securing distributed partial medical records?

[Adrian Midgley]

signup at bealoid.co.uk wrote:

> Sure, they should be trained, and they should know what the rules are,
> but in my (limited) experience you get scary answers from some of them
> about stuff like confidentiality and proof of ID.



This is entirely irrelevant.


Any system, wherever whatever data is stored, has to provide access to
it to the people who (are believed to) have a need to use it, IE those
in the general practices and hospitals, in this context.

This really is a complete diversion from anything worth discussing about
the places in which to put the data I generate about my patients, and so
on for everyone else, how to allow machiens to talk to each other about
it (until we have a machine society, social engineering is not going to
be relevant to the xray reports of a patient being made available
through their GP record) and crucially IMHO who it is who gets first
look at the access logs.

Please don't solve other problems.

-- 
A