David: >>The fact that prescription stationery has serial number on it does not >>prevent "forgery". >>In one of the Auckland (NZ) tertiary hospital, a whole book of such >>preprinted prescription >>paper was stolen not long ago with forged prescriptions appearing in local >>pharmacies for >>amphetamine class of drugs. It only aroused suspicion when too many of such >>scripts appeared >>within a short time. >> >> > Thanks Stephen. In Oz the scripts have consecutive serial numbers so >presumably all "compromised" scripts could be identified (admittedly >after the event). Well, the Kiwi scripts also have consecutive serial numbers. They were also discovered after the event. If the culprit spread the scripts over a larger area and a slightly "longer" period of time, it will be much harder to discover the theft.
>>A more secure way to prevent forgery is electronic prescription with PKI type >>of security. >> >> >Undoubtedly. >>P.S.: I have recently completed a research on electronic prescription. WRT >>the issue of legislations >>governing prescriptions: it is a requirement by law - almost worldwide - that >>pharmacies are required >>to have the original paper prescriptions with the prescriber provider number >>and signature for >>medications to be dispensed. Hospitals are allowed to "bend" the rule >>because the originally signed >>prescriptions are held within the hospitals. Electronic signature >>legislations to allow e-Prescription are >>only passed in a very few countries, mainly in Europe and North America. > >Do you think it will happen here? NZ changed the Electronic Transaction ACT (ETA) in 2002 to allow eCommerce to happen without requiring physical signature on a piece of paper contract. Unfortunately, prescription was deliberately excluded from the ETA change. Medical industry objection was the alleged reason for the exclusion. Similarly, although UK has a few pilot ePrescription project up and running, electronic signature legislation on prescriptions could not be moved forward. For this to happen in Oz, we need one or both of the followings: (1) strong voice from AMA and Colleges, esp GP College (2) visionary politicians who are willing (and have the guts) to move the legislation forward. I don't see (2) happening. The only hope we have is (1) My 2c worth. Stephen ________________________________ From: [EMAIL PROTECTED] on behalf of [EMAIL PROTECTED] Sent: Tue 7/02/2006 10:24 AM To: [email protected] Subject: Gpcg_talk Digest, Vol 5, Issue 21 Send Gpcg_talk mailing list submissions to [email protected] To subscribe or unsubscribe via the World Wide Web, visit http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than "Re: Contents of Gpcg_talk digest..." Today's Topics: 1. Re: Are facsimiles of PBS prescriptions valid? (David Guest) 2. Electronic scripts (Jim Glaspole) 3. RE: Electronic scripts (Oliver) 4. Re: Batch file (doug mansell) 5. New Info From NEHTA (David More) 6. Allied health software on frontdesk (Michael Christie) 7. Re: Are facsimiles of PBS prescriptions valid? (Andrew Patterson) 8. Re: Are facsimiles of PBS prescriptions valid? (Elizabeth Dodd) 9. Re: Allied health software on frontdesk (Elizabeth Dodd) 10. Re: Are facsimiles of PBS prescriptions valid? (Andrew Patterson) ---------------------------------------------------------------------- Message: 1 Date: Tue, 07 Feb 2006 09:10:13 +1100 From: David Guest <[EMAIL PROTECTED]> Subject: [GPCG_TALK] Re: Are facsimiles of PBS prescriptions valid? To: OzdocIT <[email protected]> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-1 Stephen Chu wrote: >David: > >The fact that prescription stationery has serial number on it does not prevent >"forgery". In one of the Auckland (NZ) tertiary hospital, a whole book of >such preprinted prescription paper was stolen not long ago with forged >prescriptions appearing in local pharmacies for amphetamine class of drugs. >It only aroused suspicion when too many of such scripts appeared within a >short time. > > Thanks Stephen. In Oz the scripts have consecutive serial numbers so presumably all "compromised" scripts could be identified (admittedly after the event). >A more secure way to prevent forgery is electronic prescription with PKI type >of security. > > Undoubtedly. >P.S.: I have recently completed a research on electronic prescription. WRT >the issue of legislations governing prescriptions: it is a requirement by law >- almost worldwide - that pharmacies are required to have the original paper >prescriptions with the prescriber provider number and signature for >medications to be dispensed. Hospitals are allowed to "bend" the rule because >the originally signed prescriptions are held within the hospitals. Electronic >signature legislations to allow e-Prescription are only passed in a very few >countries, mainly in Europe and North America. > Do you think it will happen here? David ------------------------------ Message: 2 Date: Tue, 07 Feb 2006 10:03:56 +1100 From: Jim Glaspole <[EMAIL PROTECTED]> Subject: [GPCG_TALK] Electronic scripts To: General Practice Computing Group Talk <[email protected]> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-1 I have pondered this one and have only my own imagination to go how this may work: 1. Choose to submit script electronically to online PBS repository (perhaps mandatory for S8 drugs), signing with HIC individual certificate (sorry Horst I can't see self-generated keys becoming acceptable here), from within wondrous bug free version of clinical software. 2. Pharmacist retrieves from bank with their own individual certificate and patient Medicare number. Should be readily achievable and has huge advantages over current system: - no paper - more secure - anti-doctor shopper Has anyone else had similar imaginings? Is it beyond this stage already? Jim ------------------------------ Message: 3 Date: Tue, 7 Feb 2006 09:47:56 +1030 From: "Oliver" <[EMAIL PROTECTED]> Subject: RE: [GPCG_TALK] Electronic scripts To: "General Practice Computing Group Talk" <[email protected]> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="iso-8859-1" > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Jim Glaspole > Sent: Tuesday, 7 February 2006 9:34 AM > > I have pondered this one and have only my own imagination to > go how this may work: > 1. Choose to submit script electronically to online PBS repository > (perhaps mandatory for S8 drugs), signing with HIC individual > certificate (sorry Horst I can't see self-generated keys becoming > acceptable here), from within wondrous bug free version of clinical > software. > 2. Pharmacist retrieves from bank with their own individual > certificate and patient Medicare number. It was called the Better Medication Management System, then MediConnect, then was rolled into HealthConnect, whose wherabouts currently are uncertain. http://www.mediconnect.gov.au/what.htm Oliver Frank, general practitioner 255 North East Road, Hampstead Gardens South Australia 5086 Ph. 08 8261 1355 Fax 08 8266 5149 ------------------------------ Message: 4 Date: Tue, 7 Feb 2006 10:27:38 +1100 From: doug mansell <[EMAIL PROTECTED]> Subject: Re: [GPCG_TALK] Batch file To: General Practice Computing Group Talk <[email protected]> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-1 On 2/7/06, Tim Churches <[EMAIL PROTECTED]> wrote: > Elizabeth Dodd wrote: > > On Tue, 7 Feb 2006 07:06, Michael Christie wrote: > >> Sorry the previous post should read " moves all the text files > >> (*.txt) from c:\test1 folder to c:\test2 folder." > >> You know what I mean! > >> _______________________________________________ > >> Gpcg_talk mailing list > >> [email protected] > >> http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk > > > > Now, this is rusty indeed > > > > copy c:\test1\*.txt c:\test2\*.txt > > del c:\test1\*.txt > > The problem with the above is what happens if the copy fails (due to > lack of disc space)? The delete will still proceed. Then you have no > files anywhere... > Another problem is that txt files may appear in c:\test1\ after the copy and before the delete... ! ------------------------------ Message: 5 Date: Tue, 7 Feb 2006 11:40:55 +1100 From: David More <[EMAIL PROTECTED]> Subject: [GPCG_TALK] New Info From NEHTA To: General Practice Computing Group Talk <[email protected]> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="iso-8859-1" Hi All, Two position statements on secure messaging have appeared on the NEHTA site (www.nehta.gov.au) under the publications section. Worth a look. Apologies to all those who had spotted them. Cheers David ---- Dr David G More MB, PhD, FACHI Phone +61-2-9438-2851 Fax +61-2-9906-7038 Skype Username : davidgmore E-mail: [EMAIL PROTECTED] -------------- next part -------------- An HTML attachment was scrubbed... URL: http://ozdocit.org/pipermail/gpcg_talk/attachments/20060207/aa9d922c/attachment-0001.html ------------------------------ Message: 6 Date: Tue, 07 Feb 2006 12:15:08 +1100 From: Michael Christie <[EMAIL PROTECTED]> Subject: [GPCG_TALK] Allied health software on frontdesk To: GPCG_Talk <[email protected]> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-1 Hello to all, Thankyou to the correspondents regarding the batch file. May I ask colleagues opinions on another matter. We have a standard medical setup for a 6 doctor practice. Server linking to workstations. An allied health practitioner who rents a room wants to put her MYOB program on the frontdesk computer so the reception staff can bill her clients for her and receipt them via her preferred program MYOB. This will save her time entering her own data into MYOB. Currently our staff collect her money for her at the frontdesk via EFTPOS and cash and we give her a manual record other day and she takes it home to put on her computer for record purposes. We use Totalcare practice mx software, and quickbooks for accounts (not running at the frontdesk) Obviously technically this can be done and installed on the computers at the frontdesk. We have appropriate backup and failure proceures in place for our own software and computers. However I have some reservations regarding having other peoples financial software on our computers, the possibility of losing her data, what happens if our computer fails with all her accounts on it, and also staff may keywrong data into her program, the Allied Health person would need to spend more time at the front desk instead of in her room checking her accounts etc.etc. Technically this can be done. But may I ask my colleagues, *_should_ *we do this for her? What is your opinion? -- *********************************************************************************************************************************************************** This communication is confidential to the named addressee, may contain legally privileged information and is subject to copyright. By the use of email over the Internet, West Brunswick Clinic is not waiving either confidentially of, or legal privilege in, the content of the email and of any attachments. No-one else may read, print, store, copy, forward or act in reliance on all or any of this email or its attachments.If you are not the intended recipient, any use, reliance upon it, disclosure or copying of this email is prohibited and unlawful. If you have received this email in error please notify the sender immediately (at our cost) 03 9387 9088 Australia. West Brunswick Clinic does not warrant that this email and any attachments are error or virus free and recommends that all attachments be checked for computer viruses. *********************************************************************************************************************************************************** ------------------------------ Message: 7 Date: Tue, 7 Feb 2006 13:01:15 +1100 From: Andrew Patterson <[EMAIL PROTECTED]> Subject: Re: [GPCG_TALK] Are facsimiles of PBS prescriptions valid? To: General Practice Computing Group Talk <[email protected]> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-1 > I dont have to have a card to transfer $Xk between accounts or to pay > bills > I am happy to trust this to PIN numbers etc If you can still transfer money using online banking in 5 years without some sort of smartcard/OTP/sms I'd be amazed. Banks have rolled out the first electronic authentication system to a mass market (i.e internet banking passwords) and we are just starting to enter into the phase where it is subject to widespread attack (phishing etc). The financial hit banks are taking on this will lead to multiple factor authentication systems. I think HESA are correct into wanting to do better than people just typing in passwords.. maybe their solution has some other flaws, but at its core it's a sound approach. Andrew ------------------------------ Message: 8 Date: Tue, 7 Feb 2006 13:09:44 +1100 From: Elizabeth Dodd <[EMAIL PROTECTED]> Subject: Re: [GPCG_TALK] Are facsimiles of PBS prescriptions valid? To: General Practice Computing Group Talk <[email protected]> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="iso-8859-1" On Tue, 7 Feb 2006 13:01, Andrew Patterson wrote: > > I dont have to have a card to transfer $Xk between accounts or to pay > > bills > > I am happy to trust this to PIN numbers etc > > If you can still transfer money using online banking > in 5 years without some sort of smartcard/OTP/sms > I'd be amazed. > My credit union has another online ID system after the password; you have to select a combination of icons to get access. Liz -- Everything that can be invented has been invented. -- Charles Duell, Director of U.S. Patent Office, 1899 ------------------------------ Message: 9 Date: Tue, 7 Feb 2006 13:10:41 +1100 From: Elizabeth Dodd <[EMAIL PROTECTED]> Subject: Re: [GPCG_TALK] Allied health software on frontdesk To: General Practice Computing Group Talk <[email protected]> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="iso-8859-1" On Tue, 7 Feb 2006 12:15, Michael Christie wrote: > Technically this can be done. > But may I ask my colleagues, *_should_ *we do this for her? > What is your opinion? Sure, just what is the extra charge for this service? -- BOFH excuse #253: We've run out of licenses ------------------------------ Message: 10 Date: Tue, 7 Feb 2006 13:30:56 +1100 From: Andrew Patterson <[EMAIL PROTECTED]> Subject: Re: [GPCG_TALK] Are facsimiles of PBS prescriptions valid? To: General Practice Computing Group Talk <[email protected]> Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-1 > My credit union has another online ID system after the password; you have to > select a combination of icons to get access. True, banking systems may get away with techniques like this (especially in the short term as the phishers will go after much easier targets). There's certainly a lot of activity in this area amongst banks all around the world so at least we'll get a good chance to see which methods pass/fail the user acceptance test (is it practical to roll out hardware tokens to a large segment of the public) But is also reinforces the point - passwords by themselves are on the way out (and hence shouldn't even be on the radar when considering approaches to secure health communications) Andrew ------------------------------ _______________________________________________ Gpcg_talk mailing list [email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk End of Gpcg_talk Digest, Vol 5, Issue 21 ****************************************
<<winmail.dat>>
_______________________________________________ Gpcg_talk mailing list [email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
