But what do you do when the institution does not have paper based back up systems for people who have not been issued with log in details by the IT department yet.
By relying on smart card and pin as identity opens the system up to abuse as any fraudster could hack the system and become whatever he wants.
I never use internet explorer at home, BBC published a story about a security flaw before Christmas, details on the net a week before that.
The trust I work for uses IE on all its computers, the day before Christmas an email came round to say all internet access would be turned off for two weeks while the patch IE on all the computers. They allowed access to some essential websites but as it happened this was just to the loading page and I could not access the data on the sites. Relying on it being illegal to hack or infect computers is no substitute for decent IT support and security.
In some work environments such as A&E there may be, say, sixty patients to see and various individuals may have to log in to a limited number of computers with their smart card. This can take 90s. Sixty times one and a half minutes is an hour and a half.
The trouble is that the people who devise these things do not know how we work.
Only this week one of Dr G's colleagues was sick. A new doctor replaced him in the clinic. Now just what do you do if the stand-in has no password? Of course there is IT support but with dozens of patients queueing you do not have time to be put on hold and queue yourself.
That wasn't the point of the post by the way but this is nevertheless an important issue.
Sometimes you have to read between the lines to understand Dr Grumble. Or read the Jobbing Doctor.
Dr Grumble, I just cannot believe that you would advise people not to share their cards because it would show them what idiots the people are who overlook the system. ie managers all the best John Gibson
Actually, John, I think it is high risk for an individual to share his smart card. These computers keep records of all the logins - though, surprisingly, not always.
There was an incident in Plymouth when a doctor had looked at a CXR and said that an NG tube was in the stomach when it was in a bronchus. The patient died apparently as a result of this mistake. The doctor whose login was used was identified. Fortunately for her she had long left the hospital. The doctor who used her login was never found. If the doctor whose login was used had been on duty that night it would have been very difficult for her to prove that she was not the doctor who had made the fatal error.
There have also been some less serious PACS issues at an anonymous hospital when sharing of logins could have proved awkward.
The hospital or an individual clinic cannot grind to a halt when there are login problems. The only solution is rapid emergency IT support day and night. Until that happens we are, of course, forced to break the rules and perhaps the law however unwise that might be.
Actually I often log on to a clinica database we use and then get up to do something, before I sit down a doctor or nurse will be on that computer using my log in. I understand about the time it would take to change log ins. But I am vaguely worried that some body will do something that they are allowed to do but I am not even though I have access and my boss will find out and I will have nothing to say.
7 comments:
But what do you do when the institution does not have paper based back up systems for people who have not been issued with log in details by the IT department yet.
By relying on smart card and pin as identity opens the system up to abuse as any fraudster could hack the system and become whatever he wants.
I never use internet explorer at home, BBC published a story about a security flaw before Christmas, details on the net a week before that.
The trust I work for uses IE on all its computers, the day before Christmas an email came round to say all internet access would be turned off for two weeks while the patch IE on all the computers. They allowed access to some essential websites but as it happened this was just to the loading page and I could not access the data on the sites. Relying on it being illegal to hack or infect computers is no substitute for decent IT support and security.
In some work environments such as A&E there may be, say, sixty patients to see and various individuals may have to log in to a limited number of computers with their smart card. This can take 90s. Sixty times one and a half minutes is an hour and a half.
The trouble is that the people who devise these things do not know how we work.
Only this week one of Dr G's colleagues was sick. A new doctor replaced him in the clinic. Now just what do you do if the stand-in has no password? Of course there is IT support but with dozens of patients queueing you do not have time to be put on hold and queue yourself.
That wasn't the point of the post by the way but this is nevertheless an important issue.
Sometimes you have to read between the lines to understand Dr Grumble. Or read the Jobbing Doctor.
Dr Grumble, I just cannot believe that you would advise people not to share their cards because it would show them what idiots the people are who overlook the system. ie managers
all the best John Gibson
Actually, John, I think it is high risk for an individual to share his smart card. These computers keep records of all the logins - though, surprisingly, not always.
There was an incident in Plymouth when a doctor had looked at a CXR and said that an NG tube was in the stomach when it was in a bronchus. The patient died apparently as a result of this mistake. The doctor whose login was used was identified. Fortunately for her she had long left the hospital. The doctor who used her login was never found. If the doctor whose login was used had been on duty that night it would have been very difficult for her to prove that she was not the doctor who had made the fatal error.
There have also been some less serious PACS issues at an anonymous hospital when sharing of logins could have proved awkward.
The hospital or an individual clinic cannot grind to a halt when there are login problems. The only solution is rapid emergency IT support day and night. Until that happens we are, of course, forced to break the rules and perhaps the law however unwise that might be.
This post was really nothing to do with Dr Grumble's mild concerns about shared smart cards. It was a cryptic message about hypocrisy.
The "suits"..........acting hypocritically.........again ?
I though the NHS was an open and fair organisation ? Isn't it OK to rub the suits up the wrong way, even if they have a much bigger ego than you ?
Surely, our proud record on the treatment of whistleblowers and idiosyncratic commentators supports a view of the NHS as an ideal employer ?
Actually I often log on to a clinica database we use and then get up to do something, before I sit down a doctor or nurse will be on that computer using my log in. I understand about the time it would take to change log ins. But I am vaguely worried that some body will do something that they are allowed to do but I am not even though I have access and my boss will find out and I will have nothing to say.
Then again, I'm not really bothered.
Post a Comment