On 9 Mar 2004, at 06:51, Thomas Beale wrote: > A well known study in Harvard medical school (I think) showed that > putting the message "Do not inappropriately access patient data - all > your accesses are being logged" on clinician screens a few times a day > resulted in a drop to near 0 of inappropriate access. No other > technology was used
Indeed - but the (perhaps) disingenuous claim which is flashed across clinicians' screens will only work for a finite period before people stop believing it and revert to their old habits. Security is a process, and it requires constant amendment and updating. If someone wants to "attack" a system (in this case by inappropriately accessing records), they will. To use a phrase which is undoubtedly well known to everyone, "there is no silver bullet" - especially where security is concerned... A good book to look at on the subject of insecure data is The Art of Deception by Kevin Mitnik. Never say die. Best, Nathan -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/enriched Size: 1008 bytes Desc: not available URL: <http://lists.openehr.org/mailman/private/openehr-technical_lists.openehr.org/attachments/20040309/90d7e727/attachment.bin>