On Monday 30 July 2007 14:53:52 Andrew McIntyre wrote: > c) Be digitally signed by the referring/requesting practitioner using an > individual > private key for which there is a current public key certificate > recognised by the > HIC (in accordance with HIC’s PKI standards), to allow a specialist, > consultant physician, or Approved Pathology Practitioner or medical > practitioner to verify the authenticity of the Referral or Request upon > receipt. There is a political question here which, although I know we've discussed it to death, I'm still no closer to resolution. Fundamentally, the issue is whether HIC have the moral right or the technical competency to control crypto between private practitioners. IMHO no and no. Correct me if I'm wrong but: - HIC still don't allow users to generate keys, - still no linux drivers for the Individual dongles - still very onerous contract for doctors. Basically we can't be trusted to generate keys, but can be trusted to indemnify HeSA for any mistakes/insecurities in this same process.
> The basic algorithm is to add 2 OBX segments to the end of an ORU > message. The first added OBX if FT (freetext) and contains the important > PID and OBR data such as the patient name, the test name and the date of > the test. This can be extended at will as it has to be generated prior > to signing the message and its actual content is not critical, basically > whatever data you wish to preserve over time. The second OBX contains > the actual signature data, which in the case of the HIC PKI is > encapsulated in a ED segment as it is binary. what is actually signed is > all the OBX data above the Last segment. This will include the first OBX > that was added. This means it is possible to craft misleading HL7 messages, where the name of the user in the PID segment is not the one that appears in the signed OBX segment. Software would have to check they are the same before displaying. Sounds like it could get very messy. Ian _______________________________________________ Gpcg_talk mailing list [email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
