Mobile Banking and the lack of online security.

I left Barclays Bank PLC after their appalling “Online security” screwed me over. I got my money back, others have been less lucky. I see Dr Ben Goldacre seems to be thrashing NatWest on Twitter for perhaps similar reasons.   My advice is to stay away from all Online Financial Services, they are just too insecure at present.

If you must could I suggest the following top 10 tips:

1. Have a separate Mobile and Number for all your Online Banking apps.
2. Only communicate with your bank using PGP encryption. (they hate it but will put up with it. (Proton Mail is good). Never send anything personal information in the clear to anyone.
3. Use a Monzo card or like for all debit card transactions. Top it up with your Current Account. It makes fraud easy to spot.
4. Use a credit agency (although mine Experian dumped my Creds into the dark web).
5. Use haveibeenpwnd.com
6. Don’t use your Mother’s maiden name as the answer to that question. Change your date of birth and don’t answer any of those “your first” questions with anything that is true.
7. Use complex passwords, all different and secure with a password manager like Dashlane or LastPass. (Don’t be mean pay for a good one ).
8. Turn off all the Google spyware on your mobile and computer, or better still use FireFox Quantum. And if you use Safari then you’re beyond help (not really but Really).
9. Use Kill Disk to rewrite your hard drives or better still never throw one away and if you must throw them away Kill them, then destroy the disc and then chuck it.
10. Do not rely on “Phone Reset” to remove information from your phone when you get a new one.

If you do most of this, I think you have a good chance of not being hacked, scammed, tricked or worked over. And if you think I’m paranoid you need to stay in more and have a look at what the internet knows about your promiscuous online behaviour.

Social Prescribing – what are the practical issues for NHS England

Social prescribing enables GPs, nurses and other primary care professionals to refer people to a range of local, non-clinical services.  the KingsFund have a helpful article here
I am the Founder and CEO of BriteLives.  BriteLives is about providing activities and connections that help people avoid the NHS and its expensive statutory services. For us, it’s all about staying fit and well.  If someone does become unwell then, of course, they should go and see someone at their primary care practice.  But there are other options that the NHS could offer and signpost.
A comparison between current models of prescribing and treatment in primary care and how social prescribing might work shows some stark practical challenges.
Let’s take the example of someone feeling depressed, it’s common mental health issue that people feel increasingly able to acknowledge.   A doctor could prescribe antidepressants, (64.7 million were prescribed in 2016, 31million in 2006, that’s106% growth)  in fact, the Pharmaceutical companies profits are predicated on this behaviour.
It’s easy for the GP to do so, the workflow is found in the GP System, the Electronic Prescribing System,  the paperwork of the NHS and its Green Prescriptions forms, the Pharmacy systems and NHS payment systems.  All pretty much automatic and easy for the GP and patient to follow.
But, if the Doctor wanted to refer the patient to a BriteLives service; like a wellbeing course such as  http://www.britelives.com/listings/growing-wellbeing-6-week-course/ (this is a practical course that helps people address their depression without the recourse to drugs).   How might the Doctor go about that?
  • There is no listing of local services in the GP system.
  • No method of auto referral, it’s “not at the touch of a button”.
  • No reporting system telling the service provider someone is on the way
  • Not even a referral letter that can be printed or emailed
  • No Payment method for the service provider.
  • No system to make sure the final payment is only taken on the delivery of the service.
  • No Copayment system should the patient want to do more or add services
  • No way of innovating new ideas such as:
    • A reward split, GP pays £20 for service,
      • £1 goes to GP to encourage use of non-pharma
      • £15 goes to the provider for the service
      • £4 goes to the patient for completing the course (it can be seen as covering transport costs or the like if you don’t like the “bribe” aspect of this)
I believe that NHS England needs to become serious about centring social prescribing care around the individual and the local community. Developing an effective social prescribing policy and strategy would be a good start.  At present, there isn’t one and progress will be slow.

Cyber Security in Healthcare – a primer for the Board.

What should  CEOs and boards understand:

  •  Protection of key information assets is critical
  • How confident is the Board that the hospital’s most important information is being properly managed and is safe from cyber threats?
  • Are you clear that the Board members are likely to be key targets?
  • Does the Board have a full and accurate picture of:
    • The impact on the Hospitals reputation, if the existence of sensitive internal or patient information held by the Hospital were to be lost or stolen?
    • The impact on operational services if our online services were disrupted for a short or sustained period?

Exploring who might compromise information and why

  • Does the Board receive regular intelligence from the Chief Information Officer/Head of Security on who may be targeting hospital information and IT, their methods and their motivations?
  • Do the Board encourage the technical staff to enter into information-sharing exchanges with other organisations in the sector and across the economy to benchmark, learn from others and help identify emerging threats?

Pro-active management of the cyber risk at Board level is critical

  • The cyber security risk impacts public confidence, reputation, culture, staff, information, process control, brand, technology, and finance.  Is the Board confident that:
    • They have identified the key information assets and thoroughly assessed their vulnerability to attack?
    • Responsibility for the cyber risk has been allocated appropriately?
    • Is it on the risk register?
    • Does the Board have a written information security policy in place, which is championed by the Board and supported through regular staff training?
    • Is the Board confident the entire workforce understands and follows it?

Buidling the right thing

This week we will be focussing on understanding in more detail what our customers actually want.   Too many startups build stuff that no one wants.  It usually happens for one simple reason – they don’t get out of the office enough and speak to customers.   You can help us by filling out this short questionnaire. And there is a chance of winning an Amazon voucher.

There are two important hypotheses that startups need to test:

  • Their Growth Hypothesis-how are we going to attract customers and partners?
  • Their Value Hypothesis  – does what we build meet the minimum needs of our customer?

Last week we had the opportunity to talk to the CEO of AgeUK Lambeth, as an important partner of BriteLives we felt we needed to understand their challenges.   But we also wanted to discover if they can help us find local services for the BriteLives platform.   In doing so we were able of capture a little more understanding of the data to support our Growth Hypothesis.

 

Search curation delivers better results

Everything is on the Internet, and that’s the problem. Because everything is there, it makes the one thing you’re looking for hard to find.    It’s somewhat easier if you’re looking for a particular item that’s a paid for business service. Flights and hotels bookings are pretty straightforward and we could all find a flight from London to Paris. However, despite the simplicity of this search, there are numerous aggregators of services. Some show all of the flights, others all of the hotels. Some put both together.

But the sites that attract most views are those that curate the search experience. These sites ask for or understand our requirements. They answer questions like Winter Sun or Short City Breaks.

This is not a common approach in local government, perhaps this is the next area where curation might help the someone find the things they need. A citizen might need to view all the local government services for a family living in a house, or services for a single person living on their own in a flat. This curation should aim to make sure that citizens understand what is available to them.

For older people, this is even more important. Services should be simple to find and in one place, curated for need and provide access to health, social care, voluntary and commercial provision.   They need to be appropriately segmented to keep things simple.  There are plenty of designs for that.  “people that booked A also booked B.”

Should local government only choose to provide answers to citizens needs from their own resources they will fail to access the less costly and sometimes more effective voluntary and commercial services. At BriteLives that’s our mission, put all the services in one place and make them easy to find and book.

Just realised you’re a carer? Three things it’s good to know now.

Lesson 1  – Don’t be passive in any situation, I don’t care how senior they are or what specialist knowledge they have.

Right off the bat I realised I needed to be the decision maker; I felt that there were some occasions when I thought someone else was the decision maker?  This was never the case, at the bedside in a hospital ward, during some social care meeting or just choosing a hairdresser to come to the house; I realised I had to make all of the decisions. That does not mean I did not include my Mother in these decisions, but it became pretty clear all decisions would have to be made by me.

This is particularly the case in healthcare situations. During my Mother’s last stay in Hospital, which should have been a short one, I quickly realised that the ward staff were unable to make any decisions about my Mother. She was not well enough to go home without a care package and no one could decide how big that would be or who should provide it.  So we kept going round and round in circles with me asking their advice.  I found I had to guard against being passive and learnt how to challenge decisions that were or were not being taken.

Lesson 2-  When someone tells you something check both you and they understand what they are saying.

People called me out to the blue and started chatting about my Mother and her needs. This initially seemed like good news.  On at least two occasions I realised that they were not talking about my Mother, some transposition of phone numbers on a list perhaps.  So when I  got one of these calls I did the following:

  • Asked them to identify themselves
  • Got their contact details –  I always did this first. Get their general contact details to and their specific job title.
  • I recorded all of these interactions into an Evernote Notebook; you can, of course, use a paper notebook
  • I confirmed who they thought they were talking about –  I did this through active questions like; “ You wish to discuss Mavis Coulthard with me who’s on Ward XX at the Royal Surrey Hospital?  Is that correct?
  • I would then confirm who they thought they are talking to.
  • Then and only then would I have the conversation
  • Finally, I would confirm the agreed actions back to the caller.

Lesson 3 – Write it all down and keep your eyes and ears open

Don’t rely on your memory, write everything down how ever trivial it might be.  A mobile phone camera is really good at capturing complex meds and forms.   I found that I was often the only person that had all of the information.  The last hospital discharge letter, a list of the latest meds, the name of the intravenous antibiotic Mum was on.  I found that no one seemed to have the right information at the right time.  More of this in another Post.

Once my Mother was discharged from the Royal Surrey Hospital without any medication.  At the time, she was on about 13 different pills.  Fortunately, I had a photo of her medications and the schedule associated with them.  I was able to send this to a local pharmacy and they were able to sort out the mess with some help from my Mother’s GP. Without that intervention, I guess Mum would have been back in Hospital that night.  The healthcare ombudsman has recently published a report into the discharge of older people from hospital.  It does not make good reading.

I found I needed to be aware of the conversations around me and my Mother, I read all of her medical notes, I asked open-ended questions and listened hard to the answers.  I found it easier and easier to challenge the jargon. The NHS loves jargon, three and four letter acronyms abound and I just asked what they meant.  Sometimes not even the user knew what they stood for.