Need for due care in the advent of NCK online returns to avoid data phishing of nurses’ data

There is an ongoing debate on social media about the new method of making nurses returns using google forms or whether it could end up being a form of data phishing?

The message reads thus: “Dear …….., NCK is updating its registers of professionals. Kindly click this link and update your info https://forms.gle/hvJ11WhyjotyexwT6″

The question has been – was this a form of data phishing or data mining? How can we ensure the integrity of nurses’ returns?

Phishing is the fraudulent attempt to obtain sensitive information on users otherwise referred to as theft of user data. Phishing is a method of trying to gather personal information … (Wikipedia). These messages aim to trick the user into revealing important dataThe bait usually lures out the weaker computer users, it has a way of sneak-attacking anyone that lets their guard down.

Let me say from the outset that this article is not intended to dissuade nurses from filing the returns, on the contrary it asks the custodian who is Nursing Council of Kenya (NCK) to take due diligence, even as nurses need to be cautious.

Out of basically all statutory bodies in the country NCK has continued to lead in terms of registration, licensing and general updates which was commendable.  In the process I have the feeling they might end up being overambitious and fail to take adequate precautions to protect nurses’ personal data.

NCK needs to come up with clauses in the Act legislation that provides: apart from professional accountability and responsibility to the public, some mechanisms of data privacy and security provisions for safeguarding nurses’ information, detailing conditions under which disclosure of identify can be allowed.

The apprehension though not widely held emanates from the fact that NCK has always been seen as very deliberate whenever it needs nurses returns. It sends out information and proformas; hard copy forms almost similar to this proforma. She actually insists these must be submitted as hard copies.  The closest one can get to submitting online is scanning the hard copy and sending it. Now we have come digital and that is not a bad idea.

However let’s hope someone is not doing some data phishing or mining and that it was none of these in the advent filing Nursing Council of Kenya’s (NCK) online returns via the given link.

The link also does not make it mandatory (*) for one to fill their Most current NCK license number.  That item and the Passport number are not mandatory, while Registration Number of all qualifications (except the highest) was missing. A database that doesn’t ask for the nurse’s registration or license is grossly incomplete or else suspect.

I already did fill the proforma a few days ago and they didn’t indicate that there was an alternative method. Moreover the proforma was asking  for far too less in comparison with the very intimate professional and personal details the link was asking. One wonders why the proforma is not exactly like the online form. Again, why send the link to some nurses and not to all of them? Or may be this was going to happen in due course.

I wish nurses could be filing returns through a self- service portal.  One would expect NCK to back-link important links on its own social media walls but this was not the case.  So I decided to check around: A visit to NCK’s home page category; Recent posts, NOTICE registration & licensing just leads to a link on free online CPD for nurses and midwives. There was no mention of the link.  On NCK on Twiter one would expect this as a promoted or pinned tweet, but does it even mention it? NO!

On NCK’s home page Facebook wall there was not a mention/hint on the link. The last post was June 14th on Scope of Practice for Nurse Anesthetist. Casting the net a bit wider the latest news mention of NCK was in Tuko about 3 months ago with 4371 reads to date. The article was quite elaborate on role of the council and how to register for online services in the portal as shown below:

                                                           Caption courtesy of NCK on facebook

(with 101 likes, 56 shares, 43 comments by 9th July 2019)

By the way can NCK provide minutes supporting contracting a third party like google docs to do the data bases? Moreover why go for open-source software? How can we be assured of the integrity, privacy and confidentiality of such? Surely NCK can afford to hire a firm to do this, even a local one for that matter.

They ought to have sensitized members before employing such a vincible mechanism, not just waking up one day with an executive decision like a rogue body and start sending links, Google forms and the like then expect everyone to comply or else.

If such due diligence cannot be assured, remember data phishing is big time business today. Anyone with such verifiable data goes for the highest bidder.  God forbid should such fall into the wrong hands. NCK should come clear. By now an institution of NCK status ought to have responded to these concerns. What are the nurses’ associations and unions saying?

Disclaimer: Lest anyone fails to file the paperwork or online, my caveat is do it at your own risk, Take care!

PS:
The problem is that we have a fairly complacent if not gullible lot who will believe in whatever comes, and a nursing leadership that sees enemies in every critic.

Please leave a reply