Andrew po-jung Ho wrote:
> >it
> >must be adequately encrypted (and that does not mean the piss-weak 40bit
> >RC2 encryption offered by MS Access). Are open source medical systems
> >better than commercial offerings in this respect, I wonder?
[...useful discussion by Andrew Ho of encryption in various
scenarios...]
Yes, but my question was to what degree do any of the open source
practice managemengt/EHR systems actually implement or provide support
for encryption of data on disc (and on secondary media such as tape)?
Such capability is a sine qua non for use of such systems anywhere
physical security can't be assured to very high levels. That applies to
most community clinics and health centres, I suspect. I am assuming that
the server for such systems is on a LAN and thus housed in the clinic or
health centre. The best solution of course is to co-locate the clinic
server at a secure site, but that requires broadband network access.
Such access has arrived in metro areas in many developed countries but
is not even on the horizon in most rural areas. In developing countries
broadband access either doesn't exist or is unaffordable even for
medium-sized hospitals, let alone community clinics. So local encryption
of data (and good key manangement systems) are required. Have they been
implemented in the open source context? Interestingly, MS Windows 2000
now comes with a 128-bit encrypting file system (EFS) right out of the
box - this allows whole disc partitions to be encrypted. You can also do
this with Linux in a clunky sort of way, but no Linux distribution
supports this "out of the box" - quite a lot of fiddling is required.
Hiwever, a problem with encrypting file systems is that the data is
unencrypted as soon as it is pulled off the disc. I don't think that any
open source tape backup software supports high level encryption of data
which is streamed to tape (I might be wrong). By far the best solution
is encryption of sensitive data by the application itself - this
ensures the data remains encrypted no matter where it goes. BTW,
"sensitive data" extends to just about everything. It is not enough to
encrypt just the obviously identifying data such as name, address or
date of birth. If I know that patient X visited a practice on a
particular date, I can easily identify that patient in a clinic's
complete set of medical records by using that information plus an
estimate of his/her age, height and weight (and sex, of course). A few
simple SQL queries later and I have uniquely located that person's
medical record (after first stealing the clinic PC or server), without
ever needing access to that person's name, address or DOB.
Tim C
