Final verdict in the junior doctors case
Updated on 21 December 2007
As the information watchdog backs Channel 4's coverage, the correspondent who broke the story reflects on the case
Since February, Channel 4 News has been covering the row between junior doctors and the Government over the changes to the way they are trained - Modernising Medical Careers - and how they had to apply for the jobs - the Medical Training Application Service.
Throughout the year, we have talked to numerous juniors who have been driven to despair, even the brink of suicide, by what was - it is now agreed - a deeply flawed system that left some of the most talented jobless.
Many have moved abroad, others have left the profession altogether.
Then on April 25, we revealed a massive security breach on the MTAS system. The names, addresses, phone numbers, sexual orientation and even convictions of first year junior doctors revealed for all to see.
The following day, another security breach occured. By changing one number in the URL, doctors could, if they so chose, access their colleague's MTAS in-box, containing applications, references and personal details. The Department of Health finally closed the system down.
This week, the Information Commissioner's Office, in charge of policing the data security act, found the DoH guilty of a catastrophic breach of security.
The ICO has made the department sign an undertaking not to do this again and warned any further breach and they could face conviction.
It was a small vindication for the junior doctors who had warned that MTAS was not fit for purpose, although even they would admit they could not have foreseen quite how defective the system was.
It also, we hope, brings to an end an unpleasant episode in which the DoH, or rather the health ministers, invested a great deal of time blaming the messenger.
For a start, they made much of the fact we here at Channel 4 News took three hours after first hearing about the breach to then report it to the authorities. It was during this time of course that we were taking extreme care to determine precisely what was happening.
As part of our checks, we requested confidential assistance from a junior doctor - we arranged for him to come to our newsroom so that we could manage the checking process properly.
We were also engaged in discussions with lawyers about the issues involved in publication of this matter - whether the seriousness and importance of the breach met the public interest justification for us to access the system in order to prove the breach itself.
And Yesterday, the deputy information commissioner said that Channel 4 News had indeed acted in the public interest (although we have not heard that acknowledged by the Department of Health).
Some time back, however, after we'd reported the breach the then Health Secretary, Patricia Hewitt, along with an apology to the House and a condemnation of the breach also took the opportunity of saying she'd reported Imperial College, London, where the breach was alleged to have occured, and also Channel 4 News, to the police. Ms Hewitt made this announcement in her statement to Parliament.
We waited for contact in any subsequent investigation but nothing happened, and it was only later that we discovered the DoH itself had asked the police not to pursue the investigation. The Department said it would be a waste of taxpayers' money because they now knew, they believed, the source of the leak.
Sadly, this meant Ms Hewitt had sounded off against us in the House but there was then no follow-up whereby we would defend ourselves, even against the charge that we had not responded to a request for information from the DoH. The fact was, we never received a request. We would gladly have helped, indeed were looking forward to it.
Anyway, as for the way the data was unsecure, it turns out that the company contracted to set up MTAS, Methods Consulting, had changed the system at the last minute in a way which left the data neither encrypted nor password secured. The Information Commissioner's Office accepted this but said ultimately the responsibility lay with the DoH.
So that is that. The department has agreed to improve security, encryption and staff training and has said that any future national application systems would only be implemented after careful consultation with doctors, proper piloting and rigorous security checks.
Of course, the story for the junior doctors does not end there. The way Modernising Medical Careers has been designed means those who missed out on posts this year are unlikely to get jobs next time and already the British Medical Association is warning there will be even more applicants for even fewer posts - 8,500 juniors for 24,000 jobs it is estimated.
