Greg Twyford wrote:
For example, when you install Promedicus, it automatically creates the
keys it uses for encryption by prompting you to enter a random string
of characters. It then transmits the public key to their server, which
is all they need to be able to transmit encrypted investigations
results securely to the practice. This process takes literally a
minute and a very brief confirmatory phone call to the number
displayed at the end of the set-up process.
Not a good model to quote because I believe that Promedicus decrypt at
their central server and re-encrypt with the recipient's keys to send it
to the recipient. Not the most desirable model secuity-wise. But point
taken; anything that is implemented should be as simple as this.
I'm also mindful that the now much-streamlined-but-still-cumbersome
procedures for using HeSA keys and HIC Online were largely due to the
efforts of the likes of Horst and Oliver Frank when HIC/HeSA came up
with their first iteration of nonsense. No one would touch all of this
when it involved 130 page contracts that only meant anything to
security specialists, reams of application paperwork and security
hurdles, some of which are still there.
I still have to sit with GPs and walk them through the web forms for
applying for their HeSA keys and HIC, sorry Medicare, Online. Many GPs
have never used a web form before, apart from Internet banking
perhaps, and certainly the requirements of the online registration are
not obvious to the first time user.
John Brewer has had a meeting with us and all this is due to change. A
much more friendly model, private keys generated at the user end, and a
'known customer trust' model that allows for easy application for and
issue of keys. Also an automated means of distributing expired keys. I
was very heartened by all this. Watch and wait.
_______________________________________________
Gpcg_talk mailing list
[email protected]
http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
