that:
This was not terror — not as Indians understood it. This was war...As a surprise attack became a 48-hour struggle, the burden of responding transferred from the police to soldiers. The language was of war: television anchors spoke of buildings “sanitized” and “flushed out,” of “final assaults” and “collateral damage.” Helicopters hovered over Mumbai, and commandos dropped onto roofs. The grainy television imagery suggested not so much a terrorist attack as the shapeless, omnidirectional chaos of Iraq.
The shocked face used to illustrate the article also draws out the violence and horror of these events.
I'm not sure yet what meaning can be attributed to events in Mumbai, or how this fits into the broader contexts of international politics and terrorism. I hope this is very much a one-off, never to be repeated - but it is possible that this is the continuation of a trend to escalation.
