securing distributed partial medical records?

[signup at bealoid.co.uk]

Quoting Adrian Midgley <amidgley2 at defoam.net>:

> I like the idea of leaving those images, that data, the vector of the
> ECG and the conclusions of the artificial and real intelligences that
> look at it where they are, but passing a pointer to other systems that
> need, want opr should assemble those pieces togehter to show to a doctor
> looking after teh whole patient.
>
>
> How do we secure it adequately?

Most of it is straightforward database stuff, with cryptographic  
signing on top:

i) File locking
ii) Version control
iii) Access and Write levels / permissions
iv) Audit logs of all reads and writes

I would much rather have all this on a spine, and have better training  
for staff about confidentiality, than have it scattered across a bunch  
of different computers in different places with different staff, and  
maybe different training and cultures.

>  <http://www.bir.org.uk/safe_sharing.html>
>
> Safe Sharing of Documents and Images
> across Healthcare Domains

'Caldicott Guardians' are the NHS people responsible for patient  
confidentiality.  Some of them have clue.  Some of them are hopeless,  
which is my worry about having my data under their 'protection'.

The rather top-down pushing of IT onto  the NHS does raise many concerns.