Hi Matt, Fragmented records and securing individual and groups of records is a common approach. It is very much like taking a 300 page document and building a security system that enables security: 1)covering the entire document 2)separate security covering chapters and 3)separate security for tables, graphs and figures.
Access to the document is the first step; access to a specific chapter requires separate authentication; access to tables, etc can require separate authentication. This focuses a specific reader's requests to those portions that are "relevant"/"germane". "one authentication" systems, e.g., password to your windows PC or Linux workstation are really ancient security systems. There are typically more ways to break-in than log-in. Recall than system and network managers are often the targets of security probes because they can access your raw data at will; that may include your sensitive data. If you grant access to the entire EHR for a Patient to anyone successfully passing a "one authentication" gate you are likely to experience some real "pushback". Your obligation as a designer is to ensure that "relevance" and NEED TO KNOW are essential elements of the security system and that a successful authentication carries with it an assurance that the requestor is provided access to only "relevant"/"germane" information. -Thomas Clark ----- Original Message ----- From: "Matt Evans" <[email protected]> To: <openehr-technical at openehr.org> Sent: Thursday, May 01, 2003 2:30 PM Subject: FW: openEHR security; Directed to Thomas Beale > >[...] > >> At all points NEED TO KNOW > >> governs access > >[...] > > > >Except that the Need-To-Know paradigm doesn't work very well > >in healthcare. The provider may not know what she needs to > >know at the time of the patient encounter. The patient can't > >possibly correctly decide what her doctor must know in order > >to be able to make the right decisions (of course, the patient > >is fully able to decide what she *wants* the doctor to know). > >Etc. > > > >Medicine is neither the military nor a secret service, literally > >(it's not mass media either, on the other end of the spectrum). > > > >Just a clinician's muttering ... > > > >Karsten > >-- > > Karsten, > > I agree and have concerns about being expected to take responsibility > without access to all the facts. > > I suppose this may not be an issue as I suspect that most people won't > restrict the information in their file. > > However, to fragment a medical file into bits I can and can't see is similar > to taking the view that mind and body are separate entities. > > If something is restricted, will I know there is something there that I > can't see? Or will I be blisfully ignorant? How can I know if a piece of > information is irrelevant unless I can see it to assess it? > > More mutterings! > > Matt > > > - > If you have any questions about using this list, > please send a message to d.lloyd at openehr.org - If you have any questions about using this list, please send a message to d.lloyd at openehr.org
