Newbie here, usual apologies but more importantly many thanks … I’ve been following the NHSbuntu project since I converted to linux as my daily driver so I was very sad to see the ‘final straw’ message about it. I know one of the characters that got name-checked in that post and I just can’t square up the events with the person, all I can think of is that they must have been stepped on from a very great (m$ sized) height. Anyway, just seeing someone (many ones) working up Linux for NHS use helped me in the early days migrating from M$ to opensource and I’m so glad I did.
=== TLDR ===
(a) So I’m looking for someone with experience in IT security please or at least experience in IT resource management.
(b) I think I’ll need about 3 x half-a-day of your time please. If required I can probably manage to remunerate for that at ‘normal’ (not corporate consultancy) rates.
© DOI = this is towards a book I’m writing and I think this sub-project will be suitable for submission to the BMJ or BJGP.
=== MORE DETAIL - PREAMBLE ===
- I’m a GP, in London, do digital consultation development about 2/3 of my time.
- I’m working out how the GDPR will affect & need to be implemented by GP practices. Because I’ll need to implement it. However the information I can find (with 2m to go) is very scanty, tissue paper thin about GDPR in healthcare. There’s almost nothing for general practice. What there is has come out of NHSD and the IGA and it looks like they’re falling behind their own schedule of publications. So far between them and the ICO all I can find is statutory level or policy level guidance. A few days ago the BMA published a reasonable summary to date, but it’s mostly a reworking of the policy level stuff without translating it to the on-the-ground actions/ steps to take.
- Hence the book I’ve written = basically just applying all that policy miasma in a nuts & bolts manual for GPs. The draft is riddled with placeholders where I’ve speculated/ inferred and written “For version 2 we hope to confirm what ICO/ NHSD/ IGA/ NHSE will recommend and require”
- So far the book proposal has been passed over by all the major medical publishers; but how many times were the beatles rejected. Once I’m closer to the finished project I’ll resubmit it but in any case I don’t suppose it’s ever going to be a bestseller or actually generate an income so I can’t see a great deal of interest from publishers. For me the main point of getting into print with an established name is just to add credibility - I actually hope the book will be helpful to readers in GP surgeries and on wildly enthusiastic days I think it might have a chance of influencing the big players (NHSD/ IGA) as they develop their guidance. However it looks like the thing might be an Amazon vanity publication in the end.
=== SO THE POINT IS ===
- One major requirement of the GPDR is to do an “information audit”. Again I can’t find anything pre-built to help GPs do that - if your Google-fu is strong then PLEASE point me in the right direction.
- I envisage something like “Hey Dr Overworked at Littlebottom-on-Head Surgery, do this then that and the other and once you’ve finished you’ll have completed a lovely shiny Information Audit”
- I’ve pulled together the cross-sector guidance I can find and written up a methodology for doing an InfoAudit in a GP surgery.
- My intention is to grab a passing practice manager and run the method in a handful of surgeries; they’ll get a freebie information audit, I’ll get a bit of field research/ testing ==> refinement & improvement of the methodology :: the final method is something I want to include in the book.
=== AND WHAT I NEED FROM YOU IS ===
(1) to read the methodology and talk it through/ improve it with me before I go to the surgeries. The Johari window (Rumsfeld’s unknown unknowns) always worries me so I want someone with some experience of security/ pentesting/ managing infrastructure to pick holes and say “what about that pink elephant over there that you missed”.
(2) to review the method once I’ve done the site visits and made refinements - in the real world I wouldn’t be surprised if there’s a few phone calls in the interim, but shouldn’t bee too onerous.
If that sounds like you then please get in touch!