'Coding' cockup blamed for NHS cough-up of confidential info against patients' wishes Confidential information on 150,000 NHS patients has been distributed against their wishes for years due to a "coding error" by healthcare software supplier TPP. NHS Digital, the body that oversees the healthcare service's use of data, fessed up to the bungle – which saw data on the affected patients used in ways they had …
Weird, it should do.
Users have to use an authentication keycard plugged into a keyboard just to log-on, so the system should know what keycard was used to log-on and when
Users access clinical NHS applications by being authenticated against the national SPINE, using an encrypted key on a Secure ID card plus PIN or password. However, these applications (i.e. medical imaging, electronic patient records) are totally separate systems linked by a common framework, so once granted access to an application and allowed the appropriate permissions, it's up the developers as to what is audit logged.
If they or the application designers decide they can't be arsed to look up your identity for auditing purposes and just log the Trust or organisation you're accessing the application from, then unfortunately that's all that will get logged.
Of course in that situation whoever's assisting would use their login, they're not just shouting out to members of the public passing by, "quick log in and check this man's/woman's/bison's blood group!"
That said, persuading people not to share logins is sometimes difficult, seems to vary by location.
Users access clinical NHS applications by being authenticated against the national SPINE, using an encrypted key on a Secure ID card plus PIN or password.
Sadly not always (maybe not often) in primary care. In primary care there's not much standardisation - there's probably a lot of smaller surgeries and clinics that don't even operate a domain let alone single sign on.
Years ago, that each access to your healthcare record must produce a line in a report to you which is given to you by default would have fixed this.
Who looked, at what, why did the say they did, what is the right they assert to do so.
And optopts were not requests!
They were orders.
No it wouldn't. There would be errors in that too.
Given to you by default? An annual report or after every hospital stay? Who will pay for the report to be generated and sent out? Hardcopy, of course, unless you expect granny to login and view the electronic version.
I'm thinking immediate headshot. My medical information is my medical information. It is *NOT* for monetisation by every pointy haired cretin this side of the Kuiper Belt.
And when you well meaning dribbling idiots and idiotettes at the NHS have finished cleaning up the splatter - how about a list of EVERY SINGLE GPs Surgery affected and a nice even £50k in damages to every patient concerned.
Some of us opted out for very good reasons (not the least of which that it violates legal protections for minority groups) and this should have been respected.
I have precisely zero problem with that. Maybe after the first 15 times of being fined they might employ managers who don't have to change down into mental low-range to achieve words of more than two syllables, or coders who actually know that BNF (Bachus-Naur form) is a process coding and programming tool - not a rare special edition Simca 1108. And who can code in something OTHER than BLOODY VISUAL BLOODY BASIC!!
Or maybe - and I know I'm wishing here - they'll employ consultants who don't hang around drag clubs (supposed to be the titular head of transgender treatment, pun intended) and tell terminally ill teens to effectively FOAD (Fuck off and die). Or they'll even have the lockdown passwords for AN ENTIRE HOSPITAL worth of computers off the support manager before he sods off to Dubai and doesn't leave forwarding details - preferably before they employ people to update/replace the anti-virus.
Or here's a thought - maybe it'd be a good idea not to lose £1m because some manager had a bright transport idea, set everything up without telling a single colleague and then promptly dropped dead.
The NHS has been a joke since it started but it's been getting less and less funny. It's now like a cross between Carry On Up The Pandemic and a documentary about the talents of British Leyland accountants scripted by Love Island rejects and performed entirely in Brythonic (probably in a "pissed out of his mind" drunk Scottish accent or variations thereof).
No one has the faintest clue what's happening and where or why, the accounts probably read like a cross between Lehmans and something the Phoenix Four might cook up (assuming anything before 1983 is actually obtainable). The computer systems would be better placed starring on an episode of Dilbert or possibly Spongebob. The managers at least at my local hospital have all sodded off home by 3pm at the latest and the only reason the nurses and the rest of them aren't on strike 3 days a week is they can't use piecework as an excuse (look up the "two screws" Triumph "Innsbruck" strike as an example), and there aren't any trades unions "organisers" left capable of raising a colestomy bag, let alone a riot.
The NHS is basically a company - a publicly funded one - but a company nonetheless. It's end product is (hopefully) healthier people going out than came in. All it seems to produce is platinum plated fuckwittery of epic proportions, incompetence and mindless cruelty. Why? Because everything other than management salary is on the cheap - hardware - cheapest possible option, software - mentally 13 year old script kiddies who wouldn't know good code if the mainframe running it dropped on their heads.
It's going to get to the point soon where MI5/6 won't be warning about not picking up random thumb drives - they'll be warning about NHS dossiers being picked up on trains - if the hardcopy doesn't give you Haemorrhagic fever, the dvd will be riddled so badly with malware that if you play it backwards it'll beg to be put out of its misery.
Try to understand. The NHS has been underfunded since it was a gleam in Bevins beady little socialist eye - and it wasn't a bad little gleam as gleams go - but it's now little more than a rotting corpse which is only struggling on because no one has noticed it died around the time Dave Mellor was going back to basics (doggy style). It is, in the words of the great John Cleese "A dead parrot, it 'as ceased to exist" and it's not "just sleeping". It's been forced to live with the dregs of everything for so long it's just withered completely. It's only managing to limp along because like my aunts geriatric old Labrador it's just in the habit of breathing, crapping and smacking into things headfirst (usually in this case, data breaches).
The truly scary part is there's nothing to replace it and all that's being done is propaganda, half hearted "cash injections" and gormless platitudes delivered by the Z list cretin du jour. A real current favourite being Stacey "the pedo GPS" Dooley (MBE would you believe?!!) - a woman who really needs to investigate an air embolism, personally. "Hmm, here's a thought, let's do a documentary to tell every. Single. Kiddiefiddler. On. The. Frigging. Planet. Where to go next". Or even better "let's put Kurdish female fighters at risk, looking after some dappy Irish chick, for feminism bro". I'd rather have Drs Crippen & Shipman ably assisted by Allitt & that nice porter called Manson treat me than be within range of that blonde idiot - in a hospital no less.. Unless being "in range" involves a Moisin Nagant and a slipper clip of Tungsten hollow points.. "in like a penny - out like a pizza (TM)".
Firstly the NHS NOT TPP told me I could opt out of this crap. DESPITE the fact they are NOT allowed, by law, to share my data, the Police can't share my data and neither can DWP without voice or text verification from ME.
NHS communicated that information to me and I told the NHS that under no circumstances was my information to be shared with anyone ANYWHERE unless I specifically state otherwise, personally, myself, me.
It now turns out that because the NHS hired their usual bunch of feckless cretins that this information has not been properly conveyed, coded, recorded (whatever) and my information may or may not be out in the public domain which is exactly the OPPOSITE of what I asked the No Hope Service to do via TPP - whom the NHS hired.
Under British law the NHS is supplying a service to me & everyone else (for a given value of service, so far something along the lines of dev_not_quite_null) and TPP are contracted to the NHS. So here's my understanding of how this goes.
I get to rant my fucking head off at the No Hope Service and they get to beg forgiveness on their knees and pay me MAJOR compensation if my details have been, effectively, leaked to every pointy haired marketing gimp this side of the Kuiper Belt.. Not to mention this is, in my case, illegal under UK law.
What happens next is the lawyers get to look at the contract between NHS and TPP - and *hopefully* for the NHS there is a clause somewhere that says - "In the event we screw the pooch worse than the average Trump voter, and the NHS have to pay compensation, we are responsible for the damages (if within the product we supplied) and are liable to pay back the amount of the compensation to the NHS, in full". Note I said "hopefully".
If TPP manage to get out of that clause, or if there never was one, or, more likely, the NHS lawyers are the modern equivalent of the YTS girl off monkey dust - the NHS are liable to me because they are providing *me* with a service and all the bell(end)s and whistles that implies - including respecting my wishes for the disposal/sharing and propagation of my data and details thereof.
I think as I said, the NHS was a great idea, but then so was the Austin landcrab, the Chrysler Airflow and democracy - they all failed to account for the fact humans in general are the stupidest intelligent lifeform known to intelligentkind.
Read again, not in fact in the public domain. Possibly used for purposes you opted out of (and which almost certainly cause no actual harm to you, under other circumstances a clinical audit might even be possible under one of the lawful bases that doesn't allow opt out), but not in the public domain.
Wrong, clinical audit is carried out by CCGs, NICE and the NHS Counter Fraud Authority etc. Do you not want care commissioning bodies to confirm that GPs really are carrying out 200 minor operations per day, or that one of the patients in your area really did receive care in the Outer Hebrides? Shouldn't we check that a particular surgeon has a higher patient mortality rate or that particular treatments\medications actually work when we pay for them?
This post has been deleted by its author
This post has been deleted by its author
"I still do not see how they (UK authorities etc) can keep on failing at this simple stuff."
I don't know about the authorities but in TPP's case I can see quite easily how they do that. A few weeks ago I reported here seeing a recruitment poster "Write code/solve problems/save lives No experience needed". It was recruiting for TPP.
And TPP don't believe in providing first line of support for users; that's delegated to your GP's receptionist who is, of course, fully trained as first line IT support as well as being a receptionist.
I read this report on the Beeb a few hours ago. Unlike el Reg they didn't say who was responsible at the top of the report but I'd guessed who it was before I got that far.
Since I'd opted out a couple of years back I thought I'd give it a try. Worked exactly as expected, retrieved my registered contact details (obfuscated on screen), sent a OTC to verify, then retrieved my current status (opted out) and gave the option to change. The UI itself is a bit weak but functionally it's fine when provided with the correct data that it can query on whatever back-end systems it uses.
The process around it though is poor - there's a request at the top about "This is a new service - your feedback will help this service" but no way of providing feedback is offered. So I'd imagine the complaints process may be similarly broken. And the UI isn't exactly stellar (being able to enter -1 for day, month or year, there is no UI-based anti-scraping/anti-bot protection, for example), which also makes me a bit suspicious about the level of effort that has gone in to securing the back-end access when the front end is so basic.
It is unconstitutional and very possibly unlawful to provide only a single means of opting out, particularly an online means in the light of the govt's arrant incompetence at delivery.
However, you can send the following form letter to your GP and it should prove binding:
-----------------------------------------------------------------------
[to practice administrator]
I absolutely prohibit in perpetuity any sharing of my medical records with any person, legal entity or agency, except in the specific cases of [1] access to my records with my explicit consent or directly in my immediate vital interest if I am on the specific occasion unable to give consent, and exclusively for therapeutic purposes in support of treatment of a medical condition with which I present or [2] where required without the option by statute or order of the Court.
For avoidance of doubt, this prohibition applies to any current or proposed scheme of medical records sharing envisaged or planned at the date of this letter and equally to any plan or scheme of medical records sharing to be conceived, invented or proposed at any time in the future.
I request that your surgery take whatever necessary steps to ensure that this prohibition is properly registered with the relevant parties to ensure it is honoured, and that you inform me of the action you have taken and its result.
-------------------------------------------------------------------------
I still do not see how they (UK authorities etc) can keep on failing at this simple stuff.
Because trite phrases such as "lessons will be learned" or "investing in public services" don't actually mean anything in the real world.
You invest in things that pay you a fiscal return - you spend on things that you want/need that don't. Hence, the correct term was always "spending on public services" - there's no investing in them.
Lessons, as they relate to public life, are only ever learned when heads have rolled, which, of course, they never do. Which is why nothing improves, and state ran/owned/influenced IT continues to be a joke, with a perfect track record of failure.
I use this crap to order repeat prescriptions and it always annoyed me that they couldn't spell it correctly. But I think I worked out why they did it and it turns out to be a monumental lack of imagination.
systemone.com was registered back in 1995. So I assume that some naming council under the guidance of a steering committee at TPP, having spent 3 years on coming up with systemone as the name, then had to throw it back to an emergency focus group who only had six months to find an alternative. Then some genius realised that it kind of sounded the same if you dropped the "e" from system.
It took me nearly an hour to press submit on this as I went over every single spelling dozens of times. There is nothing worse than taking the piss out of spelling mistakes, only to make even more of them yourself. Please go to town on me if you find any as I definitely deserve it.
This post has been deleted by its author
...and it was an *Opt-In*, then this would not have happened. But because someone did a "think of the patients" argument it was an Opt-Out.
If they were a bit more choosy about the Type 2 stuff I would be happy to not-Opt-Out. But since Google appear* to be in that category the NHS Digital can go forth and multiply (which by the Iron Law of Bureaucracy they will do anyway).
*Actually we all know that Google are in a special category all of their own called "Here fill ya boots with all Our Data".
You don't owe the public an apology... you owe the public immediate suspension followed by sacking after an investigation.
Since this has now become a trend (not that it wasn't before), those in leadership, policy writing and technical operations all need to be under fire and out of a job.
What happened to the government? It used to be when you just sneezed out of place you'd get fired. Now you can't event get rid of someone who is outright negligent.
Politicians... this is why you guys are being voted out in favor of someone with little experience (in being bribed, etc.). It doesn't matter which party you belong to, if you're part of the establishment, you probably should enjoy every last second while you can.
In my experience with company ERP systems, the one bit of them (sometimes the only bit) that you can usually guarantee works is the fiscal bit of the finance module. The rest of the ERP - inventory management, order processing, customer/supplier data, CRM, etc. - is usually somewhere on the spectrum of "not used" thru "we manage most of it in Excel" to "sort of working but you need Ellen to tweak it at month end".
The main reason for this is that no one is going to go to jail if Tesco gets 100 pallettes of baked beans instead of 10, but people can go to jail for getting the fiscal bit wrong, so they get it right, they spec it right, they test it right and they hand-crank the first few cycles in parallel, just to make sure, because no one likes using hairy soap.
Maybe if data leaks were treated like H&S, where corporate and individual criminal responsibility is assigned and poor performance can result in losing your house and going to jail, then we'd see companies take it seriously.
The downside might be that it could become expensive to process personal data - but I wouldn't necessarily see that as a problem.
Maybe if data leaks were treated like H&S, where corporate and individual criminal responsibility is assigned and poor performance can result in losing your house and going to jail, then we'd see companies take it seriously.
From the Data Protection Act 2018:
"198
Liability of directors etc
(1) Subsection (2) applies where—
(a) an offence under this Act has been committed by a body corporate, and
(b) it is proved to have been committed with the consent or connivance of
or to be attributable to neglect on the part of—
(i) a director, manager, secretary or similar officer of the body
corporate, or
(ii) a person who was purporting to act in such a capacity.
(2) The director, manager, secretary, officer or person, as well as the body
corporate, is guilty of the offence and liable to be proceeded against and
punished accordingly."
"It added that TPP and NHS Digital would "ensure that testing and assurance of patient data extracts is enhanced" in future to prevent similar errors."
To
"Ensure that we actually test*"
I suspect a new recruit has been hired and spotted it due to fresh eyes with nothing to lose. Others may have reported it before but been ignored by senior management. I've seen that before. Having reported an issue 3 months before at the NHS, then been given a bollocking 3 months later about said issue, until I pointed out the e-mails I sent 3 fucking months earlier at which point they backed down. Really I should of asked for an apology and then walked but I needed the money.
*Obviously just jossing. I don't want to be sued.
You notice the NHS England/NHS IT model of opting out is not the usual one of
"If we don't have permission we won't acquire and hold the data"
it is the model of
"If you've requested we not have your permission, we'll acquire the data, and add a note that we are not allowed to use it".
Then they failed to add the note, and used it.
It is systemic. Or systmic, perhaps.
"If you've requested we not have your permission, we'll acquire the data, and add a note that we are not allowed to use it".
To be fair, it's the data needed for patient care and clinical records. It's required to perform the service. The opt out is to allow them to use it for other things not specifically required to perform the service. Also, IIRC, it took a special exemption in the DPA and GDPR to allow it function as an opt out rather than the more usually required opt in.
This post has been deleted by its author
There's your problem right there.
Medical data must be opt IN. No exceptions. No bleeding heart stories about potential lives saved or medical breakthroughs etc. I bet not a one of you can tell who/what eventually accessed this private medical data and where it went/who else has copies/why. This sort of thing demonstrates exactly why opt OUT should not be permitted.
This post has been deleted by its author
No bleeding heart stories about potential lives saved or medical breakthroughs etc.
Not potential, and not a "bleeding heart story" unfortunately, but stuff like this https://www.bbc.co.uk/news/uk-england-44547788
Or, you know, in general: https://www.bbc.co.uk/news/health-44550913
I'm sure the culprit really wanted to deliver a shody solution, there was no time or financial pressure whatsoever to deal with. I'm sure that the code in question was tested thoroughly by an independent reviewer and they also where under no pressure. I'm sure that when speaking out about the quality of delivery all of their concerns where taken on board and adequate resources where assigned to resolve issues. I am absolutely certain blame cannot be assigned to anyone in a management position..It's as usual all the coders fault.
Yet another cock up prompted me to think about this issue again. As with the previous versions I conclude that I am not able to trust the system to ensure my privacy. I have opted out of the previous versions but of course each new incarnation requires a new opt-out. So I popped to the digital "How to manage your choice online" (https://your-data-matters.service.nhs.uk/landingpage) page and attempted to view my choices but was met with a "verification failed" error.
Has anyone made this work? Is there any intention to allow choice? There is a paper based alternative but it appears to require all sorts of proof of identity information. It is hard not to be cynical!
So who are these research companies and clinical audits providers? I'd like to see a list of companies that TPP have shared the information with. GDPR makes a distinction between the data Controller and Processor in the relationship of data, typically we'd expect the NHS to be the data Controller and TPP as the data Processor... but I bet that TPP has registered as a Controller to decided the means and purpose of the data. Time to get the Subject Access Requests into them to find out who they've shared your data with - probably every insurance and pharmaceutical company out there paying silk road rates for your data!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
