Ian Haywood wrote: > There is a political question here which, although I know we've discussed it > to death, I'm still no closer to resolution. > Fundamentally, the issue is whether HIC have the moral right or the technical > competency to control crypto between private practitioners. IMHO no and no. > Correct me if I'm wrong but: > - HIC still don't allow users to generate keys, > - still no linux drivers for the Individual dongles > - still very onerous contract for doctors. Basically we can't be trusted to > generate keys, but can be trusted to indemnify HeSA for any > mistakes/insecurities in this same process.
It is a fairly standard piece of hardware however and the HIC library is based on OpenSSL so it is doable. > >> The basic algorithm is to add 2 OBX segments to the end of an ORU >> message. The first added OBX if FT (freetext) and contains the important >> PID and OBR data such as the patient name, the test name and the date of >> the test. This can be extended at will as it has to be generated prior >> to signing the message and its actual content is not critical, basically >> whatever data you wish to preserve over time. The second OBX contains >> the actual signature data, which in the case of the HIC PKI is >> encapsulated in a ED segment as it is binary. what is actually signed is >> all the OBX data above the Last segment. This will include the first OBX >> that was added. > This means it is possible to craft misleading HL7 messages, where the name of > the user in the PID segment is not the one that appears in the signed OBX > segment. Software would have to check they are the same before displaying. > Sounds like it could get very messy. It is displayed to the user and locked to the results so it allows patients to get Married or otherwise change their name without invalidating the signature. The original name is however locked in to the result data so crafting a misleading message is obvious. So a different name may not be incorrect, but user could be alerted that the PID name is different to the Signature name. Usually this would not be an attempt to mislead you. We store the message in pieces in an EHR and reassemble on request so the PID name does change and the signature remains intact, thats what its designed for. If I forward you a 10 year old result on a female who is now married then the PID name will differ from the signature name, but the signature name reflects the patient name at signing time. Andrew McIntyre. _______________________________________________ Gpcg_talk mailing list [email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
