I had the unfortunate experience of checking into a hospital for surgery recently. This is a transcript of a real conversation at the hospital (I have to say here it was NOT an NHS hospital).
Picture this – I am standing at the reception desk completing my paperwork and there are two receptionists – Jane and Jill (names have been changed to protect the guilty) behind the desk. Several other people are seated within earshot of this conversation.
Jane to Jill ‘what is the password for this patient system? I need to change something’
Jill responds ‘its fmsystemsa’.
Jane ‘it doesn’t work, I can’t get in’
Jill ‘try a capital F in fmsystema’
Jane ‘no, still doesn’t work!’
Jill ‘oh hang on I think it’s a different password, I have it written down’
Jill produces a little book from her desk and said ‘try Patient2012 with a capital P’
Jane ‘Thanks, it worked!’
Now, I don’t know about you but it made me feel very uneasy about the way this particular hospital is protecting patient information and that their staff have not been trained in the very basics of data security. I wonder how many of these conversation go on every day in environment that have custodial data which must be protected?