Hi Gerard, Great! Agree! Thanks!
-Thomas Clark ----- Original Message ----- From: "Gerard Freriks" <[email protected]> To: "Thomas Clark" <tclark at hcsystems.com>; "Paul Juarez" <JuarezPD at wmmcpo.ah.org>; <bill.walton at jstats.com>; <openehr-technical at openehr.org> Sent: Monday, April 28, 2003 11:57 PM Subject: Re: GEHR philosophical background info > On 2003-04-29 3:44, "Thomas Clark" <tclark at hcsystems.com> wrote: > > > Hi Paul, > > > >.... > >.... > > > > You are very right concerning the involvement of judges and attorneys. The > > legal issues must be handled up front. > > > > -Thomas Clark > >>>>> > > Yes. > The problem is that in Europe, the USA, Canada, Australia, etc, there are > many legal systems. > One generic solution that will fit all will be difficult. > > The problem is intractable because it is a problem with at 5 degrees of > freedom, if not more. > > In order to solve this we need discussions on: > Descriptions of contexts, > Type of infrastructure (pull/push, federation/messaging, MAC/DAC, the level > of social (persons) control versus the dependency on technology for control, > etc, > What is stored in the audit-log, > Scenario's / use cases. > > And then we can have nice discussions as I read now on this list. > > One solution is to assume for the discussion the existence of a Service next > to the EHR service that will control access. And that the EHR service is > completely ignorant and passive for this Access Service to operate. Then > each country (legal jurisdiction) is able to handle its own context. > And we all can use the same standard for the EHR. > The Access Service will act as 'firewall' and has all the responsibilities > for granting access. > > Personally I favour this simplistic approach. > But I know there are two major contexts: > - within a legal entity > - between legal entities. > In an institution there can be a mix of these two. > > Within a legal entity I will depend on social measures and therefore audit > trails for security. For this solution we need a set of agreed rules plus a > discussion on the content of the audit-trail. > Between legal entities information can only be exchanged when a person > consciously accepts responsibilities for a set of information to be shared > for a specific purpose with a specific set of other persons. The provisions > for exceptions need to be spelled out completely. Here again the audit-tral > and a set of rules are needed. But foremost it must be one person that takes > full responsibility. > As you can see I try to solve the problem by not depending to much on > informational facilities in any EHR. But I will depend on the audit-trail > where will be recorded what was published and what was accessed by whom, for > what purpose, etc. This is not part of the EHR. > > The reason why I'm suggesting this way of solving the problem is: > - the problem of access control is about handling responsibility and proof. > Only persons can be held responsible > - Access control easily assumes that the evaluation of Identity, Role, > Participation, the trustworthiness of information (or sets if information) > are constants of time. All are not constant at all over time. Therefore we > can not rely on machines to operate on values judgements (rules) from the > past. But we need judgements made by responsible persons as a reaction to a > request by an other responsible person as much as possible. > > > > > Gerard > > > > > -- <private> -- > Gerard Freriks, arts > Huigsloterdijk 378 > 2158 LR Buitenkaag > The Netherlands > > +31 252 544896 > +31 654 792800 > > - If you have any questions about using this list, please send a message to d.lloyd at openehr.org
