Oliver wrote:
From: Tom Bowden [mailto:[EMAIL PROTECTED]
Sent: Wednesday, 1 November 2006 9:02 AM
HealthLink now connects more than 60% of Australian GPs
Let's add some more to flesh out this statement, to try to make the
picture more complete:
"HealthLink now connects more than 60% of Australian GPs", most of whom
are completely unaware that they are using HealthLink. This is mostly
because HealthLink has been installed on GPs' practice computer systems
by somebody else, usually a pathology practice or medical imaging
practice, often without any knowledge or involvement by the GPs. One
could say that this is a good thing, because there is no reason why GPs
should or would want to know about all this techo stuff, or one could
say that it is a bad thing, because GPs have proprietary software
performing unknown and unverifiable functions on their servers. GPs
have not actively chosen to use HealthLink. It was chosen by other
parties in the health system, for reasons which those other parties have
not explained to or discussed with GPs.
Oliver,
That's a correct interpretation of the statement of Tom's. I'd extend it
by saying that Healthlink is one of a range of proprietary software
applications that are installed on GPs' computer systems with very
limited understanding, or informed consent, on the GPs part, of what
these systems do, the inherent security risks and whether or not they
will interfere with other software that the practice uses.
I have seen up to seven such 'diallers' on a single machine, which to my
amazement still seemed to work. I've seen several instances of inflated
phone bills in the days of dial-up resulting from these programs
'phoning home' to check for results an inordinate number of times a day.
Often the diallers were installed by companies the GP used only
infrequently, for some particular test.
Similarly, I have seen technical support staff install insecure
technologies for remote access without the GP's knowledge or consent.
Freeware VNC or PcAnywhere installed 'bare' is not good practice, nor
are a number of other technologies. Practices also don't know whether
these programs have been configured to maximise security. I now of one
PM vendor that routinely installs the freeware version of VNC on servers
their software is installed on. Most of the practices don't know its
there or what it allows the vendor to do, or the risks.
The problem is, how do you protect the majority of GPs/practices who are
essentially naive and passive recipients of this stuff?
Some options: They pay for good, trusted IT support and listen
to/implement the advice they get. They learn about computers and
computer security themselves. They lay down, close their eyes and take it.
Greg
--
Greg Twyford
Information Management & Technology Program Officer
Canterbury Division of General Practice
E-mail: [EMAIL PROTECTED]
Ph.: 02 9787 9033
Fax: 02 9787 9200
PRIVATE & CONFIDENTIAL
***********************************************************************
The information contained in this e-mail and their attached files,
including replies and forwarded copies, are confidential and intended
solely for the addressee(s) and may be legally privileged or prohibited
from disclosure and unauthorised use. If you are not the intended
recipient, any form of reproduction, dissemination, copying, disclosure,
modification, distribution and/or publication or any action taken or
omitted to be taken in reliance upon this message or its attachments is
prohibited.
All liability for viruses is excluded to the fullest extent permitted by
law.
***********************************************************************
_______________________________________________
Gpcg_talk mailing list
[email protected]
http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
