Ross Davey wrote: > In addition to the major issue described below, we now find that Argus > healthcare clients who dont have a Medicare provider number will be > required to revert to the old '100 point check and administrative time > delays' to get certificates. (For the past 6 months HeSA has allowed > ArgusConnect to issue pre-allocated 'encryption-only' certificates; a > process that was simple and quick.) > > Thankfully, those healthcare workers with provider numbers should be > able to just apply with a simple 'one page' form and get the cert back > by return mail ( ;-) ). (We will be encouraging the 26 Divisions who > are working on Argus deployment projects to just arrange applications by > their members in one massive wave) > > From now on ArgusConnect wont be able to shield clients from the burden > of application process and get certificate to clients quickly overnight > as we have done up to now. In fact, with the process now being proposed > by Medicare, we will revert to the process that proved absolutely > unsatisfactory in the past. ie doctors will need to apply on their own > behalf, they will forget to get this happening, we will then be delayed > in our installation process, we wont know when a practice has received > their certificate and passwords in the mail, we will find scheduling > installations a nightmare and it will all become too hard for doctors. > > Unless this is significantly smartened up I believe that ArgusConnect > will be forced to provide an optional alternative PKI process for > situations where Medicare Australia certificates are just too hard or > cumbersome to arrange.
Syan Tan spent a single-handed weekend about a year or so ago ripping out the HeSA PKI libraries from the open source version of ArgusConnect and replacing them with BouncyCastle, which is a set of excellent, mature, free and open source X.509 PKI libraries 9see http://www.bouncycastle.org/ ). The result was a version of ArgusConnect which would work with any X.509 compliant PKI provider (including ones set up with free tools like OpenCA - see http://www.openca.org/projects/openca/ ). Andrew Shrosbree was, as I recall, rather snooty about Syan's work, arguing that it must be a horribly quick hack. That may or may not be the case, but either way, if Syan can do it in a weekend then surely a couple of the ArgusConnect software engineers can do the same, to Andrew's exacting standards, in a few weeks? At this stage, I would opine that the medium-to-long-term future of ArgusConnect depends on such a conversion to allow the use of generic X.509 PKIs rather than the flawed-from-the-outset and now doomed HeSA PKI. Tim C > Ross Davey wrote: >> Government Drops the Ball on Healthcare e-security >> >> ________________________________________ >> >> * * >> >> Since the moving of Medicare Australia away from the health portfolio >> into the Human Services portfolio, we have been told that support for >> development, deployment and technical support for use of PKI in the >> health sector has been dropped for any applications other than those >> that support Medicare-related business. >> I am told that Medicare Australia no longer will invest resources in >> supporting the use of their PKI infrastructure for strictly >> healthcare-related applications. Medicare will simply concentrate on >> use of PKI for Medicare ‘core business’; which is interpreted to mean >> insurance-related applications. >> >> This leaves initiatives that have adopted HeSA PKI for security in >> clinical areas out in the cold and largely unsupported both >> technically and strategically. >> >> HeSA, the organisation that established an infrastructure for >> deploying PKI certificates, certificate tokens and also negotiated and >> oversaw the Certification Authorities and registration process, has >> been absorbed back into Medicare Australia and told to focus on ‘core >> business’. >> >> There are quite a number of initiatives around Australia that have >> adopted HeSA’s PKI technology in healthcare environments on the >> understanding that this would be the anointed mechanism for encrypting >> health data and for applying digital signing. They now find that >> unless the application is related to Medicare claiming, their >> initiatives are receiving minimal support, they cant get answers to >> important and urgent technical matters, and they cant be assured that >> the infrastructure will continue to be provided. >> >> ------------------------------- >> Ross Davey >> CEO >> ArgusConnect Pty Ltd >> Ph: 03 5335 2220 >> Mob: 0417 548608 >> Web: www.argusconnect.com.au >> ------------------------------- > _______________________________________________ > Gpcg_talk mailing list > [email protected] > http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk > _______________________________________________ Gpcg_talk mailing list [email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
