The previous UK government's strategy for managing information technology in healthcare caused serious safety and privacy problems, which led to a government review of healthcare computing that advocated some seemingly quite radical changes. Here I offer a personal view of what went wrong, as an engineer with a background in both safety critical systems and computer security, and who has been involved in advising the British Medical Association (BMA) on the safety and privacy of clinical information systems.

It is well known to engineers that one learns more from systems that fail, so let me first give some concrete examples of serious safety and privacy failures.

Ross Anderson