Rapid Responses to:
|
|
Rapid Responses: Rapid Responses published:
-
![[Read Rapid Response]](/icons/misc/sectionDOWN.gif)
Out of date before it was accepted?
- Trefor Roscoe (11 September 2000)
-
Paper dealt with many issues too superficially
- Martin Bartos (28 September 2000)
-
Out of date & incorrect information
- Steve Walker (12 October 2000)
-
Paper highlights key issues: The NHS has patients too
- Barry James (23 October 2000)
-
Facts about Public and Private Keys
- Jim Whitman (15 December 2000)
-
Re: Facts about Public and Private Keys
- Adrian Midgley (16 December 2000)
-
and still waiting!
- Adrian K Midgley (27 February 2002)
|
|
|||
|
Trefor Roscoe, Informatics Tutor - North Trent Institute of General Practice, Sheffeild University Medical School
Send response to journal:
|
As one of the authors sited by this paper I feel I must say that it is a shame that this paper was published. While the delay in publication in a fast moving electronic world is making it increasingly difficult to be accurate at the time of publication of informatics papers, I am afraid I feel that this paper should have been pulled and rewritten at a late stage. It gives the impression that the authors are insular secondary care specialists, who are out of touch from the changes in Primary Care. While what they write about NHS net may have been true at the turn of the year, they have been overtaken by events. NHSnet is now free, and being used more and more by GPs. I must also take up with them the concept that chronic disease management programmes "have typically been developed within secondary care, with limited access available to primary care." Which health care system are they working in? The vast majority of chronic disease management is done in primary care and without the computer programmes used by more than two thirds of GPs the high quality of care provided would not be possible. I will be joining with my colleagues on GP-UK to put together a more detailed and fully referenced reply in the next few days. Anyone who wishes advice about the use of the internet in General Practice in the UK is more than welcome to contact me for details of the latest research. I do applaud the excellent and succesful attempt to use encryption as a way of exchanging electronic patient data across the internet, something I have been an advocate of. (ref Roscoe TJ, Wells M NHSnet – Learning From Academia BMJ 1998 318 7180 377) Trefor Roscoe
|
|||
|
|
|||
|
Martin Bartos
Send response to journal:
|
Sir - As both a computer scientist and a medical practitioner I was pleased to see the recent Information in Practice paper[1] which made reference to the importance of strong cryptography in connection with medical information. I join the authors in their assertion of the importance of NHS-wide standardisation for encryption however, perhaps as a result of length restrictions, I believe the paper dealt with many issues relating to security too superficially. The aim of the paper was to demonstrate the use of strong cryptographic techniques to securely access patient information across an Internet connection and unsurprisingly this aim was readily achieved. A valiant attempt is made to cover the background topics of user authentication and public key cryptography. Beyond this point, even allowing for a paper aimed at a medical audience, the informatics related technical description is sometimes thin for the field and the studied case. Gaps in discussion/description are often more troublesome than factual errors since only those with background knowledge can identify them. In the absence of signposting the general reader risks falling foul of them. No justification is given for the use of a third party (as opposed to Trust operated) certification authority. No discussion addresses the technical/human issues involved with locating the certification authority in a room off the hospital site and in a university. Use is commendably made of physical tokens (pin number secured smartcards) however no reference is made to the logistical and security issues related to this. No mention is made at all of the issues associated with the operating system/platform choice for the hosting of any of the components in their 'secure' network and sadly no use was made of this opportunity to inform the readership of the ready availability of high quality, free, cryptographic software. The references were unlikely to deepen the medical readership's informatics security knowledge and the authors failed to pass on a vital security principle - that security is a chain of elements fundamentally including human issues which are never solved by the application of any particular piece of technology. Papers on informatics should be encouraged however this one was arguably inaccurate[2] (regarding aspects of NHSnet/primary care activities) and in my view a missed opportunity to encourage a medical audience to resist security technology dazzle. Information security is important, is not simple but is also not rocket science. Martin Bartos
[1] D W Chadwick, P J Crook, A J Young, D M McDowell, T L Dornan, J P New. Using the internet to access confidential patient records: a case study. BMJ 2000;321:612-614 [2] T Roscoe "Out of date before it was accepted?"
Competing interests:
The author works at a SHEFC* funded joint University of Strathclyde and
University of Glasgow research centre on medical informatics and has a
particular interest in information security.
(*Scottish Higher Education Funding Council) |
|||
|
|
|||
|
Steve Walker, Programme Director - Project Connect NHS Information Authority
Send response to journal:
|
I am extremely concerned that an article as out of date as this was published by the BMJ and can only re-iterate the views of Dr Trefor Roscoe. Surely the editorial panel of the BMJ is aware of recent information technology developments within the NHS and NHSnet? The information in this article about NHSnet is completely incorrect. GPs do not have to pay to use NHSnet and uptake is increasing rapidly. By September 15 2000 68% of practices had an ISDN line installed connecting them to the network. A further 321 practices had connections ordered. All GPs need to do, prior to connecting to NHSnet, is to agree to comply with a Code of Connection, which is designed to promote secure system management. Users of NHSnet now have guaranteed levels of service that exceed the standards offered by commercial Internet service providers. The network fully supports remote access using strong authentication and gateways between NHSnet and the Internet and it routinely supports inter- working. The issue is not can patient access to information be supported by the network (which it can), but the more complex clinical and ethical concerns about what information should be made available, in what form and to whom? This is nothing to do with NHSnet. NHSnet is more secure and is backed by more service guarantees than the Internet, including message delivery times and message receipt reporting. Layered upon the network is the capability to support strong authentication for remote access and strong encryption. An interim public key infrastructure messaging solution is being implemented as part of the Pathology Test Results Messaging Project. Further information about NHSnet can be found on the NHS Information Authority web site www.nhsia.nhs.uk |
|||
|
|
|||
|
Barry James, Chair, "The New NHS Intranet & Internet Conferece" Sheffield
Send response to journal:
|
I'm afraid that Steve Walker's response to this article is rather more misleading than the, admittedly now outdated, assertions in the original article. While access to NHSnet is now free of charge to GPs - and this is to be welcomed - the figures Steve Walker quotes are probably accurate but chronically misleading. Robert Ward, Infrastructure policy manager at the DoH Information Policy Unit, quoted a similar uptake statistic at the session on NHSnet at the Health Service Computing 2000 conference I chaired on 7th September. However when comments & question from the audience made it clear that this in no way reflects the actual take-up 'on the ground' he was forced to admit that this figure is for deployment of routers only and does not imply that they are connected to anything or in use - much less that the practice or GP are regular users - or NHSnet users at all. One suggestion was that such figures are really for the consumption of ministers - and Mr Ward was unable to deny this or to defend his original, apparent, assertions. Are ministers (and the rest of us) being misled? With (potentially) a million users or more NHSnet cannot be secure. The 'ringfence' model is discredited and no one else attempts to defend it as a viable security model. I understand that the NHSIA themselves recommend that patient data should not be transferred unprotected over NHSnet. They are right. Encryption is an essential technology for the NHS. I will refrain from further comment on Steve's contribution except to point out that his averring "NHSnet is more secure and is backed by more service guarantees than the Internet" is equally misleading. More importantly Chadwick et al put their finger on what really are the key issues. NHSnet has been conceived as an in-house network for NHS professionals. What about patients? The need to use the Internet to communicate with patients, for clinical and other purposes, is clear already - A need that NHSnet cannot address but the Internet can. This is a trickle at the moment, but we are at the very start of the exploration curve. No one in their right mind should consider sending sensitive patient information unprotected over the Internet. As Chadwick et al have pointed out strong encryption does exist and is good enough for this application provided it is applied properly. The fact that they have now demonstrated this has profound implications. If the NHS is going to routinely need to encrypt messages for patients and other extra-NHS purposes why not use the same technology to secure messages within NHSnet? Which leads us to the question which Nicola Carslaw asked me last year in an interview on NHSnet for BBC Newsnight: "Why then would we need an NHSnet as distinct from the Internet?" Vested commercial interests and existing contracts apart, I am still trying to think of an answer. (Originally sent 17th October) |
|||
|
|
|||
|
Jim Whitman, Senior Research Assistant University of Northumbria
Send response to journal:
|
I was a little confused in your section dealing with taking care of public keys. At a very basic level, substitution of a public key would lead to an encrypted message that only the holder of the private key paired with this substituted key would be able to decrypt. If this is right, I'm not sure what this would gain for a hacker - but I don't know the details of the larger information system upon which the example given in the article is based. |
|||
|
|
|||
|
Adrian Midgley, GP; sabbatical, Internet and health
Send response to journal:
|
If you can put your public key in the place where my public key is at present, and interecept my incoming mail, then people who think they are sending me secret messages that only I can read will be sending messages that only you can read. If the message relates to the whereabouts of a large amount of gold bullion, concealed ready for me to dig up, then what you gain as the cracker involved is fairly obvious. In the medical field, there is a reasonable assumption that since we go to so much trouble, in theory, to keep patients medical matters confidential, there may be some which you could run a useful blackmail with. If you re-encrypted the message using my real public key, and sent it on to me, forging the headers of the email to make it appear that your message was from the original sender, then you could continue this "man in the middle" attack on secrecy for an arbitrarily long time, thus maximising your chance of receiving some secret that really mattered. One of my public keys is at www.swis.net/midgley/akmpubid.asc Others may be found on the MIT PGP keyserver. The contention of the authors, and of supporters of Public key Infrastructure (PKI) as opposed to the W3C favoured approach of a Web of Trust - where I sign the public keys of people who I have positively identified, and they sign other people's keys and so on, thus allowing you to trust me although we have never met, if there is a chain between us - is that their Third Party is less easy to subborn or infiltrate than a randomly chosen ISP. I have my doubts, and a general preference for the decentralised solution. If my key is used for letting me in, being the public key that matches my secret key, then various attacks on the system are possible if you can manage to change the key to your own, but I think the buried gold is a better illustration. The authors of the original paper are correct to think that their system is more secure than a system relying on us all connecting via NHS Net, but perhaps wrong on the relationship between IT in secondary care and primary care - locally we have Diabetic information systems in the General practices, but it has taken the Audit Commission to convince our hospital administration that the Diabetic Clinic should hold its patients notes on a database. |
|||
|
|
|||
|
Adrian K Midgley, GP on sabbatical Exeter EX1 2QS
Send response to journal:
|
Despite the Audit Commission clearly impressing any of our local clinicians who had not already decided for themselves that printed notes would be better than handwritten, and that some features of a simple database would help improve care, we are still waiting now. Alarming. Given the claims from the NW of the US that simply holding a minimum dataset in a form which one can manipulate can save $1000 per year for the rest of the Diabetics life, in healthcare costs, and the availability of software at no cost, which runs on hardware whose cost is small, it is still claimed to be expensive to implement. |
|||