Ian Haywood wrote: > On Wednesday 06 December 2006 20:57, Elizabeth Dodd wrote: > >> this bit of text got me >> it must be digitally signed by someone independent - so that excludes an >> employee >> so who does it? >> how does one ensure privacy? > I interpreted it as requiring a third-party notarisation service. > As the notary needs to encounter the dead-version to notarise, presumably you > would have to mail it to them,
Is the following message, from this list in Feb 2006, of relevance? The stumbling block is for the notary to prove, or at least be able to confidently attest to to bona fides of the identity of the referrer, and that implies a web or chain of trust via exchange of GPG/OpenPGP keys or a more formal X.509 certificate authority. But does it *have* to be HeSA? Tim C -------- Original Message -------- Subject: Re: [GPCG_TALK] Electronic referrals between providers using the sameEMR Date: Tue, 28 Feb 2006 08:43:20 +1100 From: Tim Churches <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Organization: No, totally disorganised To: General Practice Computing Group Talk <[email protected]> References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> Duncan Guy wrote: > I'm not so sure I want to be a test case but ... Given this is a unique > situation and to access our EMR the specialist who is referring to me > has to log onto the server via a terminal session with his/her unique > username and password and then onto the EMR with his/her unique password > and the EMR records every keystroke with time and date stamping I was > hoping this might do. S'pose there isn't an answer to this one. The problem is that your EMR, timestamps included, can be altered post hoc in a completely undetectable fashion. The only solution to this is to create secure hashes ("digests") of the state of your EMR and have that timestamped digest digitally signed by a trusted third party - by a digital notary public. Provided that there is no collusion between you and the notary public (and notaries public are chosen and honour-bound to resist such collusion), then the use of such digital notarisation provides very good evidence (very difficult to challenge in a court of law) that your EHR actualy contained the information you asserted that it did (eg evidence of a referral) on a particular date (as opposed to having been "doctored" at a later date to make it appear that it contained that information at some earlier date). All of the foregoing applies to any medicolegal use of an EMR, of course, not just to evidence of referrals. Digital notarisation is quite easy to do - Horst demonstrated that several years ago with his Gnotary facility and software - see http://www.gnumed.net/gnotary/ However, to be really practical and convenient, digital notarisation really needs to be built into the EMR software itself. It is surprising that no vendors of Australian medical software offer that feature 9at least not that I am aware of). And there need to be reputable digital notaries out there - ideally people who are recognised and registered public notaries. The actual digital notarisation process can be completely automated and can just run unattended as a server on the Internet (but under the control of the digital notary), and the volume of information it needs to store long-term is quite small, so running costs for such a service would be minimal. Hmmm, in fact, couldn't such digital notarisation be used by Medicare Australia (nee HIC) for specialist referral attestation purposes? It would work like this: a) GP generates electronic specialist referral document. b) GP sends a message containing three parts to a trusted digital notary: A) the referral document, encrypted with the specialist's public key (so the notary can't see what the referral document says) B) a secure timestamped hash (digest) of the referral letter before it was encrypted. C) a routing message which tells the digital notary to what address the three part message should be forwarded. The digital notary then countersigns part B of the three part message, keeps a copy of that part, and then forwards parts A and B (now countersigned) to the recipient identified in part C. On receipt of the above, the specialist decrypts the referral document (part A) and stores it together with the notarised (countersigned) timestamped digest of the referral document (part B) in his/her EMR. The specialist then has proof, as attested to by the digital notary, that someone sent him/her a particular referral letter on a particular date, and that referral letter or the date can't be retrospectively faked (at least not without the collusion of the digital notary, which is very unlikely). This then proves that the specialist was acting in good faith in seeing the patient and then claiming a specialist consultation from Medicare Australia in recompense (or partial recompense). It proves the identity of the GP who sent the referral letter only insofar as the GP's digital signature on the referral document is trusted. Note that it is perfectly possible for Medicare Australia to play the roe of the digital notary, although that would enable them to track referral patterns from GPs to specialists, which may or may not be a good thing depending on your point-of-view. Otherwise an independent digital notary might best be employed. Again, all of the foregoing would need to be built into software to make it convenient, but the underlying software technology is freely available and well understood. Tim C _______________________________________________ Gpcg_talk mailing list [email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
