RE: [GPCG_TALK] Electronic referrals between providersus thesameEMR

Tue, 28 Feb 2006 14:01:50 -0800

As I remember it you said “and all that Horst goes on about our encryption is shit” or words to that effect and that your encryption was wonderful and stopped people going back and altering the records. You were as emphatic about that as you are about everything else you said to me then.

 

BUT 

 

If your encryption is not up to standard – which is what you are really saying now -  and that it is NOT almost impossible to alter, then why do you bother?

A former associate said that it takes about one minute to crack it and that as far as encryption goes it is worthless.

 

 

As I tried to tell you, Andrew, different people have different perceptions. Lies are the truths of others – how do you tell a woman her child is ugly?

 

I still cannot see how you could see me as a competitor, Andrew, and we have doctors users as a secondary consideration. They are welcome to use it but they are not our prime market. You know, I know, we all know that the primary purpose of your product was to write prescriptions and then to gain sponsorship to pay for it. Anything else is padding. It was done to try to sew up the market and I have to congratulate you on your efforts in that area.

 

Now you have baited me again and there were no other parties to the conversation in Perth.

 

David de Bhal

MA MB BCh BAO MICGP

Sorry, no (Hons)

Virtual Practice

 

 

 

 

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrew Magennis
Sent: Tuesday, February 28, 2006 9:40 AM
To: General Practice Computing Group Talk
Subject: Re: [GPCG_TALK] Electronic referrals between providersus thesameEMR

 

David

Andrew Magennis most certainly did not say "that the encryption was so good that it was impossible to go back and alter it post
hoc." I recall explaining why the progress notes were encrypted, - to give them more weight as evidence etc, and I believe I said words to the effect that the encryption was there to stop doctors or others casually going in the back door to change the notes. I believe I went on to say that it was NOT meant to be an intelligence grade block and I made reference to Horsts comment that his 10 year old son cracked it in less than 10 minutes - if I recall Horst's post correctly.

How you can conclude what you have stated from what was said escapes me.

Andrew

 

Dr. Andrew Magennis
M.B.,B.S. B.Sc (Hons) Dip. R.A.C.O.G.
Medical Director
Health Communication Network

 

Contact
Work Tel: 03 9810 4510
Work Fax: 03 9819 3263
Mobile: 0417 135 302
Home Fax: 03 9882 3251
Email: [EMAIL PROTECTED]
Web: www.hcn.com.au

----- Original Message -----

Sent: Tuesday, February 28, 2006 9:18 AM

Subject: RE: [GPCG_TALK] Electronic referrals between providersusing thesameEMR

 

Can this not be overcome by saving the timeline entries as distinct PDF
documents?

When you say your EMR - what exactly do you mean? If you are referring to
Medical Director, Andrew Magennis told me last week, emphatically, that the
encryption was so good that it was impossible to go back and alter it post
hoc.

It is interesting to note, that no such standards apply to the written
document which may be pre or post dated as the 'need' arises. Why apply such
onerous standards for something like a radiology or pathology referral when
the intention of the referral is all that is in question.

What is to occur when we all eventually move to the web?


David de Bhal
Virtual Practice

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Tim Churches
Sent: Tuesday, February 28, 2006 7:43 AM
To: General Practice Computing Group Talk
Subject: Re: [GPCG_TALK] Electronic referrals between providers using
thesameEMR

Duncan Guy wrote:
> I'm not so sure I want to be a test case but ... Given this is a unique
> situation and to access our EMR the specialist who is referring to me
> has to log onto the server via a terminal session with his/her unique
> username and password and then onto the EMR with his/her unique password
> and the EMR records every keystroke with time and date stamping I was
> hoping this might do.  S'pose there isn't an answer to this one.

The problem is that your EMR, timestamps included, can be altered post
hoc in a completely undetectable fashion. The only solution to this is
to create secure hashes ("digests") of the state of your EMR and have
that timestamped digest digitally signed by a trusted third party - by a
digital notary public. Provided that there is no collusion between you
and the notary public (and notaries public are chosen and honour-bound
to resist such collusion), then the use of such digital notarisation
provides very good evidence (very difficult to challenge in a court of
law) that your EHR actualy contained the information you asserted that
it did (eg evidence of a referral) on a particular date (as opposed to
having been "doctored" at a later date to make it appear that it
contained that information at some earlier date).

All of the foregoing applies to any medicolegal use of an EMR, of
course, not just to evidence of referrals.

Digital notarisation is quite easy to do - Horst demonstrated that
several years ago with his Gnotary facility and software - see
http://www.gnumed.net/gnotary/

However, to be really practical and convenient, digital notarisation
really needs to be built into the EMR software itself. It is surprising
that no vendors of Australian medical software offer that feature 9at
least not that I am aware of). And there need to be reputable digital
notaries out there - ideally people who are recognised and registered
public notaries. The actual digital notarisation process can be
completely automated and can just run unattended as a server on the
Internet (but under the control of the digital notary), and the volume
of information it needs to store long-term is quite small, so running
costs for such a service would be minimal.

Hmmm, in fact, couldn't such digital notarisation be used by Medicare
Australia (nee HIC) for specialist referral attestation purposes? It
would work like this:

a) GP generates electronic specialist referral document.

b) GP sends a message containing three parts to a trusted digital notary:
A) the referral document, encrypted with the specialist's public key (so
the notary can't see what the referral document says)
B) a secure timestamped hash (digest) of the referral letter before it
was encrypted.
C) a routing message which tells the digital notary to what address the
three part message should be forwarded.

The digital notary then countersigns part B of the three part message,
keeps a copy of that part, and then forwards parts A and B (now
countersigned) to the recipient identified in part C.

On receipt of the above, the specialist decrypts the referral document
(part A) and stores it together with the notarised (countersigned)
timestamped digest of the referral document (part B) in his/her EMR.

The specialist then has proof, as attested to by the digital notary,
that someone sent him/her a particular referral letter on a particular
date, and that referral letter or the date can't be retrospectively
faked (at least not without the collusion of the digital notary, which
is very unlikely). This then proves that the specialist was acting in
good faith in seeing the patient and then claiming a specialist
consultation from Medicare Australia in recompense (or partial recompense).

It proves the identity of the GP who sent the referral letter only
insofar as the GP's digital signature on the referral document is trusted.

Note that it is perfectly possible for Medicare Australia to play the
roe of the digital notary, although that would enable them to track
referral patterns from GPs to specialists, which may or may not be a
good thing depending on your point-of-view. Otherwise an independent
digital notary might best be employed.

Again, all of the foregoing would need to be built into software to make
it convenient, but the underlying software technology is freely
available and well understood.

Tim C
_______________________________________________
Gpcg_talk mailing list
[email protected]
http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk

--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.375 / Virus Database: 268.1.0/269 - Release Date: 2/24/2006
 

--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.375 / Virus Database: 268.1.0/269 - Release Date: 2/24/2006
 


_______________________________________________
Gpcg_talk mailing list
[email protected]
http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk


--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.375 / Virus Database: 268.1.1/270 - Release Date: 2/27/2006


--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.375 / Virus Database: 268.1.1/270 - Release Date: 2/27/2006
 

_______________________________________________
Gpcg_talk mailing list
[email protected]
http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk

Reply via email to