4 January 2019 — True Publica
By TruePublica: Here is another public disaster in the making. A disaster because a new NHS patient record system won’t work after billions of desperately needed taxpayer cash is poured down the drain again. A disaster because patient records will be stolen in the same quantities as they are in the USA even if it does work. A disaster because cyber-criminals will blackmail individuals with stolen health data. A disaster because the expected rise of private healthcare insurance will determine who gets cover and at what price. A disaster because the government will add patient data to its new centralised biometric database without anyone’s consent.
The system will be sold as an all-encompassing super-duper hi-tech system where all NHS patients in England will be able to book GP appointments online, order repeat prescriptions and access their full medical history on a new cloud system as part of a shake-up of IT systems. Sounds great doesn’t it.
The Guardian reports that – “The changes, which aim to replace outdated IT technology and improve digital coordination between parts of the healthcare system, should allow GPs, ambulance services and other primary care providers to access patient records digitally in real time.”
There’s an interesting word – ‘should.’
The announcement is the first major alteration to the NHS patient record system since a failed £12.7bn digitalisation project to link up the healthcare system, which was scrapped by the Conservative-Liberal Democrat coalition government in 2011.
That doomed project was launched under Labour in 2002 but was beset by changing specifications, technical challenges and disputes with suppliers, leaving it years behind schedule, massively over budget and then canned.
The Guardian optimistically states that – “Under the latest plans announced on Friday by the health secretary, Matt Hancock, technology companies will be encouraged to bid for contracts to deliver the changes, which will be regulated by new standards and minimum requirements developed by NHS Digital.”
This is the most disorganised government in Britain for the last 100 years or so. It has many Tory MP’s and Lords on the Boards of health tech and health care companies and at the very least, they should have no say in such large-scale infrastructure projects. And because the government is utterly paralysed by Brexit, launching and managing national projects of such importance is totally irresponsible.
We should not forget that NHS Digital was feeding the Home Office sensitive data involved in the Windrush scandal. It is thought to have handed over the details of 3,000 patients to the Home Office last year (illegally) after patients gave their personal details during GP and hospital appointments.
In another tech-driven disaster, The Telegraph reported just last August patients may not have been invited to include child immunisation, newborns’ hearing screening, safeguarding, bowel cancer screening, breast screening, and abdominal aortic aneurysm screening. A document by officials from NHS England and NHS Improvement showed concerns about potential “risk of harm” to patients associated with 120,000 discrepancies between two national IT NHS systems.
“NHS Digital, Public Health England and NHS England are working with GP practices to analyse and reconcile the discrepancies between these two systems,” they said.
It only goes to show that legacy systems still do not work. When adding faulty or inaccurate data to a new system – all you get is a faulty system.
Patient data theft inevitable
In America, a new study in the Journal of the American Medical Association published just last September the number of annual health data breaches, which had reached an eye-watering 132 million individual records being breached by a hacking or IT incident involving theft of private data.
Healthcare records contain multiple types of sensitive information, including a patient’s name, address, date of birth, national insurance number and medical history. For those committing fraud and identity theft, this wealth of information is invaluable.
In Britain, the NHS was one of the key casualties of the WannaCry ransomware cyber-attack that struck organizations worldwide on 12 May 2017. The spread of the malicious software, which blocked access to data and demanded money in return for restored access, was described by Europol as unprecedented in its scale.
The attack led to chaos and disruption across many NHS trusts, with staff unable to access patients’ medical records and appointments and operations being cancelled. This was an incident primarily about security and blackmail.
It was only last February that government departments were feeling the effects of modern-day hacking. The Information Commissioner’s Office, the Student Loans Company, as well as the council websites for Manchester City, Camden, and Croydon to name a few, had their computers’ processing power hijacked by hackers.
The government are now constantly warning of state-sponsored hackers such as the Chinese and Russians – how do they propose to defend a national health system from such sophisticated cybercriminals that they admit they are unable to properly defend against.
The government has recently announced its intention to create a centralised biometric database. Amongst all the other breaches of privacy laws the government continues with, this latest announcement should be of great concern to everyone. Having your health records or bank details stolen is one thing, having your fingerprints or DNA data stolen is something quite different. Given the disdain this government has for the law when it comes to privacy and surveillance, is it any wonder that biometric announcement comes at the same time as the health records announcement.
The British government has, in recent years, lost vital British Army operational information, sensitive data on CIA involvement in secret rendition operations, secret files on weapons systems and their manufacturers and even lists of innocent witnesses involved in serious crimes and the safety details of a nuclear power-plant. How is it possible that the general public will not be exposed to cybercrime when the government have refused to guarantee that their own biometric database is going to be secure.