Remote access to patient records and security of android apps
Mary Hawking
maryhawking at tigers.demon.co.uk
Thu Jan 12 19:34:57 GMT 2012
http://www.ehi.co.uk/news/primary-care/7445/tpp-develops-systmone-android-ap
p
"TPP said it expected to have the SystmOne Android solution completed and
tested within the first half of this year. Following a pilot phase, it will
then become available to users via the Android 'marketplace'.
Access to the app will be through the user's usual username and password, so
nobody will be able to use it unless they are a SystmOne user."
This is a confidentiality and security question rather than a crypto one:
apologies.
In the NHS we have been told, repeatedly, that user name and password are
insufficient: there needs to be a smartcard logon for secure identification,
and RBAC (Role Based Access Control) to ensure that once identified an
individual can only access the information/functions their role requires.
My question is twofold:-
1. *can* an android app incorporate smartcard security?
2. if access via logon and password is sufficient security, why were
smartcards, RBAC and the system of Registration Authorities considered to be
necessary in the first place?
Unfortunately, after I had successfully posted this query on EHI, the
facility for posting comments was withdrawn from the article and my comment
removed.
Mary Hawking
"thinking - independent thinking - is to humans as swimming is to cats: we
can do it if we really have to." Mark Earles on Radio 4.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 11526 bytes
Desc: not available
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20120112/d39381b3/attachment-0001.bin>
More information about the ukcrypto
mailing list