NHS ePortfolio source code and software licence

The request was refused by NHS Education for Scotland.

Dear NHS Education for Scotland,

Please could you provide me with the following:

1. A copy of the NHS ePortfolio (www.nhseportfolios.org) source code.

2. A copy of the software licence that applies to the NHS ePortfolio source code.

To help you to find the information "source code" is anything written by computer programmers in languages such as PHP, C++, Java, ASP, ASP.NET, Visual Basic, PL/SQL, Ruby or any other computer programming language. A software license is a legal instrument (usually by way of contract law) governing the usage or redistribution of software.

Yours faithfully,

Carl Reynolds

Frank Rankin, NHS Education for Scotland

Dear Mr Reynolds

I acknowledge receipt of your request for information under the Freedom
of Information (Scotland) Act 2002.

Yours sincerely


Frank Rankin
Information Governance Manager
NHS Education for Scotland
1st Floor
Clifton House
One Clifton Place
Glasgow G3 7LD

Telephone 0141 352 2923
VC: [email address]>>> Carl Reynolds
<[FOI #127637 email]> 31/08/2012 08:45 >>>
Dear NHS Education for Scotland,

Please could you provide me with the following:

1. A copy of the NHS ePortfolio (www.nhseportfolios.org) source
code.

2. A copy of the software licence that applies to the NHS
ePortfolio source code.

To help you to find the information "source code" is anything
written by computer programmers in languages such as PHP, C++,
Java, ASP, ASP.NET, Visual Basic, PL/SQL, Ruby or any other
computer programming language. A software license is a legal
instrument (usually by way of contract law) governing the usage
or
redistribution of software.

Yours faithfully,

Carl Reynolds


-------------------------------------------------------------------

Please use this email address for all replies to this request:
[FOI #127637 email]

Is [NHS Education for Scotland request email] the wrong address for Freedom of
Information requests to NHS Education for Scotland? If so, please
contact us using this form:
http://www.whatdotheyknow.com/help/contact

Disclaimer: This message and any reply that you make will be
published on the internet. Our privacy and copyright policies:
http://www.whatdotheyknow.com/help/offic...

If you find this service useful as an FOI officer, please ask
your
web manager to link to us from your organisation's FOI page.

show quoted sections

Frank Rankin, NHS Education for Scotland

2 Attachments

Dear Mr Reynolds

Please see the attached response.

Yours sincerely

Frank Rankin
Corporate Records Manager
NHS Education for Scotland
1st Floor
Clifton House
Clifton Place
Glasgow G3 7LD

Telephone 0141 352 2923

show quoted sections

8/31/2012 8:45 am >>>
Dear NHS Education for Scotland,

Please could you provide me with the following:

1. A copy of the NHS ePortfolio (www.nhseportfolios.org) source
code.

2. A copy of the software licence that applies to the NHS
ePortfolio source code.

To help you to find the information "source code" is anything
written by computer programmers in languages such as PHP, C++,
Java, ASP, ASP.NET, Visual Basic, PL/SQL, Ruby or any other
computer programming language. A software license is a legal
instrument (usually by way of contract law) governing the usage
or
redistribution of software.

Yours faithfully,

Carl Reynolds


-------------------------------------------------------------------

Please use this email address for all replies to this request:
[FOI #127637 email]

Is [NHS Education for Scotland request email] the wrong address for Freedom of
Information requests to NHS Education for Scotland? If so, please
contact us using this form:
http://www.whatdotheyknow.com/help/contact

Disclaimer: This message and any reply that you make will be
published on the internet. Our privacy and copyright policies:
http://www.whatdotheyknow.com/help/offic...

If you find this service useful as an FOI officer, please ask
your
web manager to link to us from your organisation's FOI page.

show quoted sections

Dear Frank Rankin,

Please pass this on to the person who conducts Freedom of Information reviews.

I am writing to request an internal review of NHS Education for Scotland's handling of my FOI request ''NHS ePortfolio source code and software licence' for two reasons:

1. I disagree with interpretation of the balance of public interest arrived at.

You state:
"We have considered the balance of the public interest, noting the general public interest
in disclosure, and also the public interest in protecting the integrity of data systems
(particularly those holding personal data) and the public interest in protecting income
streams for publicly funded programmes. We conclude that the public interest favours
withholding the requested information in this instance."

It is my view that the public interest is best served by a system (the NHS ePortfolio) that plays a central role in supporting the professional development of medical doctors being as good as possible.

Shortcomings of the NHS ePortfolio system may indirectly harm patients by taking away time to care for patients and through missed professional development opportunities for doctors.

In general, subjecting ones working (or source code) to critical peer review (by publishing it), is a better means of quality assurance than keeping it secret.

Protecting income streams for publicly funded programmes is only in the public interest to the extent that these programmes best serve the public good.

2. You state "Disclosure of the source code would also provide information useful to hackers or developers of malware, introducing additional risks to the integrity of the ePortfolio and the personal data it contains. This would potentially undermine the maintenance of system security in line with Principle 7 of the Data Protection Act 1998 and would be in breach of our contractual commitment to customers to take all reasonable technical and organisational measures to maintain the security of the system. "

This a highly controversial claim. Cabinet Office ICT procurement guidance states that "Open source, as a category, is no more or less secure than closed proprietary software." https://update.cabinetoffice.gov.uk/site...

It could well be that by not publishing your code you prevent hidden failure modes and vulnerabilities from being identified and fixed rather than stopping them from being exploited.

Yours sincerely,

Carl Reynolds

Frank Rankin, NHS Education for Scotland

Dear Mr Reynolds

I acknowledge receipt of your request for internal review.

This has been passed to Christine Patch, Head of Communications, who is
our internal review officer.
Yours sincerely



Frank Rankin
Information Governance Manager
NHS Education for Scotland
1st Floor
Clifton House
One Clifton Place
Glasgow G3 7LD

Telephone 0141 352 2923
VC: [email address]

show quoted sections

Christine Patch, NHS Education for Scotland

1 Attachment

Dear Mr Reynolds

Following your request for a review of our recent FOI reply to you on
the NHS ePortfolio source code and software licence, I have undertaken
the review and my response is attached.

Yours sincerely


Christine Patch

Christine Patch, MCIPR (Accredited Practitioner), Head of Corporate
Communications, NHS Education for Scotland,
Westport 102, West Port, Edinburgh, EH3 9DN.

Tel: direct dial 0131 656 3206; switchboard 0131 656 3200: fax 0131 656
3201
email: [email address]
VC: [email address]

show quoted sections