Crypto, free/open source software, medical records and NHS

[Adrian Midgley]

I am heartened by the interest shown in the NHS here.

The move to open source for medical record software is gathering
support.
It seems to me that there are certain commonalites between the reasons
why cryptographic algorithms that are known and can be verified ...
and medical record/management software likewise ... are preferred over
those where the assurance of correctness is that of a company, however
reputable, saying "trust us".
There are other reasons but I don't want to rehearse a discussion
running on GP-UK @ mailbase.ac.uk and on the open source medical
lists.

What I would be interested in is the panel's thoughts on the
cryptographic implications, solutions and so on  of the need to
maintain an audit trail of alterations and transactions in such open
health systems.

The first approximation I can see is that one hashes entries, makes a
hash tree of them and the previous state of the system, and publishes
that somewhere demonstrably beyond the power of the owner of the
system to retrieve, alter and replace reliably undetectably.  (this is
from comments by Ross on how to do it.)

A very useful component to become available to the various projects
producing GPL software aimed at healthcare would be one which did that
or much of it.

I think the solution has to be cryptographic, and I think that the
existing closed source systems rely mainly upon the users being able
to claim they do not understand how the audit trail works - a claim
that I might not be able to rely upon if I had to make it - and
essentially depend upon things like the order in whcih rows occur in a
table, times dates and user IDs recorded in a second copy of the
records in the audit table and so on to trip up anyone who tries to
alter things.  And of course on the obscurity of the way in whihc
entries for it are generated.

--
Midgley