Re: FW: GP Requirements - was [GPCG_TALK] Re: The Dreaming [typo corr ected]

Wed, 11 Jan 2006 19:39:07 -0800

The key reason that clinical messaging should use a Location Certificate ( rather than an Individual Certificate)  is because it can be automated.
Imagine having to fish out your USB dongle every time you wanted to decrypt a lab report!

Andrew McIntyre wrote: 
Hello Hugh,

Wednesday, January 11, 2006, 8:58:50 AM, you wrote:

DHN> This is an important point.
DHN> HIC were obsessed with getting GP's to do something that would save the 
DHN> HIC money  - so much so that our clinic got set up with individual PKI 
DHN> keys and usb dongles and the HIC staffperson didn't think it was 
DHN> necessary to arrange for a Location Certificate.
DHN> Of course, a location certificate is the one to use if you are sending 
DHN> clinical information securely.

There is no real difference other than the fact that the private key
is locked into a (Mostly) secure container and never leaves the usb
key so is very hard to steal. The encryption is exactly the same with
Site certificates and Individual Keys. The variation is in the
security of the private key.

The HIC use Location certificates so I doubt their motive was
sinister. They just underestimate the ability of the (above) average
person to make use of a technology that is in its infancy and is not
readily useable without software specifically designed to take
advantage of it, while shielding the user from the complexity.


DHN> If the HIC had worked from the start to enable better clinical 
DHN> communications, then we would all be on board by now.

I think the V1 of the PKI API, which didn't really work was a nail in
the coffin. V2 actually works pretty reliably, apart from some driver
installation issues. The current version is able to do what is needed.

Self generation of Keys is something they should embrace, at least on
request, however for many users it would raise the barrier further.

Personally I think every new provider number should come with a HESA
key. If you are authenticated to see patients them you should be
authenticated enough to have a HESA key!

DHN> Andrew Patterson wrote:

  
I guess the question is, is any form of PKI certificate
that carries with it some real legal responsibility for its
use acceptable to GP's at the current moment?? Or
is that something for the future.. should we be setting
our sights on just deploying some simple, no legal
hassle secure email infrastructure??
 

      

DHN> _______________________________________________
DHN> Gpcg_talk mailing list
DHN> [email protected]
DHN> http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk



  

_______________________________________________
Gpcg_talk mailing list
[email protected]
http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk

Reply via email to