securing distributed partial medical records?

[Roger Hayter]

In message <4A6C28C6.1040707 at gmail.com>, Adrian Midgley 
<amidgley at gmail.com> writes
>Ross Anderson wrote:
>> Quoting signup at bealoid.co.uk:
>
>> The techie would be far better trained, and have a far better
>> understanding of "file locking, version control, access and
>> write levels / permissions". The gynaecologist didn't have
>> such training: she had incentives, from a direct duty of care
>> to her patients, through to the survival of her business.
>>
>> Ross
>>
>
>This is my feeling about the threat model.
>I'd also add that the temptation for perfectly honest people to
>perfectly honestly believe that what they are doing with access to
>centrally held data is perfectly honest and wholly beneficial and that
>nobody need be told about it, act on that perfectly honestly held belief
>and later receive a horrible surprise when a different view surfaces
>along with a long history of perfectly hoenst misunderstanding is
>reduced if the xrays are on the xray server, the lab results on the lab
>server, the GP notes on the GP server, and each server keeps a record of
>who asks for things, and tells its custodian.

Quite agree.  If the choice is between a thoroughly competent engineer 
and technical team working under political direction and my GP I would 
much rather have the latter looking after my data, for reasons which 
have been much rehearsed on this list.  And I believe 99% of GPs are 
much more knowledgeable about health data security and confidentiality, 
and its implications, than most "experts".

-- 
Roger Hayter