Tim Churches wrote: /snip/ > Maybe I've missed something much earlier on this thread, but don't you need a > target security policy and associated threat model before you start designing > ways to implement it? The problem, of course, is that there is no single agreed > policy, even in broad terms. But to me, the best starting point is still Ross > Anderson's exposition of the policy he developed for the British Medical > Association - for the CiteSeer reference see > http://citeseer.nj.nec.com/anderson96security.html
/snip/ > Anyway, the Anderson paper is worth a read, or a re-read. Thanks for the link. I definitely found it worthwhile. Anderson has a page at Cambridge that's got a lot of good stuff worth spending some time on. His work on Medical Records (and other stuff too) is at http://www.cl.cam.ac.uk/~rja14/#Med Best regards, Bill - If you have any questions about using this list, please send a message to d.lloyd at openehr.org
