Pardon my ignorance
but what is wrong with fingerprint ID?
Cheers
Chris Fraser
> > It is scalable. Depends on teaching & sticking to security policies.
Think
> > of it as a pyramid.
> >
> Your pyramid is roughly comparable to three groups of access:
>
> 1) Everyone in the org.
> 2) Clinicians
> 3) Small group of clinicians and patient.
>
> Each group shares a passphrase to encryption. Shared secrets
> demonstrably are hard to protect as the number of people sharing the
> secret increases. Once again, as the number of users in the system
> increases, the security of the shared passphrase moves from marginal for
> category 1) to marginal for category 2) and probably not worth the
> effort for category 1). Most large organizations don't even implement a
> category 3 system, but it is the only model where human behavior and
> technical protections can intersect to provide a reasonable assurance of
> privacy. But if the access control were implemented in a way not using
> encryption, the same argument would apply. Encryption is a workable
> means of getting the protection to follow the data. The adminstration
> of the ACL is not really worked out, i.e. who has the passphrase. T
>
>
