Hi Nathan, The real estate codes in most jurisdictions require landowners to post notices warning of everything from dangerous conditions to prohibitions. Interpretations extend well beyond this to impose duties upon the landowners to take active measures to persons that may be classified as trespassers to protect them against dangers.
In short, nailing-up a sign on a tree or a fence is just step #1 and it doesn't stop there. Another analogy is a financial services firm that takes your certificates and holds them for safe keeping. They may post a sign but they had better do a whole lot more than that. The topic of Patient record security is a tough one. Some jurisdictions have already established code. The real question is does the security in whole comply with the code and available case law. If so, will it next month? Security is an ongoing requirement, responsibility and duty. Consult an experience attorney. Regards! -Thomas Clark Nathan Lea wrote: > On 9 Mar 2004, at 06:51, Thomas Beale wrote: > > A well known study in Harvard medical school (I think) showed that > putting the message "Do not inappropriately access patient data - > all your accesses are being logged" on clinician screens a few > times a day resulted in a drop to near 0 of inappropriate access. > No other technology was used > > > Indeed - but the (perhaps) disingenuous claim which is flashed across > clinicians' screens will only work for a finite period before people > stop believing it and revert to their old habits. Security is a > process, and it requires constant amendment and updating. If someone > wants to "attack" a system (in this case by inappropriately accessing > records), they will. To use a phrase which is undoubtedly well known > to everyone, "there is no silver bullet" - especially where security > is concerned... > > A good book to look at on the subject of insecure data is /The Art of > Deception/ by Kevin Mitnik. > > Never say die. > > Best, > > Nathan > - If you have any questions about using this list, please send a message to d.lloyd at openehr.org