The process of key generation can be argued about - Horst wants to do
his own - many people might accept keys from another trusted party. But
the problem for me was the contract - Drs are expected to effectively
accept all risk in the process. The contract seeks to absolve govt of
any responsibility. In any case there are three other parties involved -
in practice it wouuld be impossible to apportion blame to the various
players and it would end up as a legal shitfight.The poor old Dr is
unlikely to have resources to survive this sitation
R
Jim Glaspole wrote:
I think we should always expect errors, hope that efforts are made to
minimise the risk of them occurring, and make contingencies for when
they occur.
No system will be perfectly secure, and it may be that we won't
individually draw enough malice to warrant a full scale assault on our
own system while Medicare may incur this.
I don't believe our health IT utopia will ever exist but things will
improve.
The responsibility for use "our" PKI key much devolve back to the key
generator if it shown to be their fault there is a breach in security.
Jim
Cedric Meyerowitz wrote:
I agree that some people who think they are experts make big stuff ups -
including Governments worldwide. But people in glass houses should not
throw stones. Doctors are suppose to be in the top few percentiles of IQ.
Yet how many of them can't read or refuse to obey instructions. Every year
we read of some-one finding discarded old medical records on the rubbish
tip. Every week I see patients on medication they don't qualify for (RB or
Authority), yet a significant percentage of GP's and specialists refuse to
read or understand the yellow book or what their clinical package displays
on the screen. Some blantatly ignore the restrictions. I am not justifying
the PBS's criteria, so please no discussions about it. All I'm sayimg is
that if PBS made regulations we must follow it or prescribe privately -
there are many discussions about Dr. not bulk-billing, and if they feel so
strongly a patient needs Medication X that they will falsefy records or lie
to be able to prtescribe it, then prescribe it privatey.
I can continue add infinitum of how silly / stupid we as Dr.'s are, because
we believe we are above the law.
Cedric
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Horst Herb
Sent: Friday, 7 April 2006 7:51 AM
To: General Practice Computing Group Talk
Subject: Re: [GPCG_TALK] another goodreason not to trust HeSA with our
privatekeys
On Fri, 7 Apr 2006 07:47, Ian Haywood wrote:
The fact is, even if HeSA, HealthLink, et al., were computing
super-geniuses all running OpenBSD, someday, someone is going to crack
their system. They've chosen a system were our security is dependent
on theirs (however good), but they could have easily chosen one where
it isn't. The problem is, they don't trust *us* ;-)
The problem is that they don't understand that it is entirely irrelevant
whether they trust *us*.
If we stuff up (our key gets compromised by our fault) = *we* are liable for
the consequences
If they stuff up (our key gets compromised by THEIR fault) = *we* are
(still!)
liable for the consequences because it will be close to impossible to prove
in court that it was their fault
If in any case we will get the blame and suffer the consequences, what's so
difficult then to understand that *we* want full control?
_______________________________________________
Gpcg_talk mailing list
[email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
_______________________________________________
Gpcg_talk mailing list
[email protected]
http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
_______________________________________________
Gpcg_talk mailing list
[email protected]
http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
_______________________________________________
Gpcg_talk mailing list
[email protected]
http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
