FOIA

It seems my Freedom of Information request to NHS Connecting for Health has been passed on to the Department of Health as I received this email today ...

Acknowledgement of case DE00000356344 received by the Department of Health.

Biting the Bullet

Tom Reynold's post on the NHS IT Connecting for Health consultation finally inspired me to sumnon up the courage to make the following Freedom of Information request ... watch this space.


Dear Angus

Thank you for your email.

Your request has been forwarded to Mr Paley and you should receive a
response shortly.

Regards

Peter Cavanagh
Information Officer

Communications and Stakeholder Engagement Directorate
NHS Connecting for Health
www.connectingforhealth.nhs.uk

-----Original Message-----

To: nhscfh.foirequests@nhs.net
Subject: FOIA request

Dear Mr Paley

I wish to obtain the following information about the NHS Connecting for Health programme under the terms of the FOIA.

a) how much the NHS is paying Microsoft for licensing of Microsoft's Operating Systems and any support services directly provided by Microsoft?

b) how many discrete contracts does the NHS have with Microsoft? If more than one, what products/services are provided under each contract and what is the cost of each contract?

c)  if 3rd-part vendors are contracted to provide support services for Microsoft products, how many such contracts exist, how are they administered, and what is their total value?

d) what operating system is planned to be used on fileservers hosting the centralised patient record system, and with which core-database software is it being implemented?

If my request needs to be submitted in a different format, please advise.

Best regards

The Open Rights Group

Instead of repetition I will point you to Tom Reynold's post on the protection of our freedoms in a digital age. And given this is a sometimes medical blog the Open Rights Group's page on the NHS.

David and Goliath

I am pointed by the (primarily US-orientated) Grand Rounds to this post by Dr Wes on the role of electronic health and medical “care” (e-Health) in the United States.

I am horrified and I become more aware of the ethical and confidentialty issues involved in this . The NHS IT Spine project is writ large in my thoughts and has come under constant criticism, the latest of which centres on the curtailment of its major contractor for the south of England, Fujitsu. I am concerned that a major health IT project has been hived off regionally to different companies.

Microsoft is intimately involved in US web-based “Personal Health Records” (as are Google, Walmart etc etc) initiatives. The NHS Connecting for Health “project” wants all our health/medical records online using Microsoft software.

In the US the multinational IT companies (Google, MS etc), retail outlets (Walmart etc) etc etc are allowing you to upload personal medical data to their on-line web services. When you get to the hospital, you will tell the hospital (if you're conscious and have signed up) to download your data from Google, Microsoft, Walmart or whoever.

Is this data accurate?

Polyclinics gone mad, NHS IT Spine gone mad. But I would rather have “my data” controlled by the nationalised and centralised NHS than by Google or Microsoft or Wallmart ...

I can only say that I am grateful we still have a (even if semi-) “socialised” system, that the NHS Spine/Connecting for Health totally fucked-up project is still in the hands of the NHS (or is it?)

Fuck ... with all of them.

P.S. Dr Wes points to the ludicrous system of hospital and physician ratings supported by these Personal Health Record websites. The UK government is now going to rate hospitals on their surgery mortality rates (report here) so you can choose where hip replacement surgery is more sucessful than a heart transplant. Silly – Papworths is not an expert in hip-replacement but is a leading centre for heart replacement. I am far more likely to die from a heart-transplant than hip-replacement. But note they are not going to rate on the type of surgery ...

But given my ignorance as Joe and Jane, I'll choose Papworth's as a centre of excellence for their surgical skills and have my hip replacement in Cambridge when I live in Exeter as they are superb surgeons ... except alot of cardiac patients there died last year.

Microsoft bribes the NHS

Thanks to Dr Penna I learn that every NHS employee can purchase Microsoft Office 2007 for £ 17.00 for use in their own home ...

Dr Penna thinks he is onto a good thing. And Microsoft's NHS website has discounts on other MS products for NHS employees. All you have to have is an NHS email address (oh shurely I can hack that ,,,).

Let us look at this in more detail on the Microsoft-NHS website ...

Microsoft has a Software Licensing Enterprise Agreement with NHS England (with similar but separate agreements with NHS Scotland and NHS Wales). The current agreement runs until 2010 and covers a range of Windows software including the Vista operating system (both Business and Enterprise editions) and a range of Microsoft products including Office. It also includes Client Access Licenses (CAL) to Windows Server and SQL database software but not the server and database software itself.

What does a CAL mean? Well, no desktop workstation will have server or database software installed on it. However, a desktop workstation within the NHS will probably need to access a server for networking and an SQL database server (for Summary Care Records?). To access a server, the desktop workstation needs a CAL. Ok, so Microsoft's licensing model screws you twice ...

But the intimation here is that the NHS is using Windows servers (Microsoft server and database software licenses are sold under a separate agreement entitled the Select Licensing programme - whatever the fuck that is). For the storage of confidential patient data, the Summary Care Record, for NHS Choices “Choose and Book” etc etc.

Why didn't Connecting for Health opt for far more secure Unix servers and Linux desktops? Or even Unix servers with Windows desktops?

Given the government's recent record on the loss of confidential data on Joe and Jane's data, given what I have learned today of Microsoft's involvement, and what I already knew of its appalling security record, my confidence in the development of the NHS Connecting for Health project has lessened x-fold.

Afterwords:

1. FAQ: “What is the NHS paying for this agreement?”

Answer: “The NHS is paying a fixed amount per year. The number of devices each year increases to cover an expected growth in the number of users. Microsoft has provided a substantial discount to the NHS based on the volume of devices covered and length of the agreement.”

Does anyone know? Can anyone tell me how to access government contracts or do I have to write a Freedom of Information Act request?

2. Certain Department of Health, but not part of the NHS, institutions are included in the Enterprise Agreement.

3. fyi Dr Penna the software does not belong to you. At 65 years old you will be without a word-processor and email client. “... so should they leave the NHS then they are required as per the terms and conditions on the web site to uninstall and return it to their Trust.”

The BBC, the NHS and British IT

Tom Reynolds posted on how he is not allowed to use an ¨internationally-recognised¨ credit card to download e-Books for his brand new Sony e-Book Reader and thus has to resort to pirating.

A commentator remarked on the BBC´s iPlayer policy whereby only UK residents are allowed to access over the Internet their programmes for free.

Back in January I posted on how to get around this. Suddenly, my hit-rate went up. In response to Tom´s commentator I commented the link to my post ... and as a result I have seen visits go sky high. (Sorry Tom, I do feel a little guilty riding¨on your own success).

My solution was to use the Tor server network which allows me to hide my IP address and adopt the IP address of a Tor ¨server¨ overseas. It is, in fact, tacitly, encouraged by the likes of the UK and the USA governments for Internet users in countries where web censorship exists.

If it is so easy though to hack the BBC iPlayer using legal means, I begin to wonder ...

a) were the contract IT security specs so vague that the contractor (Kontiki) could get away with ... uh ... nothing?

b) did the contractor (Kontiki) convince the BBC that simple IP address blocking was an adequate security measure?

c) were any BBC IT engineers consulted? Do they exist? Were their opinions taken into account? Are they idiots? Are they in the pay of Kontiki?

d) how much did the BBC pay Kontiki?

The NHS IT Spine ...

NHS Manga

I have toyed with the title of this post ... Manga, Manga Medicine, Medical Manga ... but finally decided on the above.

I am totally ignorant of the Japanese cartoon and comic book art form of Manga (with both adult and children´s sub-cultures) but its influence on the cartoons now shown to UK Children is interesting as the photo of our TV screen by Jaime shows. And I would probably have been into it had I grown up at the right time.

I used to watch Tom and Jerry, Scooby Doo, Tom Cat and various other Hanna & Barbera productions, and when they are repeated on the BBC, Jaime and Kezia are equally enchanted.

However, kids are now into the enormous Manga-influenced cartoon industry and Hanna & Barbera and Disney seem to have gone out of the window.

It is notable that the violence of children´s cartoons has never changed. Tom and Jerry´s and Bugs Bunny´s sticks of dynamite may have changed to laser guns or whatever other fabulous weapons´ technology, but the violence still exists.

I don´t remember the name of the cartoon from which Jaime took his television shot but it was certainly one of his better digital photograpy efforts. He discovered the capabilities and special effects (video, colour negative, sepia, B & W etc) alot sooner than I.

In other IT developments the medical community is slowly becoming aware of the potentials of Web 2.0 - there is a small but growing awareness of how this can potentially help the medical profession.

However, the trialling of Google Health in the States, whereby patient medical records are stored on Google servers, is leading to security and privacy concerns even if one does not doubt the reliability of Google´s IT infrastructure. Certainly, in the UK, we would protest most strongly at the involvement of Google Health in our NHS IT infrastructure ... but ironically, they would probably do a better job at it than our government´s IT spine project.

Ironically, this US poster is impressed by NHS London´s use of the Web 2.0 application Second Life to promote Polyclinics. (What percentage of NHS London patients go to 2nd Life?).

Methinks, however, the BMA should shurely respond with their own 2nd Life versions of a polyclinic and a current GP practice ...

In the meantime ... I think we should use Manga-like 2nd Life avatars to teach our medical students surgery, general practice, oncology etc ... or maybe even train our NHS managers.

The National DNA Database

After last week´s latest government IT data embarrasment in which DNA profiles of dangerous criminals were ignored, questions have been raised with the politicians about the need for a national DNA database which would store the DNA profile of every UK resident, criminal or not.

At the suggestion of leading coppers who argue such a scheme would greatly increase crime detection rates, the government has bowed to popular pressure and will consider initiating such a scheme.

I am somewhat shocked. But who am I to argue?

Of course, this will be an enormous boost to the DNA profiling lab industry, which I assume (a guess, I admit) is awarded government contracts under its Private Finance Initiative. It it will increase the employment of highly-skilled lab technicians, IT technicians and generally benefit the economy as a whole as we become world-leaders in data storage technology and identifying our citizens ... oh, and, of course, I will feel much more secure on the streets

My somewhat delicate constitution had already received a bit of a jolt last week when I learned of the Children´s Information Sharing Index (henceforth IIS).

What a marvellous scheme! I won´t have to worry about Jaime and Kezia´s welfare so much, as I know the government is keeping an eye on them for me!

This database will record Jaime and Kezia´s ...

1. Name, date of birth and address.

2. An ID number.

3. Mum´s and dad´s names.

4. Our GP´s, health visitor´s, midwife´s, school nurseś cocial worker´s etc etc details.

5. School details

... and anything else considered relevant.

Who will supply and have access to this database ? The list is as long as my arm and I am pleased to see it includes everyone concerned with our children´s welfare. I´m very sad I was not picked up at school smoking a spliff and then sent to a Youth Correction Centre for the rest of my education. Now I know that if Jaime is one day picked up for underage drinking he will be classified as at risk and I will be appropriately admonished, classified as an inadequate parent and if I reoffend, the government will find him another parent.

Alan Johnson and Gordon Brown - I am very grateful for the concern you show my children - can´t I make this so much easier and volunteer all the information you require? Give me a long form with tickboxes and ¨Go to Section 6¨ navigation tools, and I´ll willingly fill out the 45 pages.

All this for a price of £224 million to set up and £41 million per year to run - a bargain!

I hear that you want to put our medical records on a central database as this would allow the polyclinic at our local supermarket to look at our medical records when we go shopping on Sunday morning (I admit I was somewhat cynical that the ASDA clinic would have access to my records - but I am reassured).

Now, if Jaime is caught smoking a spliff, the school can record it in the IIS, the police can pick him up and charge him with a drug offence, his DNA can be profiled, the magistrates can put him in a drug rehabilitation programme and a psychiatric problem can be put on his health record ... oh and he can be found a new parents through Social Services foster parents´ networks. I´m grateful.

Now I have a word of admonishment - all these multiple databases ... surely it´s a waste of money?

Can´t you integrate a national DNA database, IIS, the various NHS databases, Electoral Rolls, census data, your idea to issue all of us with ID cards, tax info., criminal records, Immigration and Nationality Directorate records etc etc into one big database? We would all be so much more secure and surely it would achieve vast economies of scale.

_________________________________________________________________________________________________

Note: the UK government has delayed the introduction of legislation for a national ID scheme until, at least, after the next election and yesterday, unsurprisingly, totally balked at the idea of a national DNA database. The government is being taken to the European Court of Human Rights for maintaining DNA profiles of people arrested but never convicted.

I will be questioning our consultant John, and possibly the Patients' Advisory and Liaison Service, as well as our GP, about our records when I next go back in April.

Links:

Dr Rant yesterday.

Ross Anderson, Professor of Security Engineering, Universtity of Cambridge in February's British Journal of General Practice.

The No2Id campaign.

The Big Opt Out campaign - which explains how you can have your confidential medical records maintained by your GP or hospital without them being uploaded to the government´s central database.