Basically, I agree with you here. However, it is a mistake to think
of VistA as *just* a healthcare application. It's not even really an
application, but more of an operating environment, containing
something like a shell (Menu Manager) and a wide variety of
(sometimes tightly integrated) "applications". In some ways, I think
it is a lot like early versions of Windows, that were basically
applications running under DOS. In the case of VistA, you have the M
environment, a logical layer built on top of it, including
infrastructure for sign on and security, task management, file
(database) management, etc. Then you have a number of applications
like Registration, Order Entry, etc. running in the VistA environment.
Does that make a difference? Maybe not. But it doesn't make much
sense to call it *an* application. That being said, I'm sympathetic
with the point of view that it's not enough to simply have a *policy*
requiring that patient data not be transferred in mail messages,
other means should be used to ensure that any messages be secured. I
also agree that medical record systems should not directly connect to
the Internet, and that appropriate firewalls and other security
measures are called for.
===
Gregory Woodhouse
[EMAIL PROTECTED]
"One must shy away from questionable undertakings, even when they
have a high sounding name."
--Albert Einstein
On Sep 30, 2005, at 10:49 PM, Ruben Safir wrote:
It should be mandated if the mail server and clients are being built
into a healthcare application. Everyhting should be encrypted by
default
Ruben
-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Hardhats-members mailing list
Hardhats-members@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/hardhats-members
