There is a scandal in the UK Department of Health’s IT management. The BBC reports it thus:
The Department of Health has apologised for an apparent security lapse which allowed the personal details of junior doctors to be accessed online.
Channel 4 News reported that a breach on the NHS Medical Training Application Service website allowed public access for at least eight hours. The department said the details had only been available briefly, and only to people making employment checks.
[…]
Phone numbers, addresses, previous convictions and sexual orientation were among details available since at least 0900 BST, it reported. The Department of Health was alerted at 1635 BST and the breach closed at 1705 BST.
The opposition spokesmen were on it straightway, pointing out that if this could happen with temporary information on 7,000 junior doctors, what hope was there for the medical records of the entire country intended be held on the NHS Connecting for Health system, or all those personal details being sought out for the NIR, to remain secure?
All very well and good. They won’t be. And we should thank Andrew Lansley MP for taking the opportunity to point it out. But I cannot help feeling let down by the response of media and politicians. “Insecure!” they bleat.
Nowhere, yet, have I heard or read in the mainstream discussion of this incident what seems to me the most screamingly obvious and fundamental questions. What business is it of the DoH to supervise the selection of individual doctors for individual hospital placements at all? And what the hell is it doing collecting information about doctors’ religions, sexual preferences and criminal records in the first place? If you have committed a crime the nature of which debars you from being a doctor, then you’re no longer a doctor, so you should not be on the list. If you have not then your crimes are as irrelevant as your religion or your sexuality, and they should not be. No doubt they were also as carefully classified as to race and ethnic origin as would satisfy apartheid authorities re-equipped with modern computers.
When are people going to rebel against the presumption that government may pigeonhole as it pleases, and anything a bureaucrat with a checklist asks he is entitled to know?
Unless you have a damn good reason, I decide what I’ll tell you about myself based on the nature of our relationship. Information is power. Information is intimacy. Forced disclosure of private information is data-rape.
Those 7,000 young doctors were only incidentally abused by the feeble security. They were deliberately data-raped by the Department of Health first.
I agree completely but reading the end I also got a disturbing image of Data from Star Trek…
It’s an important point. We were discussing today why on earth they had all that data, and assumed that it was to defend themselves against accusations of biased selection policies or whatever. But in fact, the reason they had it was because those in charge have a strong desire to hoard information, regardless of what use it might be. The same problem occurs in private companies, especially those who sell direct to consumers – an insatiable desire to know everything. At least for private companies there’s a cost to them, although they seem keen to pay it, in my experience.
Quite right Guy. That was my first thought also. “What the hell are they doing with information like that in the first place.” I’ve often wondered if, when filling out a job application, I should leave the equal opportunities bit blank and whether it would damage my chances of getting an interview if I did. None of the stuff they put on those forms is ever relevant to whether you can do the job or not. Next time I have to apply for a job (it’ll be a while yet) I’ll be writing in big black letters on the E.O. section “NONE OF YOUR DAMN BUSINESS”
“I decide what I’ll tell you about myself based on the nature of our relationship. “
Ok. And I, your potential employer decide if I want to hire you, based on the information you gave (and the one you withheld).
If I were to hire a doctor I would like to have as much info about him as possible.
But the hiring should be done by the doctors that manage the hospital, not by the DOH.
And is the info there for ever on the wayback machine?
Quite so Guy.
All your points here were well made.
As for how the public can be brought to see the real matters of concern here – sadly I just do not know.
Its so gratifying that I’m not the only person who was wondering why on earth sexual orientation was needed.
I’m even more glad to have it pointed out to me that this whole thing is needless. Surely hospitals should appoint the applicants they think most suitable for the job there, or is this an attempt to give jobs to those who ‘need’ them?
I don’t think so Mandrill, the companys that collect equal opps information are usually large and that information is not seen by those actually doing the recruitment.
Where i work loads of people don’t fill them and too right neither do i
I always give the bare minimum in terms of the “equal opportunities” section. I guess that’s why I’m self-employed. Real equality is… well no point preaching to the converted. Apparently the next census is going to include a question on sexual orientation. I hope it includes an “other” please specify box because that would enable me to write “fuck off”.
Jacob: what do you need the doctor’s sexual orientation for?
what do you need the doctor’s sexual orientation for?
To avoid offending the sensibilities of a muslim by having a gay doctor save his life?
Or indeed his wife’s life
For your amusement. This provides the proposed data element, which agencies use it and census history of that element. Giving up all that data is worrisome. On the other hand, I just found the name of my long unknown great-great-great-great grandmother in the 1851 England Census last night (from great-great on, we are American)
(US Census 2007 Subjects Notebook)
I’m a doctor. My medical software allows me to record the sexuality status of my patients. I have about 12000 patients. I have never filled in the box. I ask when I need to ask. I think this is another example of how government run health care is bad the the public and the providers. Incidentally I have no idea of the sexual orientation of any of my staff beyond what they choose to tell me (or what is self evident).
Statistics have become so useful, in so many endeavours, that it is now de rigeur to collect them all the time. No one questions the usefullness of collecting statistics, because it has been well-established to be useful in so many ways. What they should question is whether the stats they collect are even being used at all, and if so, then what for?
Many agencies collect information they never use. some minor functionary thinks it would be a goo didea to track X for a period of time, but then passes from the bureacracy and the original limited intent of the collection is never examined again.
It becomes problematic from a civil libertarian point of view because the information collected for one ostensible purpose now slides over to another agency with a different purpose. Next thing you know, a comprehensive database is being sold to telemarketers or lost to credit card thieves, ends up leaving perfectly ordinary people with a “criminal record” for minor mistakes they make.
In the corporate world, a good security policy not only includes safeguards for information, but eliiminates data which is no longer useful to limit the possibility of unauthorized disclosure and liability. In government, data used to expire (from a practical standpoint) when it moved from active files to the cardboard boxes in the basement. It was no longer accessible to a casual inquiry, so it was essentially expunged for all but crimes requiring the most intensive of scrutiny. You wouldn’t be considered a repeat offender because you failed to return a libray book in grammar school.
It sounds like they had an access authority problem, which implies they are using the same applications and web-sites for intranet and internet.
The guy that designed the software probably had a degree from South Bank Poly(no honours) but his mum knew the IT head, or his aunty was running the project and needed a hand during the Summer.
All for fifty thousand a year of course, and now he has commercial experience he’s a web developer much in demand.
Either that or they hired a third rate company like Isoft to spend billions without actually producing a usable system.
Frankly it should take a half-competent business case analyst about three months to go round capturing requirements.
Two years would be more than enough to get an extensive system into place.
Roll out would be staggered, and would use XP or Linux as an operating system since there would be few compatibility problems and time to stabilise before being forced to upgrade.
Individual hospitals wishing to migrate their data to the new system would be responsible for hiring their own scripting specialists.
Personally whenever someone wants those sort of details I either don’t put them, or make something up.
Who knows what they will think if the ever compare notes – or when they will make it illegal to refuse…
Pietr, the history of fucked-up government IT systems hasn’t been so much about faulty contractors as the customer not knowing what it wants. A friend of mine cracked open the bubbly when her (large and well-known) IT company failed to land the NHS contract it had tendered for.
Pietr.
No need to look for complicated explanations. From my experience temping at NICO while they were introducing Infrastructure 2000*, I can reveal what went wrong and what always goes wrong with HMG IT projects.
Civil Servants don’t understand computers. They just don’t “do” technology. They therefore can’t write proper software specs. The contracted company then does something really half-assed that vaguely matches the vague description they’d been given. In the NICO case-study I’m using this resulted in HMG sueing Accenture and Accenture counter-sueing HMG. After huge sums of money had been spent the net result was that we were now doing data-processing with a 17″ screen rather than a 15″ screen. Yippee!
Which brings me neatly onto… HMG lack vision as to what you can actualy do with a computer. I was one of many drones (they call ’em E2s – as a temp I was paid at E1 rates, thanks!) at NICO performing mechanical calculations on people’s pensions entirely using information already within the system. They could’ve sacked thousands and got in a little gang of SQL programmers to do what we were doing but this being HMG that thought had occurred to nobody. As a temp the best way to freak out the old dragon in the office (there is always one) is to write a macro. Alas, there was no macro or scripting language just a point and click database front-end. They had just implemented an absolutely isomorphic filing cabinet. It was bloody awful.
The point I’m getting at is that just because something uses a computer doesn’t mean it’s computerised.
I think you’re on the right lines with the inter/intra net thing. I suspect the system was originally intended for drones to input data from paper onto and then somebody thought outside of the box and said “let’s put it online!” The fact that nobody thought about security is not atypical.
*I2000 was supposed to have been introduced in 1999, this was 2001.
Phil A,
Someone recently sent me a link to a story in the LA Times. I had to go through a tedious registration process. You know the sort of thing. No, I don’t want to hear the latest offers from San Diego Honda or what courses of study are available at The University of Phoenix. Anyway, according to the LA Times, I’m a 112 year old female, resident in Georgia (Atlanta, not Tblisi). Why Atlanta? Well, I know some zip codes for the place and they frequently query a UK postcode because they’re a totally different format.
I just put in anything to get through to read the article.
Am I dreaming it or was there some government sponsored study in the 1980s, which concluded that computers were all right for numbers but they would never be much use dealing with text?
It is probably unfair to single out government nevertheless, since such chronic lack of basic understanding of IT seems endemic.
An example recently of a solicitor (charging almost £2000 per day) who cannot understand the idea of ‘cc’-ing an e-mail and insists on forwarding it himself. (on second thoughts of course I’m paying for that 2 minutes of his time!)
Another example of someone who dictated a letter – in response to an e-mail no less – to which he had attached printed copies of pages from a web site. Clearly the idea of a URL had escaped him.
Sadly, while the percentage of people using computers may be high, the percentage who actually have the smallest idea of what they are doing is frighteningly tiny.
Somewhat at a tangent, but the NHS Minister wrote to me as MD of my Limited Company yesterday, advising me about the forthcoming smoking ban.
However, my Limited Company ceased trading in 1999 and was dissolved in 2000.
What a bunch of cowboys.
“Jacob: what do you need the doctor’s sexual orientation for?”
I don’t know.
But it’s not for me to decide (or to know, or to prohibit it); it’s up to those that do the hiring; they should be the doctors who manage the hospital.
Just as an explanation, they are not really applying for jobs as such, which is why the argument about leaving it to individual hospitals falls down a little.
These were medical students applying for F1 jobs. In the UK, the medical degree we award is not sufficient to allow you to practice medicine without supervision. The General Medical Council require our graduates to do a one year ‘internship’ (the F1 year) to confirm they are safe to practice before granting them full registration. The problem is that all medical graduates of a year must complete this F1 year or the £100k and 5 years we’ve just spent training them is wasted. The database (MTAS) is just a deeply complicated and apparently ineffective way of matching these graduates to F1 posts across the country whilst allowing them to express a preference as to where they end up spending that year. It does, in theory, save the medical student from individually applying for fifty different posts as each hosptial is only able to offer a few dozen of these F1 placements to the thousands of graduates needing them. I totally agree with the original post’s thoughts and concerns, but wanted to explain why the system was perceived to be necessary.
Much appreciated, John.
So what the NHS training body (not the DoH itself) actually needs is a list of names and addresses of doctors plus perhaps a registration number for each to avoid confusion, a list of the training places available, and some sort of preference data? All of which is disposable once the allocation is made and the places are taken up?
Pietr wrote:
‘The guy that designed the software probably had a degree from South Bank Poly(no honours) but his mum knew the IT head, or his aunty was running the project and needed a hand during the Summer.’
I have a degree from South Bank Poly, albeit with honours. What are you trying to say?
llater,
llamas
Sorry mate.
I should have said ‘a generic HE college somewhere in the Marxist diaspora of England’.
I used to go to the pubs with South Bank types when I was at the People’s Palace.
Pietr is a manager, and works on the time-honoured manager principle: anything you don’t understand must be easy.
I am a programmer and have worked on many projects vastly less complicated than anything the NHS is planning to implement. No software project of anything but the most trivial kind can be implemented in two years.
A few guys (‘consultants’) going round ‘capturing requirements’ in three months is quite often what you get. You then have to do the job again, properly this time. That will easily account for a year. Persuading the management that ‘Linux’ or a ‘Web Browser’ or any other magic word they read in the paper isn’t going to solve all their problems usually takes more time than actually solving the problems.
An NHS computer system will be immensely difficult to get to work, even assuming that the people involved with it were interested in the larger system rather than their own payday.
I predict it will never work. Since a lot af ‘data’ will be added to the (failing) system it will also doubtless fuck up a lot of people’s lives (Sexual Offenders List, Operation Ore, anyone?)
Nick M-
glad to hear your story, it confirms what I had suspected.
Ten years ago I was looking for work and wrote to a Middlesborough engineering company; to my surprise the Production Director asked me to interview.
Gave me two weeks to do a feasibility study on consumable tool management.
In one week I had arranged competitive trials for three different systems, Isis Informatics from Southampton, Sandvik Automation of Sweden and Walther of Germany.
I chose Isis.
The CEO ran his own little project on the QT and came to the same conclusion.
This was responsibility straight out of the box and I liked it.
Two weeks ago I did 5 hours of testing, interview and exercise for a British software company.
They rejected me.
Reading the ‘BrainBench’ report upside-down I got the distinct impression they’d told the Director I was director material.
Ooops.
Next week I’m off to Europe for a day.
They are looking for a director-level tech to take charge of a project in the Midlands.
Nice to be in charge for a change?
It would remind me of the Gary Larson cartoon,”Hey Bucko, I’m through begging!”
Pietr.
Were you at QM college?
Mais naturellement mon brave!
BTW Brian, when I say ‘use’ I mean ‘create’.
Missing a couple of comments;apparently the jolly old computer was clogged at four am when I got off my nightshift delivering newspapers(at 90 mph!).
Brian, I write software to use as an Engineer, and while I do enjoy it very much, I keep it strongly within context.
This comment is coming to you from my Edgy Eft server, which should soon be Feisty Fawn as soon as the upgrade servers cool down.
I think that the NHS system should use local clusters, centred on regional health authority datbase servers(SQL 2005 or possibly Oracle), using any number of independently developed applicaitons which share standard communication and dat-formatting conventions.
The framework would be the sole requirement of the ‘National System’, and with TCP/IP etc already universal, I’d like to see any excuse for taking longer than two years to set it up.
As for Requirements Capture(to quote the Catechism of orthodox software high church), this could be achieved in a few weeks by simply canvassing the IT department of every health client establishment with a snail-mail form(universal, and don’t turn your nose up-most of them would only print off a hard copy of an e-mail), with aggressive progress-chasing by telephone of representative.
In any case with intelligent SQL scripting there isn’t a need to standardise databases, except perhaps to use NI Number as the Primary Key.
I’m sure others can improve on this, but it took me only fifteen minutes to think of, not fifteen years and not 6 billion pounds, just 70p for a Tetley’s Bitter.