On Tue, 2004-03-09 at 23:20, Thompson, Ken wrote: > 2) A mechanism on the patient record itself that displays a list of all > users that have accessed the record (with date and time). This will probably > be made available to the patient at some point, so they will actually > provide a critical part of the checks and balances in the system.
This is similar to the mechanisms envisaged under the "Consent and notification" secion of the now-famous BMA Security Policy, developed by Ross Anderson - see http://www.cl.cam.ac.uk/users/rja14/policy11/policy11.html This is still the gold standard for EHR security policies, IMHO, yet most people I have met who are involved in EHR work and who know of it (curiously many seem ignorant of it) tend to dismiss it, not because the policies are unsound (although they do need minor tweaking here and there), but because implementing them is very difficult in practice - particularly the multilateral as opposed to multilevel access control policy. In fact you need both, but of the two, the former is more important. In other words, role-based access control, where the "roles" are specific to each patient, as well as to each health professional. -- Tim C PGP/GnuPG Key 1024D/EAF993D0 available from keyservers everywhere or at http://members.optushome.com.au/tchur/pubkey.asc Key fingerprint = 8C22 BF76 33BA B3B5 1D5B EB37 7891 46A9 EAF9 93D0 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://lists.openehr.org/mailman/private/openehr-technical_lists.openehr.org/attachments/20040310/5e3db997/attachment.asc>
