securing distributed partial medical records?
Richard Jones
rich at annexia.org
Mon Jul 27 10:42:41 BST 2009
On Sun, Jul 26, 2009 at 10:58:30AM +0100, Adrian Midgley wrote:
> Ross Anderson wrote:
> > Quoting signup at bealoid.co.uk:
>
> > The techie would be far better trained, and have a far better
> > understanding of "file locking, version control, access and
> > write levels / permissions". The gynaecologist didn't have
> > such training: she had incentives, from a direct duty of care
> > to her patients, through to the survival of her business.
> >
> > Ross
> >
>
> This is my feeling about the threat model.
> I'd also add that the temptation for perfectly honest people to
> perfectly honestly believe that what they are doing with access to
> centrally held data is perfectly honest and wholly beneficial and that
> nobody need be told about it, act on that perfectly honestly held belief
> and later receive a horrible surprise when a different view surfaces
> along with a long history of perfectly hoenst misunderstanding is
> reduced if the xrays are on the xray server, the lab results on the lab
> server, the GP notes on the GP server, and each server keeps a record of
> who asks for things, and tells its custodian.
There's also a psychological distinction with this: If I just have to
type "ADRIAN MIDGLEY" into a computer terminal located in my private
office to pull up your medical records, then that's a lot easier than
if I have to haul myself along to your local GP and ask your GP's
receptionist face-to-face to see your paper records.
Rich.
--
Richard Jones
Red Hat
More information about the ukcrypto
mailing list