Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Databases Privacy United Kingdom

Database For UK Nurse Registration 'Completely Unacceptable' (theregister.com) 42

Lindsay Clark reports via The Register: The UK Information Commissioner's Office has received a complaint detailing the mismanagement of personal data at the Nursing and Midwifery Council (NMC), the regulator that oversees worker registration. Employment as a nurse or midwife depends on enrollment with the NMC in the UK. According to whistleblower evidence seen by The Register, the databases on which the personal information is held lack rudimentary technical standards and practices. The NMC said its data was secure with a high level of quality, allowing it to fulfill its regulatory role, although it was on "a journey of improvement." But without basic documentation, or the primary keys or foreign keys common in database management, the Microsoft SQL Server databases -- holding information about 800,000 registered professionals -- are difficult to query and manage, making assurances on governance nearly impossible, the whistleblower told us.

The databases have no version control systems. Important fields for identifying individuals were used inconsistently -- for example, containing junk data, test data, or null data. Although the tech team used workarounds to compensate for the lack of basic technical standards, they were ad hoc and known by only a handful of individuals, creating business continuity risks should they leave the organization, according to the whistleblower. Despite having been warned of the issues of basic technical practice internally, the NMC failed to acknowledge the problems. Only after exhausting other avenues did the whistleblower raise concern externally with the ICO and The Register. The NMC stores sensitive data on behalf of the professionals that it registers, including gender, sexual orientation, gender identity, ethnicity and nationality, disability details, marital status, as well as other personal information.

The whistleblower's complaint claims the NMC falls well short of [the standards required under current UK law for data protection and the EU's General Data Protection Regulation (GDPR)]. The statement alleges that the NMC's "data management and data retrieval practices were completely unacceptable." "There is not even much by way of internal structure of the databases for self-documentation, such as primary keys, foreign keys (with a few honorable exceptions), check constraints and table constraints. Even fields that should not be null are nullable. This is frankly astonishing and not the practice of a mature, professional organization," the statement says. For example, the databases contain a unique ten-digit number (or PRN) to identify individuals registered to the NMC. However, the fields for PRNs sometimes contain individuals' names, start with a letter or other invalid data, or are simply null. The whistleblower's complaint says that the PRN problem, and other database design deficiencies, meant that it was nearly impossible to produce "accurate, correct, business critical reports ... because frankly no one knows where the correct data is to be found."
A spokesperson for the NMC said the register was "organized and documented" in the SQL Server database. "For clarity, the register of all our nurses, midwives and nursing practitioners is held within Dynamics 365 which is our system of record. This solution and the data held within it, is secure and well documented. It does not rely on any SQL database. The SQL database referenced by the whistleblower relates to our data warehouse which we are in the process of modernizing as previously shared."
This discussion has been archived. No new comments can be posted.

Database For UK Nurse Registration 'Completely Unacceptable'

Comments Filter:
  • by DarkVader ( 121278 ) on Friday March 22, 2024 @08:38PM (#64337891)

    The NHS has its issues, sure. But at least nobody gets a bill, so it's still infinitely better than the US nightmare.

    • by ac22 ( 7754550 )

      UK healthcare spending in 2021 was £4,188/person ($5,277), compared with $12,555/person in the US in 2022. So, reasonably good value for money. Being available to everybody for free (at the point of use) is a big plus. This does contribute to longer waiting times though, unless you pay cash to see a private doctor.

      • by AmiMoJo ( 196126 ) on Saturday March 23, 2024 @04:50AM (#64338379) Homepage Journal

        Wait times used to be very low, but after the 2008 financial crisis we got a government that decided to run the NHS into the ground and give some of its work to private contractors. It was a deliberate choice, not a necessity.

        When properly funded, the NHS works well and offers short wait times. The only real issue is that people keep voting for it to get worse, because they are idiots.

        • by Fudoka ( 1831404 )
          Whilst there is a fair amount of idiocy, the main thrust is a pack of lies (or propaganda to use the correct term) put about by the (rich and powerful) owners of the UK main media - all of whom can easily afford private healthcare by dipping into their offshore and untaxed funds.
    • HMRC sends me a bill every year!

      • And the IRS sends me one - or rather, they make me write up my own bill, US tax returns are notoriously complicated and time consuming, the average American spends 13 hours filing federal tax returns every year.

        And US public healthcare spending is significantly HIGHER than in the UK, but covers far fewer people.

        • The average American must be a total moron.

          It only takes maybe an hour for me to file our taxes, and that includes gathering up all the forms that come in the mail and downloading them from wherever.

          What the hell are people doing for 13+ hours?

          • You're probably not filing a schedule C.

            It's not that complicated if you're just an employee. Of course, the Brits in that situation get a pre-filled form to look over, all they have to do is look over it and make corrections if there are any.

            • Even when I had a business filing as an S-Corp it didn't take me thirteen fucking hours.

              Additionally, more than 50% of Americans pay NO federal income tax. They're sure as fuck not filing a schedule C.

              • Ahh, that Romney bullshit again.

                100% of working Americans pay federal income tax. There's a 15.3% federal income tax that starts at the first earned dollar, they hide half of it from you by taxing it before you ever get the check. Then there's the 10% tax bracket that starts after the $13,850 standard deduction, most Americans make more than that.

                The only people who pay no federal income tax are the wealthy, because they can hide their income, and when they are taxed on it, it's usually capital gains that

    • So, your basic measure of desirability is whether or not something appears to be "free" ?

  • by kalieaire ( 586092 ) on Friday March 22, 2024 @08:44PM (#64337899)

    As with recent articles, they've been working on a federated data platform that would bring in all these disparate data systems under one house. They've attempted several times in the past two decades providing only half measures with many participants reverting to their own existing platforms, or seeking IT systems of their own. I hope this time they can succeed and show the world how healthcare could be managed. The pilots they've been running seem promising.

  • Not properly funding critical services will do that. https://www.independent.co.uk/... [independent.co.uk]

  • Gov't systems are often Fuckvilles. There are usually insufficient checks and balances to prevent short-term thinking and prevent office politics from gumming up decision-making. Fixing leaking systems has less "brag points" than some shiny executive toy, so the money goes to the toy.

    Auditors who understand IT need to inspect stuff, not generic auditors.

  • At least there wasn't a massive irretrievable data loss https://www.youtube.com/watch?... [youtube.com]

  • Relational modelling is a lost artâ¦. Back in the 1990s is was a religion and I still have numerous books on the subject even though I am no longer a developer.
  • The NMC stores sensitive data on behalf of the professionals that it registers, including gender, sexual orientation, gender identity, ethnicity and nationality, disability details, marital status, as well as other personal information.

    I wonder how they explain the need for sexual orientation and gender identity. Ethnicity is also weird from some viewpoints

  • If you are a consultant and see "enterprise" databases made by Fortune 500 companies, you'll see a lot of this "schema rot," due to patching, organizational disfunction, merging of data from old (and incompatible) legacy systems, lack of written documentation and version control, and chaos left behind by past hiring of low-cost contractors who neither understand database design nor the business domain the database should be modeling. You'll also often find that only a few people have been there long enough

Every nonzero finite dimensional inner product space has an orthonormal basis. It makes sense, when you don't think about it.

Working...