Slashdot Mirror

← Back to Stories (view on slashdot.org)

British NHS Patient Records Go To the Cloud

Posted by Unknown on from the what-could-go-wrong dept.

smitty777 writes "The Telegraph is reporting on an effort by the NHS to put a London hospital's patient records in the cloud. One of the more interesting aspects of this is the suggestion that patients would have control over who has access to their medical data. Many have understandable security concerns, which are even more relevant considering the recent issues with Dropbox cloud storage."

73 comments

  1. It's only a matter of time by frosty03 · · Score: 4, Insightful

    It's only a matter of time before somebody gets into it...

    1. Re:It's only a matter of time by im_thatoneguy · · Score: 1

      Just as it's only a matter of time until you get sick. At least this might help keep your doctor affordable to actually heal you instead of the possibility that someone will know what Allergy medication I'm on.

    2. Re:It's only a matter of time by mr1911 · · Score: 1

      Yes, because the government getting involved in anything always makes it more efficient and affordable.

      --
      This post comes with a double-your-money-back guarantee!
      Any offense taken to this post is at your sole discretion.
    3. Re:It's only a matter of time by Anonymous Coward · · Score: 0

      before every employer uses access to stolen health data to determine who to hire or fire before they take sick leave. Or find a reason to fire a pregnant woman before she takes maternity leave. Or blackmail employees into redundancy payments.

      Health data should remain very tightly controlled. Better leglislation to force doctors and specialists to hand over medical records to patients would be a start. I'm tired of having to ask doctors and specialists to hand over MY medical records i PAID for. Some refuse to hand over, others delay and a few try to claim a fee for doing so.

    4. Re:It's only a matter of time by tripleevenfall · · Score: 1

      And less prone to error.

    5. Re:It's only a matter of time by jojoba_oil · · Score: 1

      Just as it's only a matter of time until you get sick. At least this might help keep your doctor affordable to actually heal you instead of the possibility that someone will know what Allergy medication I'm on.

      The doctor doesn't heal you; he just helps you rid yourself of your ailment. Your body does its own healing...

    6. Re:It's only a matter of time by Anonymous Coward · · Score: 0

      Yes, because the government getting involved in anything always makes it more efficient and affordable.

      Yes, it may.

      Regardless of the benefits, try telling that to someone who's been denied health coverage because of a "pre-exisitng" condition and who makes too much money for Medicaid and is too young for Medicare. Hmmmm?

      Or tell that to someone who, even though they had plenty of insurance, gets wiped out by doctors balance billing for services or docs who insist on using out of network docs in their practice:

      Here's what I see all the time: Patient goes to doc and doc says you need a procedure at my clinic. Patient calls insurance company, "Yep, doc and clinic are in network." Patient gets treated and after a month gets a bill for a $1,000. WTF?!? Well, the anesthesiologist was out of network and guess what? Cough it up!

      Little history here: anesthesiology used to be done by nurses until the AMA and doctors figured out it could be a very lucrative specialty. Docs then came up with a BS line about "protecting the public" and TADA! Another specialty that makes mid-six figures for doing grunt work.

      The AMA is just as evil as the pharmaceutical and insurance companies.

    7. Re:It's only a matter of time by tripleevenfall · · Score: 1

      Health data should not remain very tightly controlled by the government. It should be controlled in whatever way desired by the person who owns the data.

      Yes, I have the radical belief that a person should own their own health information, not the government.

    8. Re:It's only a matter of time by mr1911 · · Score: 1

      The AMA is just as evil as the pharmaceutical and insurance companies.

      And the government is worse than them both.

      Regardless of the benefits, try telling that to someone who's been denied health coverage because of a "pre-exisitng" condition and who makes too much money for Medicaid and is too young for Medicare. Hmmmm?

      The government that you are looking to for solutions has already screwed up the situation. You do know that Medicaid and Medicare are government programs, right?

      Or tell that to someone who, even though they had plenty of insurance, gets wiped out by doctors balance billing for services or docs who insist on using out of network docs in their practice:

      I'm sure government sponsored healthcare will never have any holes and no one will have any ugly surprises. Refer back to your whole Medicare and Medicaid story.

      --
      This post comes with a double-your-money-back guarantee!
      Any offense taken to this post is at your sole discretion.
    9. Re:It's only a matter of time by rainmouse · · Score: 2

      Yes, because the government getting involved in anything always makes it more efficient and affordable.

      Regardless of the benefits, try telling that to someone who's been denied health coverage because of a "pre-exisitng" condition and who makes too much money for Medicaid and is too young for Medicare.

      Doesn't happen. This is about the British NHS and its all free. Same goes for the other patient financial concerns in your post. If its all about insurance woes and being over charged then its all completely irrelevant. Doctors having access to your medical history, knowing your blood type, allergies and what medication you are on etc in a matter of seconds is very useful to doctors and patients alike assuming the information is not leaked or corrupted somehow. People may whine and complain the usual anti government stuff but this could actually save lives.

      On a side note, I (and just about everyone else in Europe) really have trouble understanding why so many Americans are against free health care. I've heard a few, very angrily voice reasons that seemed based upon some very flawed or dishonest information. I take it the powers that be have a lot to financially to gain from manipulating people into hating the idea of getting stuff for free and forcing them to rely on insurances companies who make it their purpose to find reasons not to pay out.

    10. Re:It's only a matter of time by rainmouse · · Score: 1

      The doctor doesn't heal you; he just helps you rid yourself of your ailment. Your body does its own healing...

      Oh not that natural healing crap again. Yes the body heals itself but 'medicine' such as antibiotics also heal the body. You're not one of those homoeopathy sorcerers with your naturally healing magical memory water are you? I always wondered why if people who believe that homoeopathic substances become more potent the more dilute they get, are not worried that terrorists may threaten to destroy the universe by infinitely diluting a homoeopathic bomb.

    11. Re:It's only a matter of time by Boronx · · Score: 1

      Every other country of any means has more efficient, far more affordable healthcare systems that produce better outcomes than the US, but maybe that's in spite of the fact that they're also government controlled.

      --
      Play Command HQ online
    12. Re:It's only a matter of time by Anonymous Coward · · Score: 0

      Unless you are seeing Gregory House MD... I call dibs on 13

    13. Re:It's only a matter of time by Anonymous Coward · · Score: 0

      The government that you are looking to for solutions has already screwed up the situation. You do know that Medicaid and Medicare are government programs, right?

      If government provided helathcare has failed in the US, it's not a failing of government provided healthcare.

      The libertarians, free market worshipers, and spiteful Christians want to more or less leave the poor to fend for themselves and be kept out of their communities. The American dream of the rich capitalist breeds an attitude of get rich by clawing your way over everyone else.

      As long as you have a prevailing attitude that socialized medicine is something which should fail, you have everybody working to make it fail. Do you honestly want to live in a society where the overall welfare of people is controlled by profit seeking corporations?

      Other societies have made a choice ... and that choice is to decide that it is the job of a society to try to make life better for everybody, not just the rich. For those of us who live in countries with socialized medicine ... we more or less view the US and can't even begin to understand this hatred towards the idea.

      Americans seem to view altruism as a weakness.

    14. Re:It's only a matter of time by Feltope · · Score: 1

      It is SOCIALISM!
      We have the best medicine in the world and it will destroy that! (we don't and it won't)
      Pull yourself up by your boot straps!!!
      and countless other responses.

      I am a chef. I work hard for a living. I have had ~3 jobs in my life that I had the option to get health/dental insurance for, only one of which was worth a crap.
      I am 38 years old and a white male. I have no dependents and have never been married. I am obviously capable of working and taking care of myself. In short, there is nothing for me. I know this will sound racist and I don't mean it to be really but if I was from any other ethnic group I would qualify for pretty much anything and everything from medical care to extra school assistance all the way down to special low rate loans to open my own business. I am not suggesting I deserve these things I am just saying that is the way it is. Salaries have dropped so much in the last 10 years in kitchens it is borderline sickening.

      I need health care badly. I can't afford anything worthwhile. All the plans I have looked into would either reject me because I have pretty bad blood pressure problems, or they are to expensive, or so bad I am better off without it. The dental plans I have looked at are in the same boat. I desperately need dentures.

      I don't have a problem paying for my life. I also enjoy working hard. There is no other feeling like it in the world when you see a customer that just had one of the best meals he/she has ever had and completely enjoyed the experience. It is a great feeling. We all have to eat! My job is to make your experience the best I can and that is a lot of fun.

      We need health care in this country badly however sadly our government is run by businesses not by the people. So I don't ever see it happening without a semi-revolution.

      Until the camel's back actually breaks we are stuck I am afraid.

      --
      thanks, Feltope
    15. Re:It's only a matter of time by jojoba_oil · · Score: 1

      The doctor doesn't heal you; he just helps you rid yourself of your ailment. Your body does its own healing...

      Oh not that natural healing crap again. Yes the body heals itself but 'medicine' such as antibiotics also heal the body. You're not one of those homoeopathy sorcerers with your naturally healing magical memory water are you? I always wondered why if people who believe that homoeopathic substances become more potent the more dilute they get, are not worried that terrorists may threaten to destroy the universe by infinitely diluting a homoeopathic bomb.

      Uh. You completely misunderstood what I said. I wasn't talking about magical water or sorcery or any of that...

      When a doctor gives you an antibiotic, that drug hinders the harmful bacteria's ability to reproduce or live. It doesn't generate new flesh in your body to replace dead flesh. Your body rebuilds itself; the doctor just helps to remove the obstacles.

    16. Re:It's only a matter of time by davester666 · · Score: 1

      You sir, are just trying too hard.

      You need to swiftly exit the middle-class by joining the poor. Quitting you job should do the trick.

      Next, follow the example of the guy in North Carolina who held up a bank for $1. Note, you MUST actually have a weapon, as if you do it like he did, you may not actually get sent to a 'good' enough prison to get health care. I guess only truly hardcore prisoners deserve proper medical attention.

      Once your stretch in the pen is over, you never again will have a problem with qualifying for food stamps and all sorts of other welfare programs, because you will never be able to get a good job again.

      And in response to your reply, "Your welcome."

      --
      Sleep your way to a whiter smile...date a dentist!
    17. Re:It's only a matter of time by Gordonjcp · · Score: 1

      Hey, homeopathy totally works. You really can make something more powerful by diluting and ensuring you have less of it. Less is more!

      I should know, because I'm a world-leading expert in homeopathy. Well, I skimmed the first chapter of a book on it, anyway. Less is more, right?

    18. Re:It's only a matter of time by drsquare · · Score: 1

      Um yeah. The NHS is known for its relative efficiency and its accessibility to the people.

    19. Re:It's only a matter of time by Anonymous Coward · · Score: 0

      It's only a matter of time before somebody gets into it...

      members.tele2.nl/n.plomp

    20. Re:It's only a matter of time by coolmadsi · · Score: 1

      Hey, homeopathy totally works. You really can make something more powerful by diluting and ensuring you have less of it. Less is more!

      I should know, because I'm a world-leading expert in homeopathy. Well, I skimmed the first chapter of a book on it, anyway. Less is more, right?

      Exactly. And if fewer people practice homeopathy, the more powerful its effect will become ;)

    21. Re:It's only a matter of time by Anonymous Coward · · Score: 0

      Can you quantify this statement, "Every other country of any means has more efficient, far more affordable healthcare systems that produce better outcomes than the US"? I've heard the same argument in the reverse and fail to understand what apples to apples measurements being used to come to this conclusion. Please point me to metrics, if possible.

  2. Good by mr1911 · · Score: 3, Insightful

    The failure of the London experiment may keep entities in the U.S. from trying the same thing.

    --
    This post comes with a double-your-money-back guarantee!
    Any offense taken to this post is at your sole discretion.
    1. Re:Good by tripleevenfall · · Score: 2

      Since when does the failure of omnigovernment policies in one place or time dissuade people from wanting to try those things again?

    2. Re:Good by jhoegl · · Score: 1

      Companies are already exchanging EMRs.
      So... it is already happening

    3. Re:Good by hedwards · · Score: 1

      Exchanging individual EMRs as needed is significantly better than storing all the EMRs in a cloud. If for no other reason than the efficiency with which the records could be stolen.

    4. Re:Good by baldass_newbie · · Score: 2

      The failure of the London experiment may keep entities in the U.S. from trying the same thing.

      If the failure of the Soviet, Chinese, North Vietnamese, North Koreans, Cambodians, National Socialists and Fascists didn't teach the US government anything, I fail to see how the British NHS will.

      --
      The opposite of progress is congress
    5. Re:Good by mr1911 · · Score: 1

      Good point.

      --
      This post comes with a double-your-money-back guarantee!
      Any offense taken to this post is at your sole discretion.
    6. Re:Good by Average_Joe_Sixpack · · Score: 1

      Health care entities in the US have been using remote computing services and data storage for over 30 years.

    7. Re:Good by tripleevenfall · · Score: 1

      And, given that you have some form of choice as to your health care provider, you can look at their policies and effectively opt-in or not. Once government owns all your data and stores it in their hive, you can forget choice or opt-in.

      Anytime you see freedom moving, you can bet it's in the direction of "away".

    8. Re:Good by tripleevenfall · · Score: 1

      The Khmer Rouge's health care plan left a little something to be desired, although I suppose you could describe it as being efficient...

    9. Re:Good by Anonymous Coward · · Score: 0

      Quite possibly someone could steal lots of these records if they worked hard enough. But why would they want to?

      Most discussions of this seem to be based around the idea that hackers would be interested in accessing health records in the same way that they like to get hold of passwords and financial information; but that is a very bad analogy. If you steal credit card numbers then you can use them for fraud in a way that is very anonymous and requires no contact with the victim, and anyone's credit card will do. Similarly, if you want to build a botnet then most victim computers are equally good and you can exploit them from a distance. By contrast, the vast majority of medical records have nothing in them that is worse than mildly embarrassing. There is probably a very small number of records that provide opportunities for blackmail, where the subject has a public reputation and the record involves mental health problems or sexually transmitted diseases or something like that. However, blackmail is not a crime that you can commit silently. You have to communicate with the victim, who may well be able to get action from the police, and this is all a lot more hassle than the standard kinds of internet fraud. There are a few other scenarios that you could consider, but they have similar characteristics: the number of potential victims is very small, as is the number of potential beneficiaries, so you just don't get the economies of scale that make other kinds of crime profitable. In the US context people sometimes talk about the danger of revealing preexisting conditions and losing insurance, but that is not an issue in the UK where the NHS treats everyone anyway, and under Obamacare it should be much less of an issue in the US as well. I don't think you will see hackers making major efforts to steal medical information, because they have no incentive to do so.

    10. Re:Good by Average_Joe_Sixpack · · Score: 1

      By contrast, the vast majority of medical records have nothing in them that is worse than mildly embarrassing
       
      Not in the US. Medical identity theft is used to perpetrate host of scams including medicare and prescription drug fraud.

    11. Re:Good by Anonymous Coward · · Score: 0

      The failure of the London experiment may keep entities in the U.S. from trying the same thing.

      As someone who has worked as a software developer in the health/health insurance industry, for all the quackery we typically see in our industries, I highly doubt anyone in the US will ever consider doing this. I might be wrong of course, but I just cannot see it happening.

    12. Re:Good by hedwards · · Score: 1

      It's a very serious problem in the US, and one of the reasons why it's getting more common for providers to require a photo ID when checking patients in. It's not just the theft that makes it bad, but the fact that the stolen visits end up on the patients medical record. Leading to possible medical mistakes due to treatments not applicable to the person.

      And yes, you are correct, that the theft angle of it would likely be a lot less under the new health reform package, much of the theft previously was because it was the only way to get some of the non-emergency care, but there's other reasons to be concerned, as you note.

    13. Re:Good by jhoegl · · Score: 1

      You assume too much on the business side.
      They already data mine anything they can get their hands on for additional profit possibilities.
      And clauses upon clauses do not allow you to "opt out" of anything. Besides, they do not have custom "opt out" options. If you dont like it, you just dont go there.
      But wait, there is more... everyone is doing it
      Businesses must keep records for 7 years, this includes hospitals, doctors offices, medical billing, insurance.
      So... yeah.

  3. Seriously? You referenced Dropbox? by H0p313ss · · Score: 1

    How is that at all relevant?

    --
    XML is a known as a key material required to create SMD: Software of Mass Destruction
    1. Re:Seriously? You referenced Dropbox? by Anonymous Coward · · Score: 0

      Came to say this, leaving satisfied.

    2. Re:Seriously? You referenced Dropbox? by Anonymous Coward · · Score: 0

      Agreed. Dropbox is not a failure of the cloud, it's an idiosyncrasy of how Dropbox implemented synchronization such that the user didn't' have to enter credentials each time a synchronization occurred. If the UK is anything like the US in this area, then there are sufficient controls around how Protected Health Information must be stored and secured.

    3. Re:Seriously? You referenced Dropbox? by vlm · · Score: 1

      How is that at all relevant?

      Perhaps they're following the crypto software tradition of rather than using popular public SW with known and fixed bugs designed by pros, they'll implement their own system chock full of unknown and unfixed bugs designed by amateurs.

      Dropbox is probably bigger and better engineered than anything the NHS could whip up using NIH (not invented here)

      Therefore you know, with absolute certainty, the NHS implementation and privacy violations will be worse than anything that ever happened at dropbox. Thats why its relevant.

      --
      "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
    4. Re:Seriously? You referenced Dropbox? by Spigot+the+Bear · · Score: 1

      Dropbox is probably bigger and better engineered than anything the NHS could whip up

      Riiiiiiiight

    5. Re:Seriously? You referenced Dropbox? by Gadget_Guy · · Score: 1

      Dropbox is probably bigger and better engineered than anything the NHS could whip up using NIH (not invented here)

      And you have fallen into the trap of assuming that a private company must be able to do it better than a government department. Seriously, why would you think that Dropbox must be the "pros" and the NHS be "amateurs"? Dropbox was created by a couple of guys who got seed funding from a venture capital company. Given the criticism that Dropbox has received in regards to security then it seems crazy to use that company as the epitome of professionalism.

      Here is that criticism section from Wikipedia in full in case you can't be bothered following the link:

      Dropbox has been criticized by independent security researcher Derek Newton. Derek Newton has argued that Dropbox's authentication architecture is inherently insecure by design.

      Dropbox has been criticized for not supporting the ability for users to use their own AES-256 keys and for automatically signing in.

      Dropbox was also criticized for their accidental use of a fake DMCA takedown notice in an attempt to kill off an open source software project that took advantage of security flaws in their API. The software, known as Dropship, has since been mirrored widely.

      In May 2011, a complaint was filed with the US FTC alleging Dropbox misled users about the privacy and security of their files. At the heart of the complaint was the policy of "deduplication", where the system checks if a file has been uploaded before by any other user, and links to the existing copy if so; and the policy of using a single AES-256 key for every file on the system so Dropbox can (and does, for deduplication) look at encrypted files stored on the system, with the consequence that any intruder who gets the key (as well as Dropbox employees) could decrypt any file if they had access to Dropbox's backend storage infrastructure.

      On 20 June 2011, all DropBox accounts could be accessed without password for 4 hours as reported by TechCrunch. The error was caused by a code update made at 1:54 pm Pacific Time. The error was detected at 5:41 pm and immediately fixed. Less than 1 percent of Dropbox's users were logged in at that time. All logged in sessions were ended since then. All users with compromised accounts were notified by emails. Dropbox could potentially face a class action lawsuit over this incident. The lawsuit is being initiated by Cristina Wong of Los Angeles and claims violation of the California Unfair Competition Law.

      In June 2011, a tool called Dropbox Reader was released by Architecture Technology Corporation (ATC) of New York, and the tool is very similar to Dropship. It allows outsiders to achieve long-term access to any user's files by locally running a Python script on the victim's computer to obtain the proprietary access token. Dropbox was roundly criticized for this vulnerability in their product despite having released a beta version of their desktop client that fixes the vulnerability almost two month prior.

    6. Re:Seriously? You referenced Dropbox? by newcastlejon · · Score: 1

      And you have fallen into the trap of assuming that a private company must be able to do it better than a government department.

      I've got news for you: government IT systems usually are produced by private companies under contract. And when it comes to the NHS their record is especially bad.

      Why HMG keeps choosing those fuckwits EDS and Accenture, I'll never know. Maybe they always give the lowest tender, yet they go over budget without fail - so why doesn't HMG just tell them to sod off?!

      --
      If God forks the Universe every time you roll a die, he'd better have a damned good memory.
  4. In Other Words: +4, Interesting by Anonymous Coward · · Score: 0

    The NHS adminstrators are pendejos

    Yours In The Cloud,
    K. Trout

  5. "in the cloud" by Zouden · · Score: 4, Insightful

    What's wrong with simply saying "online"? They're putting the patient records online. Medical staff will be able to access them through the internet.

    Alright, now I'll hit the submit button and send this text to the cloud!

    --
    "A week in the lab saves an hour in the library"
    1. Re:"in the cloud" by im_thatoneguy · · Score: 1

      What's wrong with simply saying "online"? They're putting the patient records online. Medical staff will be able to access them through the internet.

      Personally I think in a lot of these cases "the cloud" is a better descriptor than "internet". For me at least the "internet" is a bunch of websites. So if you say my settings are stored "on the internet" the mental picture I have is opening a web browser. If you say "in the cloud" then I picture a data service like Dropbox or LiveMesh.

    2. Re:"in the cloud" by 0123456 · · Score: 1

      What's wrong with simply saying "online"?

      "Online" is so last century. "The Cloud" is the new shiny.

    3. Re:"in the cloud" by jojoba_oil · · Score: 1

      Personally I think in a lot of these cases "the cloud" is a better descriptor than "internet". For me at least the "internet" is a bunch of websites. So if you say my settings are stored "on the internet" the mental picture I have is opening a web browser. If you say "in the cloud" then I picture a data service like Dropbox or LiveMesh.

      Your keywords are "personally" and "for me" and "mental picture I have"... It's not anyone else's fault that you have assigned the definition of "world-wide web" to "internet" in your own mind.

      When someone tells you that they play games on the internet, do you think of flash web games or do you think of counter-strike, world of warcraft, etc?

      And before anyone tells me how old the term "world-wide web" is, think about what terms are still used today: www, web, website, etc...

    4. Re:"in the cloud" by NoKaOi · · Score: 1

      Isn't the "cloud" supposed to mean you basically don't care where it is? It's just that cloud in the old network diagrams with "Internet" typed into it and we really don't care what's in there? I guess saying it's accessible on the Internet might imply you care on what server in what datacenter. Kinda like saying "they're out to get me" vs. "the black helicopters are out to get me." If they want to alleviate privacy and security concerns using the term "the cloud" just seems stupid. Why not say something like, "on a secure server accessible by your healthcare provider through the Internet."

      Of course in real life the "cloud" usually means a virtual machine running on servers in a large data center. I thought the idea when marketing people started using that term was that it was supposed to be automagically scalable, and completely portable between hosting providers, but of course we all know that's not the case. Now it's just starting to get old and annoying, like the "BIG SALE FOR A SHORT TIME ONLY!" signs outside of every mattress store.

    5. Re:"in the cloud" by LordLucless · · Score: 1

      Putting it "online" could also mean they're putting it on their own servers, controlled and managed by them.
      Putting it "in the cloud" implies an outsourced, turn-key service

      Online, I wouldn't have so much of a problem with. I mean, yeah, it can be hacked, but so can their offline computer systems. Putting it "in the cloud" not only has the same weaknesses, it also exposes it to the malevolence of the third party, or any employees they may have, which is out of control of the ostensible guardians of my data.

      --
      Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
    6. Re:"in the cloud" by ydrol · · Score: 1

      Preach http://en.wikipedia.org/wiki/Internet#Information

    7. Re:"in the cloud" by rubycodez · · Score: 1

      I thought "the cloud" was the very worst piece of meaningless IT techno-babble marketing spew, even worse than "web 2.0", until Steve Jobs said iCloud.

    8. Re:"in the cloud" by julesh · · Score: 1

      What's wrong with simply saying "online"? They're putting the patient records online.

      Because there's an additional implication. If I have a record about you here on my computer, I can put it online by simply running some kind of server on this machine and opening a hole in my firewall for it. To put it "in the cloud" I have to contract with a third party to host it somewhere else, so that everyone (including me) accesses it remotely rather than using the original local copy.

      "Cloud" => "subcontracted IT service delivered remotely via the Internet"

      The term is useful, even if a little stupid.

  6. Portable Health Records by Anonymous Coward · · Score: 1

    Clayton Christen et al predicted this type of move in "The Innovator's Prescription" published a few years ago.

    Its a key part of reducing costs in health care - having the patient record belong to the patient and be readily usable and update-able by different health providers (public, private, not for profit) that the patient sees.

    The security issues are a necessary issue that comes with doing it this way. You can't rely on anyone let alone "Mr Average" to not mislay their DVD-RW or USB thumb stick, so in the cloud the data has to go.

    1. Re:Portable Health Records by Anonymous Coward · · Score: 0

      How about just make it available for FTP or torrent?

      Look how long it took cloud providers to get even near FISMA compliance. All it would take is one cloud provider to go bankrupt, the servers get liquidated, and the buyer of those now possesses a lot of sensitive data.

  7. What could possibly go wrong? by Anonymous Coward · · Score: 0

    What could possibly go wrong?

  8. I for one welcome ... by Anonymous Coward · · Score: 1

    the transition from paper records to online electronic records. This will totally solve the massive problem of theft of medical records from the wards where patients are treated and reomve all chance of the records being lost or changed maliciously. After all, I trust the banks with my online bank accounts, which have proven to be much less susceptible to identity fraud than paper records.

  9. I have dumb questions by Anonymous Coward · · Score: 0

    Aside from security, who is going to do the data conversion?

    I don't know what software packages they have for medical, not my forte in IT, but assuming there are 5-10 major packages, with 3 or more revisions, who will they get all that data into the system, and verified for accuracy.

    Considering the incompetence of credit agencies, I'm sure my medical records will somehow get uploaded and somehow I'll be marked as pregnant.

    1. Re:I have dumb questions by Spad · · Score: 1

      Every GP in the NHS already has their patient records stored electronically on local clinical systems (EMIS, INPS, iSoft & SystmOne are the key players); a lot of them still use paper records as well but they're all duplicated.

      Most of the providers are pretty good at data conversion these days because it's hard to sell doctors on migrating to your system if you tell them they'll lose half their patient data when they do it.

  10. Nonsense by Spad · · Score: 5, Insightful

    Clinical software providers have been pushing this style of system for months now, it's hardly a "cutting edge pilot scheme"; EMIS & SystmOne are probably the furthest ahead with a lot of GP practices already using their hosted solutions for their patient records (in the case of EMIS with a caching server locally in case their link goes down).

    Doctors get R/W access over N3 (The NHS "private" network, similar to JANET) and doctors & patients can get read access over the internet if they want to.

    It's not "in the cloud" or "let's upload all our patient records to Rapidshare", it's a fucking hosted software solution, running out of a datacentre (in Leeds, in EMIS' case) on some servers, just like any other.

  11. When it comes to the NHS by Anonymous Coward · · Score: 0

    The Telegraph is not a reasonable source of information, commonly known as the Torygraph they hold right wing views and will post scare stories about the NHS, public sector workers and immigrants on a regular basis.

    The NHS has no intention of putting it's patient data in the 'cloud' it is taking every effort to protect and encrypt. it.

  12. Meaning: someone uploaded them on ThePirateBay by Cyberax · · Score: 1

    That's just another way of saying: "Whoops, someone has uploaded this data on ThePirateBay".

  13. Dedicated co-location and private WAN by Anonymous Coward · · Score: 1

    Quite. The article is very misleading. It is not 'the cloud', it is a well defined data centre running the specific app on dedicated machines under the control of a dedicated ASP, with dedicated private WAN connectivity (i.e. most usage is not via internet, but over the private NHS net).

    Of course, there have been a number of problems:
    1. Lack of control - a number of hospitals run highly specialist one-of-a-kind services for rare diseases, or offer highly specialised treatments, which are poorly supported by the off-the-shelf software, and they have been severely hampered by lack of flexibility. Similarly, the service providers may be required to adhere to national policies for user rights - this means hospitals cannot assign security permissions to users as required. E.g. When PACS (digital X-ray storage) was first installed in the UK using hosted servers, the national policy was that doctors should not be able to alter the brightness/contrast/levels of an image while viewing it (if the image was too dark, too bright, etc.). As a result, all doctors (including radiologists who read the X-rays) were unable to perform basic image manipulation because access to the tools was denied by the ASP. The hospitals could not change this, because they couldn't allocate user rights or accounts. The software vendor could not change it; indeed, even their tech support staff could not even get admin or debug access because the national policy denied them access. The ASP could not because they were bound by contract to adhere to the national policy. It took 6 months before the national policy was changed.

    2. Lack of reliability - there have been a number of issues where connectivity has been lost causing serious problems. There were numerous issues with loss of connectivity to the ASP where the 'secure smartcard login' system was hosted. When the link was down, there was no access to PACS, laboratory results, electronic letter and correspondence archives, etc. This was made worse by very poor quality software (which, in my opinion was worse than pre-alpha testing level stability). Technically, there was local caching of user credentials - in practice it was unusable and had to be switched off, for risk of crashing the local auth servers. While this had been fixed in a service release, the service release broke numerous other features, including warnings about expired or expiring passwords/certificates - so users would simply find themselves unable to log in due to an 'unknown error', and of course, the error logging was borked, so there was no indication that tech support could find out what the cause of the failed authentication was. When this happened to me, it took nearly a week to debug the cause as an expired certificate, and required me to visit an office of the ASP in person with my smartcard.
    A more recent example was at a major agglomeration of hospitals in London - they had all their core IT systems at a distant datacenter. One day, they lost connectivity. Almost all IT functions (internal e-mail, shared drives, intranet, PACS, EPR, documents, operating room record software, medical laboratory results, blood transfusion databases, etc.) went down for 24 hours until the link was repaired - the only functions that actually worked were internal only e.g. VOIP phones, and peer-to-peer networking of some medical equipment. The result - all surgery except dire emergencies cancelled, routine admissions cancelled, ER closed and ambulances diverted, routine appointments/clinics cancelled

    3. Speed. Many users of IT systems (especially those which are demanding on IT resources e.g. PACS) noticed major performance problems after the move to hosted solutions. Routine oracle queries taking 30-50 seconds to run; images taking 10-15 seconds to load, or simply timing out. I'd managed to get various excuses from the ASP - however, 'virtualization' was quoted a couple of times - presumably, the ASP had simply loaded a single server to the gills with VMs - when in reality, each app (or even each hospital) would have wa

  14. Imagine the joy of NHS patients by bcf · · Score: 0
    to know that their records are so well managed. As they wait dying in the hospitals. Of thirst. Maybe they will be able to tweet their calls for help.

    Cant' wait till we get it here. I'll be great.

    1. Re:Imagine the joy of NHS patients by dugeen · · Score: 2

      How lucky you are to live in the US where you have the freedom to pay up, or push off and die of untreated disease.

    2. Re:Imagine the joy of NHS patients by Anonymous Coward · · Score: 0

      Meanwhile in France...
      *trollface*

    3. Re:Imagine the joy of NHS patients by bcf · · Score: 0

      Ah, the "dying in the streets" canard. That didn't take long. Yes, we in the US have to step right over the dead bodies. Like this. http://www.dailymail.co.uk/news/article-2000824/NHS-indignity-Peter-Thompsons-body-ignored-hours-corridor-Edale-House-unit.html/. Oh wait. That was a NHS hospital too. Never mind.

  15. Seems appropriate by Anonymous Coward · · Score: 0

    Seems appropriate. NIH patients tend to go to the clouds quickly anyway. Why not their records?

     

  16. Saw this coming by clickclickdrone · · Score: 1

    Got a letter from my GP asking if my records can be computerised and shared around the country. I ticked the 'No' box and everyone thought I was being an idiot. The government has a glorious record of data stupidity and this continues that trend so I'm feeling pretty much vindicated at this point.

    --
    I want a list of atrocities done in your name - Recoil
  17. USA act now,differentiate from China on healthcare by Anonymous Coward · · Score: 0

    Nationalized medical care and pharma are really efficient. Governments strongarm pharmaceuticals to provide pills, drops, gels, etc. at little profit over cost and doctors work for wages, rather than profits of their own enterprise. Some 99%+ of the population gets tread for any health problems that arise, not always convenient in circumstances, but the job is done. Those, who despise the masses can always fund treatment in single bed roomed hospitals with personalized doctor contact, from their own pockets. USA is extremely behind and retrograde in this aspect.

    I think it makes USA vulnerable, because lack of health access for an increasing part of the population may lead to a social explosion. Yet, the USA could different herself from mainland China by introducing a nationalized total healthcare system now. China, while communist governed in name, actually provides zero healthcare to citizens, it's literally pay or die to the extreme. Medical poverty of the masses and the extreme coal gas air pollution kills so many chinese in their early 50s.

  18. Facebook is not a trusted identity provider by Anonymous Coward · · Score: 0

    "This would include mobile phone identity checking, as well checks through Facebook or the Paypal secure online payment system."

    To be honest, Facebook isn't trusted at all.

  19. All your data belong to us by UpnAtom · · Score: 1

    Feel glad that they asked you. Labour were just going to upload it for a million NHS employees, MI5 and hackers to gawk at... no opt-out.

    http://www.thebigoptout.com/