Tuesday, 20 November 2007

How to set up encrypted Vision 3 on a USB Drive

It is possible to setup a copy of your current V3 data onto a USB portable storage, typically a USB hard drive but if your V3 data + program is small enough, you may be able to squeeze it onto one of the larger capacity solid state drives or storage cards i.e. a 'USB Key' or 'dongle' or even onto a Flash or SD card.

If you do this then you MUST encrypt the data files (at least) as, although they are hard to assemble without access to the Vision program itself, it is far from being an impossible task for anyone with some database knowledge. If you lose unencrypted patient data - the USB drive is stolen or left on the train - then you may find yourself in some medicolegal difficulty. A recent directive suggested that, at the very least, if you lose such data you will be required to write to every patient involved and advise them of this. And then deal with the complaints. And then deal with the fallout if any actual harm occurs..

Thankfully, we have an excellent open source encryption program called Truecrypt which not only will encrypt your files for you, but will also run from the USB drive and automount (with a password) when you plug the drive into any Windows PC. So, how do we do this?

Choosing a USB Drive

I would recommend you select a drive whihc does not normally require external power - i.e. one which gets all its power from the USB socket itself. By default, Flash memory card like SD, MicroSD etc do this, but some USB Hard Drives do require an external power supply so you need to be selective in your choice.

Capacity wise it is unlikely that your V3 data is going to be more than 20 to 30 GB, and typically all portable HDs are at least 40GB, more often 80GB or more nowadays so this is not an issue. Our O:/ drive is 3.53 GB so a 4GB USB stick could take the whole lot, but then we are a conversion from GPASS practice and have yet to acquire the years of Vision data that others have accrued.

You can, of course, not take over the data/attach and data/wordproc folders which are often pretty large, and this can cut down the total volume of data which may let iq queeze onto a smaller drive.

  1. Get a USB drive with enough capacity for your O:/ folder
  2. Make sure the USB drive can run using only the power from the USB port
Install True Crypt
Next you need to get Truecrypt from:


This is an Open Source (though not quite GPL) encryption program which does two important things:
  • Creates a virtual encrypted disk within a file and mounts it as a real disk.

  • Encrypts an entire hard disk partition or a storage device such as USB flash drive.
Open Source part of it means, effectively, you can use it at no financial cost. So that is good!

So, install it. Run it and you get this:

Try not to panic!

You need to create a text file on your USB drive that will hold all the V3 encrypted files. So, use Explorer to create a text file on the USB drive - call it something like 'visionsafe.txt' or similar.

Now we need to get TrueCrypt to turn this into an encrypted file of the appropriate size. So:

Click 'Create Volume' and in the next form take the default setting of 'Create a standard TrueCrypt volume'. Click 'Next' and then navigate to the file 'safestuff.txt' or whatever you have called it.

Click 'Next' again for encryption options. Just accept the defaults, unless you have a Scooby about what you are doing! Then you select the size of the volume. This should be at least as large as your current V3 O:\ drive.

I am just using a 2GB USB stick to demo this, so I have selected 512MB. Clearly this is not enough - you will have to use between 5000 and 12000 MB depending on your V3 install.

Click next and type a password, and then confirm. Use numb3r5 4nd l3tt3r5 for this.

Click next, and then Format. It will take a few minutes:

and then finish, and that is the volume created. Click cancel to finish.

So that is it created. Now we need to setup a 'Traveller disk'. This is in Tools -> Traveller disk setup on TrueCrypt. Here is what I did:

So you point it at the root of the drive you are using. and select 'Auto-mount' This adds 'Mount TrueCrypt Volume' to the autorun options when you insert the drive. Point the Mount settings at the file you want to mount, and give it a drive letter - here I am using 'E:'.

Click 'Create'.

So now when I insert this USB drive I see:

and Double Cliking on Mount TrueCrypt volume opens the password window. Type this in and OK it and the encrypted file will mount as a virtual drive mapped to E:/

Then you your a batch file to map O and P. This is sitting on my laptop, so I will need to update this for you later in the week!


Monday, 19 November 2007

Vision 4 is hosted

Yes, yes. It is. But it is hosted in the same way that this web page is hosted, or accessing your webmail is hosted. In other words, the data and the program is effectively held on remotely hosted servers and you access that with your web browser. So, you log into Vision 4 and the web browser grabs the code it needs to access the data off of the Vision 4 servers. It runs with Oracle 10G at the data centre, then employs Java and Flex at the client to deliver the user functionality.

So, what this means is that you do not *need* to have a remotely delivered desktop as per current VES and other terminal service / Citrix etc style solutions. You can have a very fat client in your practice (i.e. your own personal computer) and even your very own Local Area Network and locally based server for all your practice stuff. Or, you could have a very simple web terminal that only ever accesses your Vision 4 data and nothing much else. Or you could have a Citrix style remotely delivered desktop from which you then run Internet Explorer and get into Vision 4 that way.

It depends on what you want, what you are capable of and perhaps willing to support and what your PCO allows you to do.

This is very Web 2.0. No, really. It is about a web service delivered program, in the same was as e.g. Google Docs or Zoho or any of these web based software applications function. This is why Microsoft were so worried by the rise of the internet and the web, because their futurologists could see that it threatened both their operating system market (the OS is irrelevant when all you need is a web browser) and their monolithic Office system (when web services let you choose which features of a word processor you want and when).

So, "Panic not!" colleagues who may have felt panicked by being 'forced onto a hosted system'. The model is superb from a GP business POV and from a PCO POV. We can have LANS and local desktops to run our non NHS stuff, the PCO can pay INPS to supply us with Vision 4 services.

We don't have to worry about backing up or repairing our Vision 4 data, because it is all held on the data centre.


Thursday, 15 November 2007

Notes on Max Brighton

(These are my notes of MB's presentation to NVUG - not verbatim!)

  • 'Mood change at CfH'

News and Marketing

The News....:
    • 'GPAS gives smokers a hard time' - glitch in GPASS mistakenly made smokers being advised to smoke were Rx Viagra - BBC SCotland
  • EMIS Branch performance struggles
  • CSC computers in data centre failed - compensation paid to NHS
  • System One failure on 18th September 2007
  • GP2GP and INPS
Case Studies
  • Phil Koczan on BT London hosted system
  • Regional News Bulletins on a regular basis
  • Exhibiting in HC 2007 - looks nice!
CfH In the News
    • A lot of work into agreements, close work with CFH team
    • Who Pays What?
    • All annual support costs willbe paid for centrally except for system support charge £650 pa.
    • Hosting
      • GPSOC will pay for all Vision hosting charges
      • An agreed path to hosting to CfH standards
      • GPSoC web site is very good!
      • Slides illustrating costs
    • SCR is proving to be 1st real test of data privacy and consent
    • List of INPS GPSoC product commitments
    • Agreed set of requirements at the outset
  • New assurance process
  • Stricter testing regime
  • All systems re-accreditation within one year
Support Obligations
  • 90% of all calls in 3 mins
  • Incident resolution / bugs / responsiveness 'transaction monitoring'
  • Availability 99.98% hosted to CfH standards
  • Average response time to helpline 170 seconds currently. CfH standard is higher - more folk! Below 140 seconds for last 5 months
  • 60 helpline analysts - training / retention
  • Calls per practice per month <6
  • Split to Country based helpline teams
GPSOC Hosting
  • Resilience of system is the key
  • London Dockland connected two diversley routed to N3
  • 2nd Data Centre at LHR linked to Docklands through fibre optic network
  • 555 Hosted practices, increasing by approx 2 a week
  • Sure some practices will continue to have LAN hosted
GPSOC how does it work?
  • PCT must sign call off agreement with INPS
  • Schedule A to the call off agreement lists the GP practices and what products they take
  • There is an agreement between the PCT and the Practice
CFH News
  • 27/4 NAO review again
  • 30/5 Mike suggested Primary Care complete by 2010
  • 2/5 InformatioN governance take 10 years to complete
  • 29/6 BMA Votes for no co-operation - 'perhaps should gree to co-operate and do it properly' (my comment - yup :-))
  • Vision 4 5.8M quids so far
  • More developers on V3 also
  • 2007 Gains 167, lost 23 including closures and merges.
  • Losses in North and NE
  • 2200 Vision practices (My comment - well done)
  • 104 new ones in Scotland
  • Data Centre opened in Scotland and gone well - thanks to Mark Norman and others
  • Not much movement in England overall
  • 91 conversion from GPASS - others from iSOFT
  • 26% market share in Scotland
  • Based in Paris
  • Parent organisation
  • Acquired US company 'Dendrite'
  • Cegedim is big company!
  • London Vision 3 is contracted interim solution
  • re-contracting underway - takes time
  • Vision 4 added in 2009
  • + one year testing and acceptance timeframe so not till 2010 for V4 live to users?
  • Fujitsu Clear intention to host V4 as core solution
  • Everywhere else in England - GPSOC is king. CSC do System1
  • Original rational for LSPs is changing - ?? Hospital SC etc
  • Progress has been good
  • Tayside - continue to do well
  • They won the EHI award
  • Deputy PM opened the offices in Dundee
  • gained sites fro iSoft

Battery running out
MUst get better laptopl


Notes from NVUG Tom Davies

  • TD commenting that Scotland / England may not do GP2GP the same.
  • EPS / ETP 'slowly being rolled out'.
  • C&B - here today!
  • SCR - spec changed several times, difficult for this to be developed, UG will support company in ensuring large areas of work do not interfere with other development
  • GP at a crossroads, partnerships being threatened, Birmingham putting GP out to tender..
  • Passionate about ownership of data.
  • OOH - single server not the answer
  • NVUG - 'fiercely independent'
  • Web site, engage membership, roadshows well supported
  • Alan Selwyn, David Anderton, Gary Mahn, Brad Cheek new panel members
  • Brad Cheek - Wellclose Square http://www.wellclosesquare.co.uk/
  • INPS - relationships good and honest
  • 27 % of Vision practices on hosted symptoms
  • Produce a buglist for nex year!
  • We want Vision in all 5 regions of England

NVUG Award for INPS Employee of the year

Mark Norman

Congratulations Mark!


Wednesday, 14 November 2007

More Pics


Paper Chains

20 or so delegates today for a beginners and new users theme. Seemed to go well. My presentations now complete, as far as they can be at this stage. Now starts the paper chains of assembling the delegate packs. As I type Richards Neep and White are busy assembling the manuals to support their talks on using Access and Excel with Vision Data.

Sadly internet access is a little unreliable from here currently, so attempts to live blog the conference may be yet scuppered. Fingers crossed.


Reception Desk


NVUG Annual Conference - Day 1

Hi all

quiet for a few days as busy writing presentations, working in Dundee and trying to have some kind of home life also! Anyway, day one of NVUG Conference - this for newbies.

Setting up Reception Desk

Not a busy first day delegate wise. We should have put on abus from Dundee and Aberdeen. Maybe a boat from Orkney...