Tim Almond

From The Register, a review of Choose and Book, the NHS internet booking system. Read it and weep…

Here’s a few of my own comments about what they’ve written:-

1. Sending out a password similar to “admin-password” is bad for security, and random passwords are not exactly rocket science or expensive to generate.
2. Giving people an option (like appointments to book) that actually aren’t available is poor design. It’s not hard to build an appointment booking system that filters out those already taken (I’ve got the code for one sat here).
3. Admin users looking after a site shouldn’t need to ask for internet passwords. They should already have rights to check or override details having confirmed a user using ID, name or some piece of information that wasn’t sent to the user. Of course, the people building it could have checked out the cabinet office advice.
4. If there’s an error (like can’t connect), you don’t let people proceed. You take the default position that nothing coming back means that nothing’s available, and get them to use the fallback solution (eg call).
5. 48 hours to get a connection fixed? Well, that’s the NHS for you. Most companies get a system back up within hours. Then again, most companies lose money if they don’t have it fixed.

None of this is new, cutting-edge stuff I’m talking here. It’s all good practise that’s been around for years in systems that have much smaller budgets.

Tags: Politics, Software Development //