securing distributed partial medical records?

Gerard Freriks gfrer at luna.nl
Sun Jul 26 13:04:17 BST 2009 


On 26 jul 2009, at 11:23, Ross Anderson wrote:

> The techie would be far better trained, and have a far better
> understanding of "file locking, version control, access and
> write levels / permissions". The gynaecologist didn't have
> such training: she had incentives, from a direct duty of care
> to her patients, through to the survival of her business.

I.E.

Always the author (or his successor) of the information supplied, is  
the prime accountable person.
Government, techies, Caldicott Angels, SPINE authorities, other  
secondary involved persons are facilitators of the author, only.
Never the other way around.

It is the prime responsible author that is in a position to make an  
informed judgement wether, and to whom, to divulge information he  
authored.
No organisational policy, technical contraption is able to make this  
informed judgement.
IT facilitates the author in the role of healthcare provider/ 
documenter/author in order to fulfill its responsibilities towards its  
patient.

The role of the patient is to instruct the author how to  
operationalise the patient given instructions for access control. (The  
patient mandate, informed consent)
Leaving room for professional freedom not to follow the patient  
instruction under extreme conditions such as conflict of  . Actions  
that can be contested in court.

The principle of (digital) documentation, that under all circumstances  
the accountable author must make an informed decision before divulging  
information, will have serious consequences for Patient Summary and  
other National health IT-projects.
It means that solely both the patient and healthcare provider/author  
define the content and the privacy and access control policies.
Others should never top down enforce patients and healthcare  
providers//authors into systems that breach this principle.

With regards,


Gerard Freriks

-- <private> --
Gerard Freriks, MD
Huigsloterdijk 378
2158 LR Buitenkaag
The Netherlands

T: +31 252544896
M: +31 620347088
E:     gfrer at luna.nl



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20090726/ecfed204/attachment.htm>

More information about the ukcrypto mailing list