Category Archives: Don’t you just love those guys in Redmond?

Computer system risk to confidential data

The potential problem stems from Windows XP and Internet Explorer 5.5, (and above) containing a means of automatically informing Microsoft when there is a system crash.

A possible risk to confidential data when using Microsoft Software has been identified by the Health Informatics Committee of The British Computer Society (BCS). Facilities in some Microsoft products can pose a serious risk to the confidentiality of patient data held on NHS computer systems. However, the problem could also affect any organisation which handles confidential data such as Government departments, the judiciary, police etc.

The potential problem stems from Windows XP and Internet Explorer 5.5, (and above) containing a means of automatically informing Microsoft when there is a system crash. When this facility is activated various pieces of information, including the computer file being worked on, is sent to Microsoft to enable them to analyse what went wrong. If this file contains confidential data, such as patient data in the case of the system being used by the health service, then that data is sent to Microsoft.

Consequently, BCS HIC is warning all healthcare, and other, users of confidential data, to be aware of this problem. The potential problem in the healthcare system may grow as many NHS computer systems are now using these MS products and the new arrangement between the NHS and Microsoft will expand usage. Such users are often also connected to the Internet via NHS net and this could mean that health service workers who are unaware of the problem could inadvertently send the information.

BCS HIC advises that all heath workers should be aware that if they are presented with a box suggesting they send information to Microsoft they click the “Don’t send”. Whilst those responsible for managing health IT systems should go to http://www.ciac.org/ciac/bulletins/m-005.shtml where there is a downloadable file enabling them to complete a Registry fix.

It is important that the Registry fix is only carried out by experienced IT support staff.

More information on the BCS can be found at www.bcs.org or by calling 01793 417417.

(More information on the data confidentiality problem is available from Dr Glyn Hayes, Chair Health Informatics Committee BCS, and President Primary Health Care Specialist Group, BCS on 01905 454705 or e mail glyn@conline.demon.co.uk.)