another "old" post that deserves a reply... Tim Churches wrote:
> >Maybe I've missed something much earlier on this thread, but don't you need a >target security policy and associated threat model before you start designing >ways to implement it? > some work has been done on this, and I would expect that in openEHR we will be able to post some kind of analysis in the coming months. > The problem, of course, is that there is no single agreed >policy, even in broad terms. But to me, the best starting point is still Ross >Anderson's exposition of the policy he developed for the British Medical >Association - for the CiteSeer reference see >http://citeseer.nj.nec.com/anderson96security.html > >There are still major technical challenges in addressing that policy, 8 or 9 >years >after it was first published, particularly with respect to trusted computing >bases ( >the NSA version of Linux with mandatory access control offers promise there) >and statistical disclosure control (where theory still lags behind ad hoc >practice >rather badly). But the rest can probably be implemented using role-based >security concepts - the level of granularity of roles required by the Anderson >policy is still orders of magnitude finer than anything which has been fielded >to >date, I think. > agree. One big issue is for everyone to start agreeing on where "consolidated" EHRs really live, and the role of more global ad hoc messaging for unexpected care info requests. THere are some animated slides on this at http://www.oceaninformatics.biz/publications/EHR_vision.zip on the issue. - thomas - If you have any questions about using this list, please send a message to d.lloyd at openehr.org
