Good show
"Trever pleaded guilty to seven counts of breaking the Computer Misuse Act and said he'd acted out of idle curiousity."
Oh look, it turns out curiosity IS a crime after all.
Hull man guilty of snooping on hundreds of medical records
A Hull man has been given a suspended sentence for looking at hundreds of women's medical records. Dale Trever, 22, was working for Hull Primary Care Trust as a "care data quality facilitator" when he accessed medical records of 413 female patients. The court was told he accessed records 597 times. He started his snooping …
-
-
Tuesday 5th October 2010 12:14 GMT Anonymous Coward
No...
I can't speak from the point of view of Police or Online Shopping, but Banks (In the EU, at least) are very sensitive to this sort of thing. It may even now be a regulatory requirement, but there was a wake-up call when someone at Vodafone downloaded all of David Beckham's text messages and sold them to some tabloid.
The bank that I work at has systems that detect if people's accounts are looked at and no work is actually carried out.
-
Tuesday 5th October 2010 13:46 GMT copsewood
who does what with who's medical record has to be logged
He didn't have to look at very many records he had no reason to view before the logs left behind of his illegal access caught up with him. And of course validity of these logs all depends upon cutbacks not cheapening systems to the point where it becomes feasible and routine for NHS person A to authenticate using NHS person B's credentials.
-
Tuesday 5th October 2010 23:47 GMT Anonymous Coward
Re: I bet this isn't rare
When I was doing desktop support at a BT call centre in Dundee, some customer service droid checked out Thomas Hamilton's account after the Dunblane Massacre. Later that day he was marched off the office floor (and then out of the building some time afterwards) by three spooky-looking suits assisted by two of her majesty's finest. Rumour had it that the suits actually flew up from Oswestry.
It was also routine for the droids to receive calls from security goons immediately after having legitimately viewed/amended a high profile person's account. Your average BT account holder scum seemed to be fair game though.
Those and such as those, I suppose.
-
-
Tuesday 5th October 2010 09:39 GMT frank ly
Wasn't this expected, predicted?
"The court was told he accessed records 597 times..........Trever pleaded guilty to seven counts of breaking the Computer Misuse Act"
Why wasn't this 579 counts of breaking the Act? Why did it take an on-the-ball' practice manager to 'suspect' this, instead of in-built warning systems to detect it?
Have the people who medical records have been browsed my this sad idiot been told that their data privacy has been breached and been advised of steps they can take to bring action against the idiot or the NHS? I doubt it. The only thing we can be sure of is that any Government organisation will totally foul-up any data protection obligations they have.
-
Tuesday 5th October 2010 13:46 GMT John G Imrie
Why?
"Why did it take an on-the-ball' practice manager to 'suspect' this, instead of in-built warning systems to detect it?"
Because it was built by the company that tendered the cheapest quote, meaning that to meet the budget and deadlines, as well as to speed up the system so it only took 2 minutes to login to, the security module was reduced to a user name and password stored in plane text in the system database.
The database was of course a MSSQL server with the default admin password open to anyone with a PC on the 'trusted' medical network.
-
-
Tuesday 5th October 2010 10:55 GMT Anonymous Coward
6 months eh?
Same sentence as the policeman got for assaulting a woman in custody.
http://uk.news.yahoo.com/4/20100907/tuk-policeman-sentenced-to-six-months-fo-dba1618.html
It seems we have a sense of proportion failure somewhere, and no, I'm not saying which is right, if any, just that they don't equate in my view.
-
Tuesday 5th October 2010 12:06 GMT Anonymous Coward
At least the Police have a policy in place
They randomly pick PNC's checks and ask you to justify your reasons for requesting it. I gave a fixed penalty to a car on my street (it was blocking the road) and needed a PNC check to see if I could locate the owner first. Within a day I had a letter asking to prove this was legitimate check.
-
-
Tuesday 5th October 2010 14:59 GMT The Other Steve
Not to sane people it doesn't
"The offence should be committed when someone *acts on* information they were not supposed to have known"
No, the offence is clearly defined (why do I have to keep repeating this every time a CMA story comes along) by S1 of the CMA. You don't get to break the law and then say "no harm, no foul", it doesn't - and shouldn't - work like that.
For the hard of thinking, the offence was not "looking at the data", but breaching the CMA in getting access to the data to look at in the first place, m'kay ?
-
Tuesday 5th October 2010 23:46 GMT A J Stiles
I khow what the law says
I know what the law says, I just think it's a bad law.
If someone finds out something that wasn't specifically volunteered to them, but manages to keep quiet about it anyway, then I really don't see the harm in that.
Of course, knowing something that you weren't supposed to know can sometimes create interesting situations (such as knowing that the gas fire in the holiday cottage where you have been sleeping with your mistress has been chuffing out CO, but not being able to warn your wife about it before she takes the kids there for a surprise holiday for fear of your affair being discovered) but they are the exception, and should be dealt with on a case-by-case basis.
It's not so much that other people know things about you that you'd rather they didn't, as that you know they know those things.
-
-
Tuesday 5th October 2010 15:02 GMT JaitcH
Another reason why ...
centralised health records are dangerous. Centralised anything in fact, and amalgamated multiple databases are even worse.
Patients can easily be given a memory fob on which all their medical data is stored and handed over for perusal or updating by a doctor. Prescriptions could also be entered and the chemist/pharmacist would have limited read/write rights so no no duplicate prescriptions can be issued without authority.
It will stop double-doctoring, too, no dongle - no service except in emergency.
I attended a hospital in Toronto for around 7 months and my electronic record, including X-rays was around 5 megabytes - which was copied, at my request, to my dongle.
-
Monday 11th October 2010 08:23 GMT kwah
Wait, WHAT!?
They let you plug your USB dongle into a machine with access to patients'/'s medical data???
Haven't you heard about these new fangled tech things called viruses? You wouldn't want to expose your doctor to those - they don't have a vaccine for that kind yet! Quick! Call the CDC!
Mine's the one with the correctly setup hardware/software policies. Saved to a USB dongle of course.
-
-
-
-
Tuesday 5th October 2010 16:00 GMT Anonymous Coward
not new
I was "let go" from a job for looking up a email-friend-but-also-customer's phone number on the computer, and she complained ..... 22 years ago, and we got married soon after..!
Slightly more recently ... somewhere in a different ex-employers email archives might yet still be several complete copies of GP medical systems that I worked on, doing a data-conversion between systems. Wonder if the DPO should ask them..
-
Tuesday 5th October 2010 23:42 GMT adrianww
Several people...
...mentioning the (bloody awful) summary care records system here. And it does, indeed, have its issues and I must get around to opting out of it, however this doesn't necessarily mean that he used the summary cockup system to get the info. It could have come from whichever local patient management system was being used.
Or did the article mention that he used the SPINE/whatever they're calling it this week to get the info? (Apologies to all if it did, but it's well on the way to beer o' clock here and I'm tired...)
-
Tuesday 5th October 2010 23:48 GMT Anonymous Coward
An ex-employee of ours became "ex "
after it was discovered he was reading world+dog email on the corporate system.
Considering it was a local authority, it was a lot of emails he had access to.
Didn't think it warranted sacking him, im sure any IT techie will admit to having a snoop at some point.
Perk of the job sometimes....
-
Wednesday 6th October 2010 10:15 GMT Geoff Campbell
Sorry, no. Not even in jest.
I am a professional. In 20 years of dealing with email systems, personnel databases, payroll systems, whatever, I have *never* looked at any data without first seeking authorisation and having a damn good reason for doing so.
Anyone who thinks the data is there for their personal amusement should on no account be allowed access to any systems, of any sort.
GJC
-
-
Tuesday 5th October 2010 23:48 GMT miknik
NHS dont care about your data
A hospital near me closed in 1985 and stood derilict until 2006, after exploring it thoroughly (boys will be boys) we found a room filled with filing cabinets containing people's medical records. As far as I know they remained there until the day the building was razed.
It doesn't matter how your data is stored, if the organisation storing it isn't particularly interested in keeping it safe, then it won't be safe.
This topic is closed for new posts.
Biting the hand that feeds IT
