Dave's Bit Bucket

A little research request for UK GPs...

Following the recent NHS regional authority data leaks, and taking advantage of the lull in workload associated with the festive season, I've been thinking about whether care record centralisation or decentralisation is the better idea.

Currently, I'm in favour of centralisation; this is mostly down to human factors. If a centralised infrastructure needs fewer but more capable sysadmins than the regional authorities currently have, such sysadmins can be found, and measures can be be put in place (codes of connection, etc) such that any data which is legitimately accessed by a regional authority cannot be cached outside the central infrastructure, then centralisation is pragmatically the best bet.

However, I'm open to other opinions and lines of argument.

I've also had a careful re-read of some standards I tend to refer to, from a healthcare-oriented perspective, and doing so raises a number of questions; I was originally planning to blog about what changes might be needed in an end-to-end, centralised electronic patient and care record system in order to maintain compliance with these standards, until I realised that I don't have current and detailed knowledge of what various health authorities are actually using, today.

So, I have a request. If you are a UK-based GP, or know one who wouldn't mind answering a few questions for a security geek, please let me know (either by email - usual Sun format - or in this posting's comments):

• for a typical PC in a GP's surgery, who owns it?
• for ditto, who maintains it, from the perspective of patching, AV, etc?
• what OS and apps does it run?
• what is the nature of the data connection between the GP's surgery and the local trust - who owns it, and who provides it?
• what authentication does a GP have to provide, to access online records or services?
• does said typical PC have internet connectivity, and if so, is this direct or via some relay / proxy in the local authority?
• what does the computer do, when you put a CD or USB stick in it?

I thought I'd make the request here, since different regional healthcare trusts may have different approaches, and I suspect my own GP might well take a dim view of me trying to make an appointment with him for something not related to my health ;-) .

If you would like to email me about this (being my preferred means of communication on the subject), please use your NHSnet or doctors.net.uk email address; I'll drop you a quick line back with my thoughts, and this will also serve to verify that the email comes from a valid address...

(2007-12-31 09:08:19.0) Permalink Comments [0]

Some silliness with analogies

It's sometimes amusing to see what conversational threads start at the local, especially after a few beers :-).

For instance, the old adage about optimists, pessimists and whether glasses are half-empty or half-full can almost take on a life of its own:

• Optimist: the glass is half full.
• Pessimist: the glass is half empty.
• High-availability engineer: half the liquid is in a redundant glass.
• Performance engineer: the glass is performing at 50 percent capacity.
• Accountant: the glass is twice the size it needs to be; if we don't get more liquid before the end of the quarter, we need to downsize it.
• Auditor: who owns the glass?
• Compliance officer: are the glass and the liquid owned by the same organisation? What do their industry regulators have to say about liquid management?
• Consolidation engineer: you can put the liquid from those other, smaller glasses into this big one.
• Virtualisation engineer: ...and when you do, you don't have to worry about whether the liquids are the same or not, as they won't mix.
• Security engineer: now prove that last statement, and show how multiple people can drink only their liquid from the same glass, hygienically.

:-)

(2007-12-31 08:31:03.0) Permalink Comments [0]

"PII as a Controlled Substance"

As he frequently does, Robin set me thinking with a couple of items in one of his recent posts.

Robin reckons that PII should be "treated as a controlled substance", and makes a convincing argument to this effect. However, there's an even deeper truth in his statement that PII should be considered to be like "fissile material, or the kinds of materiel covered by arms limitation agreements during the Cold War".

Just like fissile material, PII has a half-life.

If the infamous HMRC CDs have fallen into the hands of a ne'er-do-well, said ne'er-do-well would be wise to sit on them until the media brouhaha has died down, but not so long that much of the data is no longer accurate.

People die, move house, change their names on getting married and divorced - in short, PII changes. For the amount of PII disclosed by HMRC, the analogy can just about be drawn between loss of accuracy over time, and radioactive decay.

In a hundred years' time, the misplaced HMRC data will be entirely useless to someone who wants to try faking identity. In fact, if you look at it from the perspective of the disclosure state machine I put together, if someone was to try to fake an identity based on a piece of "naturally expired" PII in a few years' time, the "expired" PII could serve as a strong indicator of suspicion that they were in possession of the misplaced HMRC data. I sincerely hope that HMRC has realised this, and has made a reference copy of the as-misplaced database such that a "watch-for" list will come into being inside HMRC and slowly grow, based on updates to the live database resulting in increasing discrepancies with the misplaced records.

Potentially, HMRC could even offer a service to other UK Government departments, to check offered identity information against this watch-for list...

Oh, and a happy Newtonmas to all my readers :-)

(2007-12-24 04:51:49.0) Permalink Comments [1]

Reward for missing HMRC disks - why?

I'm scratching my head over the news that HMRC is offering a substantial reward for the return of their missing child benefit data CDs.

As has been said elsewhere (see posting dated November 24th, 2007), the data hasn't been so much "lost" as "published". If the CDs genuinely have fallen into the hands of a ne'er-do-well, they would certainly have the sense to take a copy of the contents, before attempting to claim the reward - in fact, I idly wonder if the reward is a hook such that, if return is attempted, the returnee will immediately be arrested, have their home thoroughly searched for backup media, and have their computer equipment seized for forensic examination to determine whether such a backup exists on hard disk.

I also idly wonder what HMRC's response would be, if they were to receive multiple, identical copies of the discs, from multiple sources? After all, this is quite possibly the distribution status of the data, by now...

(2007-12-19 09:07:42.0) Permalink Comments [1]

"Password-protected, but not encrypted": a follow-up

While further examples of questionable media handling security within Government are now starting to come out of the woodwork (DWP, DVLA Northern Ireland), I'm also seeing some interesting comments on my previous posting about the HMRC data leak.

While I don't believe everything I read in my blog comments, the enigmatic "wigwam" has kindly pointed me at this - the minutes of evidence presented to the Treasury sub-committee on the breach.

Take a look at Q389 - Q393.

(2007-12-12 11:42:44.0) Permalink Comments [0]