The last blogpost has started up a bit of a discussion about the pros and cons of the NHS database, so I thought that it wold be an idea to make my thoughts on such a system clear.
While it might make the retrieval of notes simpler and more convenient, the security risks are frankly too great. The cost will spiral and *********
We can first look at the cost, going on previous history the UK government seems to have an almost pathological aversion to being able to bring IT project in on either budget, or time. The cost has already spiralled beyond the initial estimates.
Discussion point – find governmental IT projects that have come in on time and budget.
The people who would be using the system don't particularly want it. The BMA think that it should be an opt-in system with each patient choosing to be put on the database rather than automatically being assumed to give consent. This is a fine compromise as long as the people opting in are fully informed as to the risks of being on the database. There is a way to 'opt out' of the database, but there are rumours that people who are refusing to go on the spine are having their names recorded by the government.
Discussion point – given the technical knowledge needed to understand databases and security as well as the way the NHS runs, will anyone be fully 'informed' beyond us computer geeks. Also, is the recording of opt out names just paranoid rambling.
The proposed benefit is that medical notes will no longer get lost, or that if you are unable to communicate there will be easy retrieval of your notes enabling allergies to be avoided, pre-existing medical conditions to be taken into account and next of kin to be contacted. There is an easy way in which a more secure system can be created, and that is one that points to where a person's paper medical notes are physically stored. That way the database is just a pointer to a more secure system.
As for treatment for people who present while unconscious – most causes of unconsciousness are well know and are tested for and treated, if a person has a rare condition then they will often carry such information on them. They are the protectors of their data, not a third party.
Discussion point – if someone is without a form of ID, how will this database help them? Will this tie in with a national ID database scheme.
Just looking at the security issues is enough to make someone paranoid. In more than one hospital I've seen passwords and user names stuck to mobile computers – a cleaner could 'borrow' a computer easily and in the privacy of a cupboard log onto the system and gain access to your details. Even if the log-in is tied to staff ID cards the system will not be secure, cards will be lost, or lent and borrowed. I can't imagine any ward sister sending home a nurse who is unable to do their job because of a lack of an ID card – they'd lend them their own.
Extend this to clerical staff.
Discussion point – this doesn't even include pure malicious attacks, agency nurses entering and leaving hospitals, patients stealing a glance at unattended computer screens or social manipulation attacks.
It would be trivial for me to socially hack the system and leave no trace of wrongdoing. I could sell your data on to nefarious parties for a tidy little profit.
But this is nothing more than we can do at the moment anyway – notes are lost, or looked over by people who have no right to do so. The problem is in the scale of the breach. I might have a friend in the notes section of the local hospital who can look up details for me – but that information is limited to people who have gone to that hospital. With the NHS database that 'local' become the whole of the UK.
Discussion point – part of risk analysis is how disastrous the consequences of a breach of security could be, having access to the entirety of the UK population's medical notes is pretty disastrous if you ask me.
Then there is 'function creep', we've seen this already in the use of anti-terrorism legislation enabling local councils to 'snoop' on people. What is to say that some government later on down the line decides to start selling the data to insurance companies, or to other government agencies like the census department. Even if you trust this government, do you trust every government that comes after them?
Discussion point – would legislation allay this fear, or just require a change in legislation later on down the line?
So, the NHS database would, in my view and the views of people much smarter than me, be expensive, unfit for it's purpose, horribly insecure to both technological and social attack and prone to function creep. In return there would be little benefit for most people.
Sure, have it as an opt-in system for those people who are willing to put their faith in a government system and local hospital and their ability to keep such data secure. But make it a fully informed choice, one where people are aware that it is being run by the same people that 'mislay' their normal paper notes on a regular basis.
I have a source who has let me know how insecure the proposed system is – I fully intend to opt out, and I work for the NHS.