Hi Ross, For point to point messaging systems such as promedicus and healthlink, is there a point at which the third party provider can see the clinical data that is passing through their channel?
Regards Stephen Stephen Barnett B.Med MRCGP FRACGP DCH (Lond) General Practitioner Bowral Street Medical Practice Bowral 2576 NSW -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Ross Davey Sent: Thursday, April 06, 2006 10:41 AM To: General Practice Computing Group Talk Subject: Re: [GPCG_TALK] another goodreason not to trust HeSA with our privatekeys Greg Twyford wrote: > > For example, when you install Promedicus, it automatically creates the > keys it uses for encryption by prompting you to enter a random string > of characters. It then transmits the public key to their server, which > is all they need to be able to transmit encrypted investigations > results securely to the practice. This process takes literally a > minute and a very brief confirmatory phone call to the number > displayed at the end of the set-up process. > Not a good model to quote because I believe that Promedicus decrypt at their central server and re-encrypt with the recipient's keys to send it to the recipient. Not the most desirable model secuity-wise. But point taken; anything that is implemented should be as simple as this. > > I'm also mindful that the now much-streamlined-but-still-cumbersome > procedures for using HeSA keys and HIC Online were largely due to the > efforts of the likes of Horst and Oliver Frank when HIC/HeSA came up > with their first iteration of nonsense. No one would touch all of this > when it involved 130 page contracts that only meant anything to > security specialists, reams of application paperwork and security > hurdles, some of which are still there. > > I still have to sit with GPs and walk them through the web forms for > applying for their HeSA keys and HIC, sorry Medicare, Online. Many GPs > have never used a web form before, apart from Internet banking > perhaps, and certainly the requirements of the online registration are > not obvious to the first time user. > John Brewer has had a meeting with us and all this is due to change. A much more friendly model, private keys generated at the user end, and a 'known customer trust' model that allows for easy application for and issue of keys. Also an automated means of distributing expired keys. I was very heartened by all this. Watch and wait. _______________________________________________ Gpcg_talk mailing list [email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk _______________________________________________ Gpcg_talk mailing list [email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
