Skip to content

Management

Technology

Toolbox

Training

Books

White Papers

Webcast

Resource Centre


ComputerworldUK CommunIT

Want to join the UK’s fastest growing dedicated IT community? Enter here to browse the UK’s top usergroups, societies and associations.

Data control & Intellectual Property management > security > news

October 20, 2009

Medical records sale scandal is 'data, not outsourcing issue'

National Outsourcing Association defends industry record after TV revelations

By ComputerworldUK.com reporter

The National Outsourcing Association has defended the industry following revelations on ITV’s Tonight programme about the sale of UK medical records in India.

Advert

The programme showed how easy it was to buy private medical data from criminals in India.

Reporter Chris Rogers was shown getting a sample of 100 medical records was offered a further 10,000 if he went to India. The programme found data could be bought for £4 per individual record. All the data identified in the programme was from private medical organisations, not the NHS.

Responding to the revelations, Mark Kobayashi Hillary, NOA Offshoring Director said, “It is useful for programmes like Tonight to be exposing these crimes, but not to disparage a largely trusted and successful outsourcing and offshoring industry.

“It’s important that this is understood to be a data crime, not an offshoring crime.”

Kobayashi Hillary said data security was not dependent on location. “Such data theft could occur just as easily in Aberdeen as in Mumbai. The expose shows there are still some contact/processing centres behind the times which are letting the industry down and fuelling bad perceptions.”

The NAO said the expose highlights the importance of the users of outsourcing employing “credible, reputable and mature suppliers”.

Good suppliers now have very strict policies to avoid any data theft, said Kobayashi Hillary. “These include no USB or external email access, no paper and pens allowed; basically all avenues for data removal are taken away.”

The NAO also called for more transparency about where data is processed. “Information theft is a fact of life in this modern age, but if we demand transparency from our suppliers it can at least be reduced,” said Kobayashi Hillary.

Follow highlights from ComputerworldUK on Twitter
Sign up for our Daily Newsletter
The UK IT News widget Get it for your site!

« prev article | more security news | next article »

Advert

close

Email this article to a friend or colleague:




PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

close
  • This article is now being printed.
close

What are your views on this subject? Use the form below to post a comment on this article up to 1000 characters.


Characters remaining:

close

Click below to add 'Medical records sale scandal is 'data, not outsourcing issue' - Data control & Intellectual Property - ComputerworldUK' to your blog.



If you do not have a ComputerworldUK Account and would like to use this feature, please Register.

If you are a registered, logged-in user, this will post the title and first paragraph of this story to your blog to share with your readers.

What is this?

Comments received

Stuart Hodkinson, UK general manager, Courion said on Tuesday, 20 October 2009

The Tonight team should be commended for exposing a shocking abuse of NHS confidential patient data, but we must not fall into the trap of labelling this as just an NHS problem, as we have seen how lax controls and monitoring of both workers and their access to key systems can put data security at risk.

Organisations that lack the controls to manage user access often run into problems with staff acquiring access rights to data and software that may exceed their role, or gaining access to systems without detection. As well as the potential for malicious damage or data theft, the risk of accidental damage and deletion of data is raised considerably.

It is essential that clear processes and policies are in place not only for monitoring the physical activities at the offshore location, but also to ensure that access to key information systems by those offshore workers is appropriately managed, provisioned and monitored by IT.

Stuart Hodkinson, UK General Manager, Courion

Mark Miller, MD of Dictate.it said on Tuesday, 20 October 2009

Outsourcing business processes to India is a perfectly acceptable and highly cost effective way in which to manage patient records. This is particularly relevant for outsourced transcription of medical notes in the context of a growing shortage of medical secretaries in Britain. However, organisations that offer these service should be following best practice guidelines, in which the data is completely anonymous, identified only by patient numbers. If the system is managed in this way it is watertight as patients' names, demographics and contact information remain at the hospital and never leave the UK. This is how Dictate.it's outsourced transcription service works, enabling us to transcribe millions of lines of patient data for five years without a single leak."




Andy Jones, European director and GM of Xerox GS said on Friday, 23 October 2009

At Xerox we've been managing document outsourcing for 20 years, spanning a range of company sizes and sectors across the globe. We've worked hard to get where we are today - and it means that when a company approaches us to discuss their document management needs, they are talking with a company they know they can trust.

However, the people who create data breeches, like the one exposed by the ITV Tonight programme, tend to do so for their own personal gain - but there are some basic principles that, if followed, can help minimise risk.

If you are entering into a document management outsourcing contract, cover yourself and make sure you enter into a robust agreement that has a stringent SLA underwritten by financial guarantees. This should also include robust data security standards and procedures. But don't hide behind the contract. Go and find out for yourself, first hand, your role and the role of the outsourcer in ensuring the maintenance of a secure environment.

Outsourcing data processing doesn't absolve your responsibility to your customer's data, so get involved and find out what's really happening rather than just trusting the salesman's words.

Advert

WHITE PAPERS

  • Legal risks: Employee use of the internet and email
    Exploring the challenges facing IT Mangers today and vital steps to ensure safe internet an email use by employees.
  • Phishing for victims
    This White Paper examines the phenomenon of phishing. It explains the potentially catastrophic threat it presents to all kinds of organisation. Exploding some widespread myths, it lights up the murky waters where phishing first emerged and where it continues to evolve. But it also highlights what your business can do to blunt the threat.
  • Challenges and opportunities of PCI
    The control framework implicit in the Payment Card Industry Data Security Standard (PCI DSS) provides an enterprise structure for improving operational, security, and audit performance.
  • Social CRM comes of age
    Who is this “social customer”? What strategies and tools does the new breed of CRM provide to do something about this?
  • Risk Management: Protect and Maximize Stakeholder Value
    What has held organisations back from a broader adoption of risk management programs?
*