A EJRC document about Blockchain in education: http://publications.jrc.ec.europa.eu/repository/bitstream/JRC108255/jrc108255_blockchain_in_education(1).pdf <http://publications.jrc.ec.europa.eu/repository/bitstream/JRC108255/jrc108255_blockchain_in_education(1).pdf>
Gerard Freriks +31 620347088 gf...@luna.nl Kattensingel 20 2801 CA Gouda the Netherlands > On 16 Nov 2017, at 00:02, GF <gf...@luna.nl> wrote: > > Hi, > > > A blockchain[1] > <https://en.wikipedia.org/wiki/Blockchain#cite_note-te20151031-1>[2] > <https://en.wikipedia.org/wiki/Blockchain#cite_note-fortune20160515-2>[3] > <https://en.wikipedia.org/wiki/Blockchain#cite_note-nyt20160521-3> – > originally block chain[4] > <https://en.wikipedia.org/wiki/Blockchain#cite_note-primer-4>[5] > <https://en.wikipedia.org/wiki/Blockchain#cite_note-obmh-5> – is a > continuously growing list of records > <https://en.wikipedia.org/wiki/Record_(computer_science)>, called blocks, > which are linked and secured using cryptography > <https://en.wikipedia.org/wiki/Cryptography>.[1] > <https://en.wikipedia.org/wiki/Blockchain#cite_note-te20151031-1>[6] > <https://en.wikipedia.org/wiki/Blockchain#cite_note-cryptocurrencytech-6> > Each block typically contains a hash > <https://en.wikipedia.org/wiki/Cryptographic_hash_function> pointer as a link > to a previous block,[6] > <https://en.wikipedia.org/wiki/Blockchain#cite_note-cryptocurrencytech-6> a > timestamp <https://en.wikipedia.org/wiki/Trusted_timestamping> and > transaction data.[7] > <https://en.wikipedia.org/wiki/Blockchain#cite_note-IPblockchain-7> By > design, blockchains are inherently resistant to modification of the data. A > blockchain can serve as "an open, distributed ledger > <https://en.wikipedia.org/wiki/Distributed_ledger> that can record > transactions between two parties efficiently and in a verifiable and > permanent way."[8] > <https://en.wikipedia.org/wiki/Blockchain#cite_note-hbr201701-8>[not in > citation given <https://en.wikipedia.org/wiki/Wikipedia:Verifiability> (See > discussion. > <https://en.wikipedia.org/wiki/Talk:Blockchain#Edit_misrepresenting_cited_sources>)] > For use as a distributed ledger, a blockchain is typically managed by a > peer-to-peer <https://en.wikipedia.org/wiki/Peer-to-peer> network > collectively adhering to a protocol for validating new blocks. Once recorded, > the data in any given block cannot be altered retroactively without the > alteration of all subsequent blocks, which requires collusion of the network > majority. > > https://en.wikipedia.org/wiki/Blockchain > <https://en.wikipedia.org/wiki/Blockchain> > > > > What is Blockchain offering? > Bringing data from a to b? > Storing data? > Securing data? > Preventing privacy incidents? > Taking care of non-repudiation? > Taking care of data integrity? > Play a role in logging? > Will it prevent hacking of PC’s, Servers? > and other attacks such social hacking, pasword sniffing, etc.? > > At best it serves a role in: non-repudiation, data integrity and logging > (access control lists) without the need of a trusted third party service. > But one has to rely on safe/secure IT-systems that make use of it. > It takes care of a non-health related issue; it takes care of a generic legal > issue. > > Bye the way. > NICTIZ’ opinion is: > - Certainly it (blockchain) can not be deployed and replace in healthcare the > present “proven technology" > Het kan zeker nog niet worden ingezet voor vervanging van de huidige “proven > technology” in de zorg > - It is in the hype-phase. > - Many of the potential advantages will have to be proven. > > > > Gerard Freriks > +31 620347088 > gf...@luna.nl <mailto:gf...@luna.nl> > > Kattensingel 20 > 2801 CA Gouda > the Netherlands > >> On 15 Nov 2017, at 21:14, Bert Verhees <bert.verh...@rosa.nl >> <mailto:bert.verh...@rosa.nl>> wrote: >> >> There are so many privacy breaches in medical data, hacked accounts, >> data-leaks, wacky account rules, social hacking, temporary personal from >> employment agencies, no logging on access to systems, systems standing open >> and the nurse doing something else. >> A GP can call a specialist, it is very common to call a specialist, and say >> that information is needed on patient So and So. This happens so many times. >> He does not need to prove that he is the GP for that patient. A specialist >> does not have time for that kind of verifications. >> >> And when you talk about these kind of things to clinicians, the all denying, >> but they all know better. >> And when you talk about these kind of things to software companies, they >> start denying too, their software is oke! >> But it isn't, because a doctor does not pay for security, but for nifty >> software. On security no money can be earned. >> >>> So unless you are talking about the openEHR system being actively hacked, I >>> don't think this is a real use case. If we are talking about the openEHR >>> versioning being hacked, then a) they had to hack RAID 10 storage, DB >>> persistence mirroring, daily backups, b) the data centre has singificant >>> security, c) some security analysis will have been made in advance (it >>> will, won't it?!), and depending on the perceived threat, there may be e.g. >>> hashing + notary, or signed hashes + notary, which requires the hackers to >>> be of a superior variety. >> >> No one ever hacks a RAID-system, they hack the software. The RAID system is >> to the software like a single disk, if you remove data from software, then >> the RAID system will remove it too, it follows the software. The DB >> persistence mirroring is the same story. Daily backups are never rolled back >> (only in disaster scenario), because you will lose all newly entered data. >> >> A friend, a journalist was taking track of all illegal data-leaks in medical >> context, he has done that for over ten years. >> It must have been millions of patients whose data are leaked, stolen >> notebooks with copies of databases, lost USB-sticks, hacked accounts, every >> day there is something. It happens in the best secured organizations like >> the army. A container full with paper-patient-dossiers was standing on the >> street in a big city. Harddisks are not always cleaned up when sold to >> second hand computer-shops. I once got (so was said) a brand new >> server-hard-disk from HP-reseller, it wasn't new, there were data on it. >> >> Mostly this news is from the USA because there they is the obligation to >> report data leaks to the public. In the Netherlands this is not so, and >> guess who is against such a law? >> https://www.google.nl/search?q=data+leak&source=lnms&tbm=nws >> <https://www.google.nl/search?q=data+leak&source=lnms&tbm=nws> >> >>> >>> It's a fair bit of work to invisibly hack a properly implemented versioned >>> DB implementation within a secure facility, which is what is needed for a >>> medico-legal claim based on data to fail. >>> >>>> How about a patient who discovers its employer has knowledge of private >>>> medical data? People often think about psychiatric circumstances, but it >>>> can be other things in this time of revival of religions, f.e. a woman who >>>> hides the fact she has had an abortion and is now teaching on a christian >>>> school. >>> >>> ok, now that's privacy, so we are talking data theft, not integrity or >>> non-repudiation of authorship. >> >> Yes, that is, and maybe it is just paranoia, everybody has the right to be >> paranoid. Special in small communities data can leak very easy. Social >> hacking, you can call that. Happens all the time. But that kind of leaking >> cannot always be avoided with blockchain, unless the leaking GP is looking >> at someone else his system over a secured logging communication-network. >> Then it should be that the looking into data will be in a transaction, >> because it is interchanging medical data, which must guaranteed to be >> complete, unaltered and logged at receiver and sender. >> >>> >>>> >>>> Also interesting in this discussion is how to handle deletion of medical >>>> data (the patients right to be forgotten). >>>> Can it be that data refer to data on other systems, or may they only refer >>>> to data on the same system, copies of data from other systems? >>>> Do these copies need some accountable reference to where they come from? >>> >>> these are I agree, important questions, and we've tried to cover some of it >>> with openEHR e.g. via FEEDER_AUDIT >>> <http://www.openehr.org/releases/RM/latest/docs/common/common.html#_feeder_system_audit>, >>> URI datatype, and more recently some thinking in a new REPORT type >>> <https://openehr.atlassian.net/wiki/spaces/spec/pages/92358988/Reports> >>> being considered for the RM (I've added a note to this to cover the >>> requirement to safely refer to / ?copy content from external systems). >>> >>> We need to consider these kind of reference questions more carefully and >>> provide more comprehensive solutions for sure. >> >> It is a very complicated subject, and I did not expect any action taken on >> my initial question, yesterday morning. But there was discussion, I also >> learned from it. >> >> Huge ICT companies are implementing blockchain-applications, and the medical >> world will for sure be one of the targets. They are ready to implement and >> sell it. They will convince governments that it is needed. In the >> Netherlands, Nictiz is on their side. Nictiz is the only information-source >> for the government. >> >> My question is, can this be transparent, (like RAID 10 is to a system), or >> is there an architectural change needed on the logical layers? Or is there >> an architectural layer desirable? Do medical software architects want to >> influence decisions? Then they need to take positions. >> >> It is not something for today or tomorrow, or the day after tomorrow. But >> next year? In two years? >> >> IBM is selling blockchain-technology: >> https://www.ibm.com/blockchain/nl-nl/get-started/ >> <https://www.ibm.com/blockchain/nl-nl/get-started/> >> >> Today I was reading about Mastercard going to use blockchain, they patented >> an own implementation (sorry, in Dutch) >> https://www.agconnect.nl/artikel/mastercard-legt-eigen-blockchain-vast >> <https://www.agconnect.nl/artikel/mastercard-legt-eigen-blockchain-vast> >> >> >> The patent >> http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&u=/netahtml/PTO/search-adv.html&r=1&p=1&f=G&l=50&d=PG01&S1=20170323294.PGNR.&OS=dn/20170323294&RS=DN/20170323294 >> >> <http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&u=/netahtml/PTO/search-adv.html&r=1&p=1&f=G&l=50&d=PG01&S1=20170323294.PGNR.&OS=dn/20170323294&RS=DN/20170323294> >> >> Best regards >> Bert >> ________ > > _______________________________________________ > openEHR-technical mailing list > openEHR-technical@lists.openehr.org > http://lists.openehr.org/mailman/listinfo/openehr-technical_lists.openehr.org
_______________________________________________ openEHR-technical mailing list openEHR-technical@lists.openehr.org http://lists.openehr.org/mailman/listinfo/openehr-technical_lists.openehr.org