
Hopefully
They will be keeping their beady eye on Care.data
NHS bodies in the UK can now be forced to open themselves up to data protection audits under new powers handed to the Information Commissioner's Office (ICO). The watchdog told Out-Law.com that its audits regime follows a "participative approach" and that therefore it would first ask health bodies if they would voluntarily …
I'm about to expose the ICO as not being fit for purpose. My MP is helping me to get to the bottom of why nearly fourteen of my case reviews - where the ICO found in favour of a company, are likely to be seriously flawed. At the moment we're struggling to find someone within the organisation to take ownership of my complaint.
Many will agree that the precautionary approach recommended here is not just sensible but vital when health data is being collected and used. Given that "practices [must] be improved across [the NHS] long before ... serious incidents occur" the clear course it to scrap care.data before it does any damage; as it surely will if its implementation is allowed to continue.
Very interesting statement that "the NHS is one of the worst performers. This is a major cause for concern."
When only the governament/public bodies are bound to report incidents.
Imagine how the private sector would look if it was compulsory and not voluntary? Would they still state that the NHS are the worst? I doubt it....
It would be good, but unlikely, to see the ICO take a very hard look at NHS websites. Many make use of many of the usual evil data-mining third-parties for web usage statistics, scripts, postcode/address lookup, "social" (yawn) posts/buttons, etc. It is completely unacceptable that these third-parties can find out when you are looking up information about health conditions online, particularly those that may be especially sensitive, eg, mental health, STDs, major conditions, well, anything more serious than a "mild tummy bug" really.. We know that any claims of anonymity are fibs, given that these third-parties do their utmost to cross-reference with any other data that they have acquired about you. This is the sort of data misuse that the Cookie Directive was really intended to have protected against, not pointless warnings followed by "now bend over, anyway".
It's also ridiculous that the NHS doesn't offer a robust and secure common platform for all GP websites to use. GP websites seem to all be individual home-grown efforts, are invariably amateurish, lacking in useful information, don't provide secure/encrypted appointment or prescription booking systems (having to phone a busy receptionist during your lunch hour, how retro), and worst of all, they often encourage patients to send prescription information (highly sensitive) by unencrypted email..
I don't want someone else either passing off a website as my Practices (NHS "Choices" has come rather close to that for many years actually, have you not seen it?) nor do I wish anyone to declare that I have to use a specific platform provided by someone else for my business website.
Back when GPs started adding themselves and their practices to the Web, last century, most of the Web was "amateur". The professional bit tends to be shiny twinkly bits, active code that executes on other people's computers, and links to as many paying services as can be squeezed in, with a dash of bait and switch aka search engine optimisation.
Now if you meant proper metadata, design according to user metrics and usability testing rather than marketing and graphics people, perhaps professionalism would be good.
Prescription requests come through services provided centrally by suppliers of GP software - all clsoed source stuff alas - are not email (although were you to choose to email us and ask, should we refuse on the grounds that you are not applying to yourself the level of security that we would apply to you?) and are available widely. Same for appointments, although most of our patients ring us up or walk round the corner and ask.