[tapland]

Stockholms landsting. The landsting are absolutely disgusting when it comes to handing out important tasks to private companys.

I have _REALLY_ serious info in there, and so do members of my family, that can not get out. But it's effing public, and the CEO of the company responsible is handling it like an asshole and Stockholms Landsting will just add it to the pile of fuckups.

It would literally take less than a minute for a red team with IP adresses to find this out, if they ever so much as cared to consider IT-security. Why doesn't the local government force subject the companies they hand contracts to to that?

[candiodari]

This is a far more general problem of states in general. They always see themselves above the rules they apply to others and this is particularly problematic in the medical realm, but also affects criminal justice for example.

Governments just don't follow their own rules. This means that medical files just aren't trustworthy anymore, in the sense that the patient has no control over who sees these and how far they are sent.

I could say "this is a problem in the Netherlands, Belgium, UK and US" where I know the situation is that essentially any doctor or medical staff anywhere can see everything in your file, related or not (e.g. in Belgium a pharmacist getting a woman's birth control prescription can see if they were ever treated in psychiatric care. Hell, the way the system looks, it'd literally be hard for the pharmacist not to notice). These files can even be used against you in a court of law, for example by child services.

Not that all these countries aren't very busy introducing new ways to have the state do whatever they want to do without judicial intervention (Belgium "GAS boetes" and "snelrecht", Netherlands "ZSM"), and just not care how much damage is caused to save a few bucks.

So what are you to do as a patient ? You cannot have this file destroyed, because these people have exceptions to every known privacy law. You can usually in theory have it corrected, but the system these governments put in place is fragmented into hundreds of pieces and nobody knows how it works, so good luck. Additionally actually getting them to cooperate even using an order from a judge is near impossible, and the systems may literally not support corrections in some cases.

At this point the only advice you can give is to please ask every doctor you ask to not make any notes or files on you at all, and just deal with that. "I travel a lot and this just causes trouble" is a useful phrase in that regard.

[tapland]

> At this point the only advice you can give is to please ask every doctor you ask to not make any notes or files on you at all, and just deal with that.

Not an option if you have an illness. Also, that excuse wouldn't work in Scandinavia. But journals are kept in-house and I trust that way more than the affected service. If the journaling system breaks so does our banking and national ID-services.

Also, this is a phone in service for what you are supposed to do, the step below going to the ER. Not mcuh you can do because you call them because you need their help. It's not an option not to. It unloads some calls and redirects the others to 911/the ER.

[jordanbeiber]

I don’t see this as a problem of ”not following rules” and for “government” as a concept to eat the blame.

This stuff, along with many other things have been outsourced in Sweden to private contractors.

In the end, government is made up of people, and these guys outsourcing and selling off everything are just the ones that would blame the governement.

It’s facinating, and a self fulfilling prophecy!

“Look the government can’t do s*it, they should not be doing things at all. Let’s outsource some more.”

The next contractor hits the wall.

“Look, government can’t handle it. Let’s outsource”.

That is at least how I’ve seen play out here in Stockholm.

I’m hoping we can take the schools back at least... because outsourcing teaching has been a disaster imo.

[candiodari]

Outsourced is another word for "hiring external people to do this stuff in my service"

The government is still the employer, the person doing the changes and responsible.

And yes, the solution is mostly NOT DOING THIS AT ALL. Or at least, doing significantly less.

[TeMPOraL]

> At this point the only advice you can give is to please ask every doctor you ask to not make any notes or files on you at all, and just deal with that. "I travel a lot and this just causes trouble" is a useful phrase in that regard.

Does this work? From what I hear, beyond the obvious benefits of enabling continued care, notes have an extra important purpose: it helps doctors to protect themselves against bullshit lawsuits.

An medical student in my family told me a story once, about a doctor who told a patient to get some tests. The patient ignored the advice, and found themselves dead couple of years later, from illness that would be detected early on those tests. The patient's husband came to doctor's office, seeking to sue her for negligence, and what saved her was that she had notes from those years ago, that clearly stated she did in fact order the patient to get the relevant tests done.

[sz4kerto]

Plug: this is what we're trying to solve (amongst other things) at Patients Know Best. Giving the control back to the patient (you should always have full access to all data about yourself, and be able to control sharing of these records). We're mostly present in the UK at the moment.

[tapland]

The question is who stores the data. If you manage to let the patients keep it locally or in physical media it's insane. If you are keeping it for them it's the same worries as any other service.

This was not journals though, but calls to nurses.

[sz4kerto]

We store data for you in a way that's considerably more secure and paranoid than how other providers work -- quite similarly to CryptDB. We can access your data when serving it to you, but your medical data is never stored on disk with a key that we store (it's derived from your password, and we throw it away after serving you through HTTP).

[candiodari]

More would be solved with simply the ability to, on a simple request and without justification, delete all data associated with yourself. Including all shared copies.

[bobl]

You don't outsource, or 'privatize', because you want responsibility. In the pitch for the company in question they are stating how Stockholm has the lowest cost of all counties for this service [0]. Apparently that means outsourcing to a call center in Thailand [1]. Which in turn use some random provider [2].

It isn't really something hidden. In fact I would say that the whole idea is well supported by a significant part of voters who do not want government to do things, nor have restrictions on companies. If we limit the scope to just politics, Stockholm County had probably the most prominent scandal in the last couple of decades with Nya Karolinska, yet essentially lost no voters in the last election.

It is easy to blame politicians, the government or even companies. But at the end of the day there aren't enough people requesting quality or responsibility.

[0] https://www.medhelp.se/outsourcad-1177-tjänst-är-effektivast [1] http://www.medicall.nu/hem-1.aspx [2] https://www.voiceintegrate.com/se https://www.applion.se/

[ivanhoe]

But blaming politicians, the government and companies is the way to request responsibility, isn't it? Without the political pressure you can request whatever you like, but to a little effect. And as outsourcing work like this is totally illegal under GDPR, it's definitely up to the government to enforce it's laws on it's own contractors, and it's up to companies to suffer the consequences of not treating peoples privacy seriously. The blame here is 100% real.

[bobl]

I touched upon this in my other comment. I don't think it is wrong to criticize, but there can't be meaningful change unless you actually allow yourself to address the problem. It is a bit hard to explain if you haven't experienced Swedish politics lately. I'll just give you some examples:

1. The same county awarded contracts for building a hospital were the cost ended up quadrupling to $6 billion more than initially expected. (They got reelected). https://www.thelocal.se/20180207/finance-minister-calls-for-...

2. There was a well publicized scandal a little more than a year ago were aggressive outsourcing ended up potentially exposing classified data. (Some politicians did have to quit, but only for handling situation poorly after the fact). https://www.thelocal.se/20170721/it-workers-in-other-countri...

3. "Sweden has had a quicker liberalisation than any other advanced economy in the world, in terms of privatisation and deregulation" https://www.thelocal.se/20120324/39864

4. Yet, "They were shocked to find that there is very little evaluation of the effects of the privatisation on Swedish society" https://www.thelocal.se/20110907/36006

5. And maybe the most glaring example of dysfunction, the housing market. https://www.telegraph.co.uk/personal-banking/mortgages/swede... https://www.thelocal.se/20170518/housing-crisis-forces-recor... https://www.thelocal.se/20170828/the-story-of-swedens-housin...

There just isn't much of an expectation of control, or that issues will be dealt with, these days in Sweden. It is unlikely that there would be any meaningful change in this situation either. Any effective change will be off the table and they will continue to outsource without much oversight because that is the agenda. Which is largely what has happened in other areas.

[jordanbeiber]

Hey, don’t forget some goodies:

1.1. The hospital is built and operated according to guidelines and specifications set by a consulting firm that had no previous experience building hospitals.

It’s been a cluster fcuk with things missing or completely out of place.

1.2: Appointed Head of operation was a previous employee of the aforementioned consulting firm. More than 80% of the billing from said firm lacked specification but was of course approved by... drumroll ...head of operation!

There other interesting bits as well, but these stood out to me at the time.

It’s all frankly a brilliant piece of right wing “entrepreneurship”.

[bobl]

I just wanted to add, if I came across as criticizing, that I do agree with you. I do think the county is at fault. I do think people should expect more. I am just not seeing people doing that.

Sweden was never perfect, but some of its reputation as a functional country is not unfounded. Today we have many systems we know aren't working, yet little is being done. I have even heard Swedish political analysts being dumbfounded that some political issues were there are obvious flaws, and should be something that matters to people, don't show in the polls. I guess it might have to do with the political landscape, were there are a large number of people that very likely are dissatisfied. It just doesn't, because of the polarized situation, result in change. Instead it results in whatever is less objectionable, which is mostly whatever made the situation bad in the first place.

Anyway. I hope this incident get some more attention in Swedish media.