Decades ago one of my first jobs was as an IT bod for a regional health service.
One of their facilities was an family psychiatry centre. The staff there refused to let their records be held centrally, and instead had everything on clunky PCs bolted into lockable safes in the corner of each doctor's office. When the safe opened the keyboard slid out.
The doctor in charge had also built their own database that they used. Early adopters, before the rest of the health service was modernizing with newfangled computer thingies. Clever people, those doctors.
IMO this is terrible advice. What happens after a decade when some or all of the desktops are way out of date? Are the doctors diligent about patching them? All of the doctors?
Likely the situation they’ll end up in is a bunch of old computers running outdated software that all ends up being a massive security threat. Let’s say in 2005 one of the doctors wanted to video chat with their kid, and the kid tells them to download teamviewer. Chances are, 15 years later in 2020, that 2005 version of teamviewer is still going to be on that computer. I know this because I work in a psychiatric research institute (though not in IT) and this kind of stuff happens all the time. It’s not everyone, but in this case the weakest link breaks the chain.
I suppose that as long as a computer lacks any network interface card, it's comparatively safe, compared to most organizations today?
@willvarfar,
About the safes — did they expect (or worry about) someone to breaking in, and power on and try to access the computers? Or/and was it to protect against "insiders"? (say, someone in the staff got bribed, or a janitor or some other 3rd party person?)
I wonder how they got data out from those computers? If by connecting to a printer, to print on paper, then, was that via a cable? Was the printer connected to any network? Hmm but you wrote that this was before the Internet, so, then, maybe only an intranet? and no wifi, only cables?
Maybe they copied data in text files on floppy disks?
What do they do instead nowadays, if you happen to know?
> The very real threat were people trying to locate young victims taken into care etc
Who are the people who want to do such things? Was it the same underlying reason as this time — extortion and making money? Or something else? If it's okay to ask / if you happen to know
The 'safes' were really just very sturdy cabinets designed to house a PC and a dot-matrix printer etc. I'm sure they weren't fire-proof but they were really heavily built. They did have power and network cables entering, obviously.
There was a netware server in back of a cupboard. It backed up nightly to DAT tapes. That room was also properly locked.
When children are taken into care, the abusers are strongly motivated to try and contact the child to intimidate them into remaining quiet. Etc. Its uncomfortable to think about that side of things.
Thanks for explaining. That last thing — yes that sounds uncomfortable to think about.
Hmm network cables, decades ago — I suppose that back then, hacking over the Internet wasn't really a thing, (?) so I suppose that wasn't much of an issue. Or maybe it was a local network only (for backup)
And yet a compromisation is still far more unlikely than hosting it on the next shitty cloud application. Any cloud application and a threat analysis on data will reveal exactly that. And it won't even be close.
this sounds about a thousand times more secure than a state of the art cloud solution, because the physical isolation (even with outdated software) is so robust.
I think whether it's a local optimum vs. a global optimum can be debated, but to call it "terrible advice" is way off the mark.
Another option is to go live in a forest and not use any of the digital tech at all. But that isn’t a smart solution if you’re doing all of this only not to get hacked.
PS: let’s say a patient in that clinic wanted to move their history to another clinic. Are they now supposed to pro-rata their surgeon just to get the information from that custom-built database? That is incredibly expensive; and no matter how smart that surgeon is that database is almost certainly not that much more secure than off-the-shelf solution.
As the husband of a Marriage and Family Therapist operating in NYC and upstate, I can tell you that most client notes are still done on paper, and locked away. My wife's notes are either locked in a "safe" at her office (heavy time-locked door to a room, with locking file cabinets) in the city, or in a small locking fire-proof file safe at home.
Really the only things that get computerized are the things required by insurance (diagnosis and treatment plans).
But notes are highly personal to the therapist, and can include any number of on-topic or off-topic , and it is rare even under subpoena to release your personal notes. Her office has a lawyer on retainer who's only job is to quash subpoenas. She's never had one served to her, and I dont know if any of the other clinicians have.
But back on topic - though, I'm 90% sure the clinicians at the psychotherapy clinic in GP's comment probably had the same thing. They would take paper notes, and only digitized what they needed to digitize, and most of those digitized records are non-transferable anyway, because they would be diagnosis and treatments for that patient/client provided by that clinic, and if a clinician left, and was allowed to take clients/patients to their new practice (sometimes allowed, but often times not), the clinician would take their personal notes with them.
In the US, that's actually the way it works. HIPAA laws are very strict.
When I change doctors, I have to go around to all my prior physicians, and get hand-signed releases delivered (if I'm lucky, they will accept a fax). Sometimes, the records are physical papers.
I still have all my old MRI and CAT pics (long story).
Down side is some years ago I got badly injured.
I was unable to get my own records. I was not mentally competent during it, and I could not get assistance. So I failed to get disability, even though I had excellent coverage.
Eventually recovered, have a ton of notes and instructions in place on who to talk to and how to gather all the correct documents in case of a future episode.
With MyChart it's fairly simple to get health care summaries here in Canada (Toronto at least), but I still have to go t through the rigamarole for my images and getting them around to other caretakers. I should have done that last week actually...
One of their facilities was an family psychiatry centre. The staff there refused to let their records be held centrally, and instead had everything on clunky PCs bolted into lockable safes in the corner of each doctor's office. When the safe opened the keyboard slid out.
The doctor in charge had also built their own database that they used. Early adopters, before the rest of the health service was modernizing with newfangled computer thingies. Clever people, those doctors.