Just another ComMetrics – social media monitoring, best metrics, marketing metrics weblog

CyTRAP Labs checklist – 7 lessons learned from the disastrous UK data loss – electronic patient records

November 28th, 2007 · No Comments ·

The UK data loss disaster has again illustrated that building large systems entails risks including employees not following procedures. However, the larger the system the bigger the repercussions if something goes wrong.

So Brian Randell and Urs E. Gattiker decided to come up with a table outlinining some of the key challenges that must be mastered successfully before one can trust and put confidence in such as a:

a) national database containing each insured person’s electronic patient records and/or

b) national ID-card system that makes registration compulsory (cards being issued to UK residents in 2009)

So read on, our checklist with pros and cons is not to be ignored:

electronic IDs – checklist for minimizing the risk for data security breaches a la UK
more code = more complexity = more vulnerabilities = more risks => more damages => less trust
# argument for large database to manage ID and health cards counterpoint
1 very large sensitive databases, with huge numbers of users (insiders!), will require very sophisticated security models any such large system is likely to suffer more from sociotechnical design problems rather tan technical weaknesses
2 in the case of the National Health System in England, the decision to aggregate administrative and medical data on all 50 million citizens was argued as having clinical benefits (e.g. if someone with a medical condition suffers an accident far from home – info can be retrieved fast wherever the patient and doctor might be located) to make such a complex system less risk prone to data security breaches, an highly complex RBAC (Role-Based Access Control) and “sealed envelopes” scheme must be implemented – the larger the system the more difficult it becomes to address the RBAC issue satisfactorilyMedical experts question if there are any medical benefits
3 giving access to electronic patient records to medical professionals across the country (if not Europe!) will help improve services and reduce administrative costs that all medical staff has access to one’s medical record in the local hospital (not nationwide – forget about Europe) seems less frightening and prone to data security breaches, than a nationwide system that is used by thousands of staff to get access to very private and sensitive information of millions of people.
4 keeping such data in one hospital but separate from those of others makes it unefficient and cumbersome to get access to information
smaller systems require far simpler security models – these are less vulnerable to security and programming bugs that could inadvertently expose confidential information to non-authorized parties
5 inter-hospital or public agency information exchange is easier to manage on one system each hospital first gets and adjusts to an incremental type of bottom-up systemthat suits its needs and priorities (albeit built with standards for future inter-hopsital messaging in mind) — only after this has been achieved is any attempt made to provide secure, constrained inter-hospital information exchange
6 UK government claims national ID system will be self-financing government itself has undermined its case by revising up the cost to £5.4bn – others have put the cost of the ID cards’ introduction at up to £19.2bn (meaning passport combined with ID-card will cost £300).
7 UK government has claimed that ID-cards will help combat ID theft opportunity handed to fraudsters with the loss of the Revenue discs demolishes that argument – citizens should not trust Whitehall to manage such sensitive data again
it is better to prevent problems from arising than to have to solve them

Point 1 in the above table is disputed by accident and emergency specialists including physicians. Moreover, point 2 in the Table may be supported by some stakeholders because it allows the imposing of a national level administrative monitoring and control, as well as top-down imposition of a particular IT centralist – one size fits all – strategy.How realistic a one size fits all strategy is, however, remains to be seen. Gordon Brown has told the UK voters that the national identity card scheme would make people feel safer.Unfortunately, the catastrophic loss of the 25 mio child benefit records has made people uneasy about handing yet more data to the government. As the table above illustrates, there are grave problems with introducing even a well-managed ID card system. Moreover, the complexity will make it vulnerable to various risks we have little if any experience in handling properly. HM Revenue and customs did not have a proper critical incident response procedure in place for the discs that got lost. In fact it took more than 30 days until the public was finally reported.
Moreover, as the skyrocketing cost estimates suggest that issueing ID cards will also drain taxpayers’ money and yet leave no-one sleeping better at night.

From the continent one might comment that since Mr Brown has displayed relish in tearing up some of Tony Blair’s pet schemes, he should add ID cards to the scrapheap – the sooner the better.


The above problem is not limited to the UK but have to be addressed by all EU Member States. We will tell you why soon ….

For better risk management, compliance and protection – become a member of the 60% of our READERS THAT HAVE MADE SURE THEY GET A SUBSCRIPTION

GET MORE REASONS for why we should neither use electronic ID cards nor biometric passports – using the NHS Connecting for Health’s National Programme for IT (NPfIT), and in particular its Care Records Service as point of departure

biometric passports and ID cards problems all over Europe
CyTRAP Labs forecast about malware – acquired cyber immunodeficiency syndrome – ACIDS the digital version of AIDS?
CyTRAP Labs disaster monitor – 25m child benefit records are lost – 7 questions that must be answered to learn from this disaster
UK data disaster – a case for why critical incident response procedures do make a difference
CyTRAP Labs disaster monitor – 25m child benefit records are lost – a case against large scale ID card systems
CyTRAP Labs checklist – 7 lessons learned from the disastrous UK data loss – electronic patient records
CyTRAP Labs legislative trend – will a National Identity Register NIR offer new opportunities for crime?
e-passports cracked 1 – safety is non-existent
e-passports cracked 2 – German, Dutch and UK citizens beware and take care
e-passports cracked 3 – Budapest Declaration raises concerns about e-passports, privacy and citizens’ rights
e-passports cracked 4 – will more biometrics make a difference?
Belgium – RFID technology fails to protect data stored in e-passports
past performance does not suggest that we can trust this technology



→ No CommentsTags: Uncategorized