-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, Mar 05, 2005 at 07:34:47PM +0100, Karsten Hilbert wrote: > > The main issue here is varification of authenticity of digital > > data entry. There must be some mechanism to ensure that every > > entry placed in the EHR must be authenticated by the signitory, > > even if the entry is made by a secretary, DEO or transcription- > > ist. > > A first-step solution might be this: > > - writes are tracked (author, timestamp) > - regular clear-text database dumps are taken (say, twice daily) > this includes the tracked writes (eg audit logs) > - dumps are signed to be authentic by a, say, CMO > - dump hashes are timestamp-signed by non-affiliated third > parties (say, digital notary servers provided by medical > faculties, etc.) >
This is a logical process to start with. The issue here is acceptance and institution of the 'notary servers' ... these need to find a place within the system universally. > [some snipped] > > > Audit trails of visits are only to ensure read access by > > authorised agencies. > > Even that does not really add any value. IF access occurred it > must have occurred with proper credentials (barring bugs in the > software). Yup, as far as the technical side is concerned, this should be the end point that we need to go for presently ... > The question is whether those credentials were abused by > someone who wasn't supposed to know them or by someone in the > know but who wasn't supposed to access that part of the data. > One study showed a decrease in the latter when "tracking reads" > was announced to the regular users. These are human shortfalls. The fact is, if a sysadmin is happy to broadcast access passwords to all-and-sundry, ultimately, he/ she is to be held responsible. It is possible to incorporate much more stringent access methods by thumb imprint or pupil signature varification (and methods yet to come). However, such mathods may not be easily deployable or cost effective. Just my 2p Bish -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFCKrmHr5z5toona28RAkTiAJ4hy3mVByXwyOIhPnzFQhoxQ+3powCfbiMq Chr+CL6Y/Z6uAj+fvXReau4= =4UHc -----END PGP SIGNATURE----- - If you have any questions about using this list, please send a message to d.lloyd at openehr.org