Operational security failure

Tue, 17 Jun 2008 07:29:01 +0000

A shocking article appeared yesterday on the BMJ website. It recounts how auditors called 45 GP surgeries asking for personal information about 51 patients. In only one case were they asked to verify their identity; the attack succeeded against the other 50 patients.

This is an old problem. In 1996, when I was advising the BMA on clinical system safety and privacy, we trained the staff at one health authority to detect false-pretext phone calls, and they found 30 a week. We reported this to the Department of Health, hoping they’d introduce some operational security measures nationwide; instead the Department got furious at us for treading on their turf and ordered the HA to stop cooperating (the story’s told in my book). More recently I confronted the NHS chief executive, David Nicholson, and patient tsar Harry Cayton, with the issue at a conference early last year; they claimed there wasn’t a problem nowadays now that people have all these computers.

What will it take to get the Department of Health to care about patient privacy? Lack of confidentiality already costs lives, albeit indirectly. Will it require a really high-profile fatality?

Hero is not a good enough word to describe this man.

Mon, 26 May 2008 13:04:11 +0000

My hopes and prayers to him and his family.

clipped from www.chron.com

After defying odds, Marine loses final battle

He endured 100 surgeries after a 2005 roadside bomb in Iraq, stunning doctors with progress

[SecurityRatty] tag: surgeries

Operational security failure

Hero is not a good enough word to describe this man.