securing distributed partial medical records?

[Adrian Midgley]

Ross Anderson wrote:
> Quoting signup at bealoid.co.uk:

> The techie would be far better trained, and have a far better
> understanding of "file locking, version control, access and
> write levels / permissions". The gynaecologist didn't have 
> such training: she had incentives, from a direct duty of care
> to her patients, through to the survival of her business.
> 
> Ross
> 

This is my feeling about the threat model.
I'd also add that the temptation for perfectly honest people to
perfectly honestly believe that what they are doing with access to
centrally held data is perfectly honest and wholly beneficial and that
nobody need be told about it, act on that perfectly honestly held belief
and later receive a horrible surprise when a different view surfaces
along with a long history of perfectly hoenst misunderstanding is
reduced if the xrays are on the xray server, the lab results on the lab
server, the GP notes on the GP server, and each server keeps a record of
who asks for things, and tells its custodian.