Remote access to patient records and security of android apps

Tony Naggs tony.naggs at
Fri Jan 13 00:15:14 GMT 2012

Hi Mary

I am not familiar with "SystemOne", and it is not clear from the article
what the Android application would be used for. Clearly managing one's
calendar, accessing email or editing patient notes have different
confidentiality issues.

In principle an Android tablet could access a smartcard, as the SIM card in
an Android phone is a form of Smartcard - but I have not noticed any tablet
computers advertised with Smartcard slot. Also some Android phones are
starting to have NFC (Near Field Communications) interfaces that could talk
to Smartcards that work wirelessly (similar to an Oyster card).

I am also concerned about how whether the data is securely encrypted when
sent over the the WiFi or 3G data network.


On 12 January 2012 19:34, Mary Hawking <maryhawking at>wrote:

> p
> "TPP said it expected to have the SystmOne Android solution completed and
> tested within the first half of this year. Following a pilot phase, it will
> then become available to users via the Android 'marketplace'.
> Access to the app will be through the user's usual username and password,
> so
> nobody will be able to use it unless they are a SystmOne user."
> This is a confidentiality and security question rather than a crypto one:
> apologies.
> In the NHS we have been told, repeatedly, that user name and password are
> insufficient: there needs to be a smartcard logon for secure
> identification,
> and RBAC (Role Based Access Control) to ensure that once identified an
> individual can only access the information/functions their role requires.
> My question is twofold:-
> 1.      *can* an android app incorporate smartcard security?
> 2.      if access via logon and password is sufficient security, why were
> smartcards, RBAC and the system of Registration Authorities considered to
> be
> necessary in the first place?
> Unfortunately, after I had successfully posted this query on EHI, the
> facility for posting comments was withdrawn from the article and my comment
> removed.
> Mary Hawking
> "thinking - independent thinking - is to humans as swimming is to cats: we
> can do it if we really have to."  Mark Earles on Radio 4.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the ukcrypto mailing list