« Comments are now allowed
Public sector contracting - Does it depend on who you know? »

Insecure by design

Underlining what I have been saying about the lack of joined up thinking in the development of healthcare IT solutions & its implications for security, the Scottish Cervical Call-Recall System (SCCRS) has had to delay the roll-out of its new patient records system being developed by Atos Origin.

“In an exclusive story this week, BMA News reveals that anyone with a password, including admin staff, would be able to access smear results under the Scottish Cervical Call-Recall System that is currently being piloted in a handful of GP practices.

Forth Valley GP Brian Keighley said: ‘This is unacceptable and quite possibly illegal and I don’t think GPs should cooperate with this.’

The new system, which was due to be launched in May, has how been postponed. NHS National Services Scotland’s medical director for e-health Brian Robson told BMA News the roll-out would be delayed until all problems were solved. He said: ‘ This is not an acceptable situation. I can give an assurance on behalf of National Services Scotland that [the system] will not be launched until this is sorted out.’

IT hitches such as whether GP computer systems would be ready for the system and whether GP online training for using the system was suitable have also contributed to the delay.”

As I have pointed out before, security starts at the design stage. Talk to your users before, during & after any changes. Review the entire project regularly, including even the most basic assumptions. Which is one of the reasons why I favour “Iterative” development over the “Waterfall” methodology.

Also, CfH had another of their roadshows yesterday in Birmingham, another top down lecture on how their solution is the greatest advance since sliced bread & how everything is just great. What is & has long been missing is the willingness to listen, to take on board the criticism of the programme & change course where needed.

Share This

This entry was posted on Friday, February 2nd, 2007 at 10:06 am and is filed under EPR, Medical Informatics, NHS, NPfIT, CFH. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Insecure by design”

  1. FrontPoint Systems Ltd » Blog Archive » International healthcare empire? Says:
    April 22nd, 2007 at 9:54 pm

    [...] of cancer, the Scottish Cervical Call-Recall System (SCCRS) is back in trouble. The earlier concerns were to do with security but it appears that the IT teams north of the border have not learnt from the difficulties CfH has [...]

Leave a Reply

Close
E-mail It