A little research request for UK GPs...
By davew on Dec 31, 2007
Following the recent NHS regional authority data leaks, and taking advantage of the lull in workload associated with the festive season, I've been thinking about whether care record centralisation or decentralisation is the better idea.
Currently, I'm in favour of centralisation; this is mostly down to human factors. If a centralised infrastructure needs fewer but more capable sysadmins than the regional authorities currently have, such sysadmins can be found, and measures can be be put in place (codes of connection, etc) such that any data which is legitimately accessed by a regional authority cannot be cached outside the central infrastructure, then centralisation is pragmatically the best bet.
However, I'm open to other opinions and lines of argument.
I've also had a careful re-read of some standards I tend to refer to, from a healthcare-oriented perspective, and doing so raises a number of questions; I was originally planning to blog about what changes might be needed in an end-to-end, centralised electronic patient and care record system in order to maintain compliance with these standards, until I realised that I don't have current and detailed knowledge of what various health authorities are actually using, today.
So, I have a request. If you are a UK-based GP, or know one who wouldn't mind answering a few questions for a security geek, please let me know (either by email - usual Sun format - or in this posting's comments):
- for a typical PC in a GP's surgery, who owns it?
- for ditto, who maintains it, from the perspective of patching, AV, etc?
- what OS and apps does it run?
- what is the nature of the data connection between the GP's surgery and the local trust - who owns it, and who provides it?
- what authentication does a GP have to provide, to access online records or services?
- does said typical PC have internet connectivity, and if so, is this direct or via some relay / proxy in the local authority?
- what does the computer do, when you put a CD or USB stick in it?
If you would like to email me about this (being my preferred means of communication on the subject), please use your NHSnet or doctors.net.uk email address; I'll drop you a quick line back with my thoughts, and this will also serve to verify that the email comes from a valid address...