Re: FN-FORUM: Data Protection Question...

date posted 30th June 2003 21:48

I used to run a system that distributed prescription data, and we ended
up doing the PGP key generation for the clients, but that information was
only sent to an e-mail address that had been previously confirmed over
the telephone.

All the decryption was done using a web-based application and was only
really designed for corporate clients who would only connect from a single
PC. (It would also handle multiple PCs for the one client, but that's a
different story altogether.) So, we did not have to address the issue of
people using machines in a Cyber Cafe, or whatever.

Still, the whole issue of distributing security information to not very
computer
literate users if fraught with dangers.

----- Original Message -----
From: "Andy" [EMAIL REMOVED]
To: [EMAIL REMOVED]
Sent: Monday, June 30, 2003 10:35 AM
Subject: Re: FN-FORUM: Data Protection Question...


> Hi,
> Exactly, all of those things. I agree entirely about all your comments -
I
> just need something a bit more "specific" to be able to go back to them to
> persuade them otherwise - the development costs wouldn't be huge - the
> biggest cost (As I see it) is for the secure hosting.
>
> I've have a website on https that the patient logs on to.
> They get a list of their allowed prescriptions
> They choose what they want and click ok
> The server then encrypts the message using PGP (or whatever) and sends the
> email to them (on a registered domain, not a hotmail account!)
> They then pick up the email and decrypt it to view it
> (alternatively they could logon to an "admin" section of the site and see
> what's been requested - but the email route it more pro-active)
>
> Cheers
> Andy
>
> ----- Original Message -----
> From: "Joe Pritchard" [EMAIL REMOVED]
> To: [EMAIL REMOVED]
> Sent: Monday, June 30, 2003 10:29 AM
> Subject: Re: FN-FORUM: Data Protection Question...
>
>
> > I wouldn't even countenance using hotmail for anything I was concerned
> > about.
> >
> > Apart from it being a spam attractor of world class proportions, the
> > security is iffy. The Data Protection legislation states that you must
> take
> > reasonable care of personal data. It might be argued that processing
data
> > such as medical information through a hot mail account is not taking
> > reasonable care. Also, where do the servers live? I believe the
> > legislation also looks at whether data is transferred across boundaries
> to
> > places where the care of data isn't as good(?) as the UK and EU. I
> imagine
> > hotmail servers live either here or in the US, so I doubt there'd be
> issues
> > on those grounds, but to be honest I'd want to check.
> >
> > Also, is someone REALLY going to want to sue Hormail for such a thing?
> >
> > Why not a nice form on a page to update a database and then a message
sent
> > to the Pharmacist to say 'An update has been made' whereupon the
pharmacy
> > could log in to their database and get a print out of the new stuff?
> >
> > Joe
> >
> >
> > ----- Original Message -----
> > From: "Andy" [EMAIL REMOVED]
> > To: [EMAIL REMOVED]
> > Sent: Monday, June 30, 2003 10:15 AM
> > Subject: FN-FORUM: Data Protection Question...
> >
> >
> > > Hi,
> > > Anybody know the data protection implications of somebody (clients
> of
> > a
> > > client) sending email to a hotmail account ?
> > >
> > > Other than the obvious "email isn't secure" situation, nor is it
> > encrypted.
> > >
> > > It's patients re-ordering prescriptions (and specifying what they
> want) -
> > I
> > > for one wouldn't ever use such a system as if you emailed the request
to
> > the
> > > wrong mail address or similar, and it's not encryped then anybody
could
> > read
> > > it. Ok, if you're re-ordering an astham inhlaer - it doesn't matter
too
> > much
> > > (other than for your own benefit) if somebody else accidentally got
the
> > > email or your hotmail account was hacked etc., but if you were
> re-ordering
> > > something of a more "personal" nature, or something with a stigma
> attached
> > > (HIV positive) then that's a different mater.
> > >
> > > Cheers
> > > Andy
> > >
> > >
> > > -----------------------------------------------------------------
> > > Email checked by Norton Antivirus 2002
> > >
> > >
> > > ==========
> > > Graduate & Professional Financial Services - Specialists in MORTGAGES
> for
> > > FREELANCERS. House purchase, re-mortgage (including debt consolidation
> and
> > > capital raising), Buy to Let, flexible offset and current account
> > mortgages.
> > > Visit our website at http://www.gradprof.co.uk?fnet
> > >
> > > To advertise here: http://www.freelancers.net/advertising.html
> > >
> > >
> > ==========
> > Graduate & Professional Financial Services - Specialists in MORTGAGES
for
> > FREELANCERS. House purchase, re-mortgage (including debt consolidation
and
> > capital raising), Buy to Let, flexible offset and current account
> mortgages.
> > Visit our website at http://www.gradprof.co.uk?fnet
> >
> > To advertise here: http://www.freelancers.net/advertising.html
> >
> >
> ==========
> Graduate & Professional Financial Services - Specialists in MORTGAGES for
> FREELANCERS. House purchase, re-mortgage (including debt consolidation and
> capital raising), Buy to Let, flexible offset and current account
mortgages.
> Visit our website at http://www.gradprof.co.uk?fnet
>
> To advertise here: http://www.freelancers.net/advertising.html
>
>