Dave's Bit Bucket

A little research request for UK GPs...

Following the recent NHS regional authority data leaks, and taking advantage of the lull in workload associated with the festive season, I've been thinking about whether care record centralisation or decentralisation is the better idea.

Currently, I'm in favour of centralisation; this is mostly down to human factors. If a centralised infrastructure needs fewer but more capable sysadmins than the regional authorities currently have, such sysadmins can be found, and measures can be be put in place (codes of connection, etc) such that any data which is legitimately accessed by a regional authority cannot be cached outside the central infrastructure, then centralisation is pragmatically the best bet.

However, I'm open to other opinions and lines of argument.

I've also had a careful re-read of some standards I tend to refer to, from a healthcare-oriented perspective, and doing so raises a number of questions; I was originally planning to blog about what changes might be needed in an end-to-end, centralised electronic patient and care record system in order to maintain compliance with these standards, until I realised that I don't have current and detailed knowledge of what various health authorities are actually using, today.

So, I have a request. If you are a UK-based GP, or know one who wouldn't mind answering a few questions for a security geek, please let me know (either by email - usual Sun format - or in this posting's comments):

• for a typical PC in a GP's surgery, who owns it?
• for ditto, who maintains it, from the perspective of patching, AV, etc?
• what OS and apps does it run?
• what is the nature of the data connection between the GP's surgery and the local trust - who owns it, and who provides it?
• what authentication does a GP have to provide, to access online records or services?
• does said typical PC have internet connectivity, and if so, is this direct or via some relay / proxy in the local authority?
• what does the computer do, when you put a CD or USB stick in it?

I thought I'd make the request here, since different regional healthcare trusts may have different approaches, and I suspect my own GP might well take a dim view of me trying to make an appointment with him for something not related to my health ;-) .

If you would like to email me about this (being my preferred means of communication on the subject), please use your NHSnet or doctors.net.uk email address; I'll drop you a quick line back with my thoughts, and this will also serve to verify that the email comes from a valid address...

(2007-12-31 09:08:19.0) Permalink Comments [0]

Some silliness with analogies

It's sometimes amusing to see what conversational threads start at the local, especially after a few beers :-).

For instance, the old adage about optimists, pessimists and whether glasses are half-empty or half-full can almost take on a life of its own:

• Optimist: the glass is half full.
• Pessimist: the glass is half empty.
• High-availability engineer: half the liquid is in a redundant glass.
• Performance engineer: the glass is performing at 50 percent capacity.
• Accountant: the glass is twice the size it needs to be; if we don't get more liquid before the end of the quarter, we need to downsize it.
• Auditor: who owns the glass?
• Compliance officer: are the glass and the liquid owned by the same organisation? What do their industry regulators have to say about liquid management?
• Consolidation engineer: you can put the liquid from those other, smaller glasses into this big one.
• Virtualisation engineer: ...and when you do, you don't have to worry about whether the liquids are the same or not, as they won't mix.
• Security engineer: now prove that last statement, and show how multiple people can drink only their liquid from the same glass, hygienically.

:-)

(2007-12-31 08:31:03.0) Permalink Comments [0]