Hi Bish, Periodic and immediate 'Bio' identification would satisfy certain security requirements re authenticity, e.g., official documents (e.g., post surgical release). Your comment re 'thumb imprint', or scan, provides a more secure means of authentication that may be required.
Requiring that a 'digital signature' be incorporated within a EHR is a step forward but if all that is required is the presence of a digital signature one can be obtained from multiple sources. As you indicated 'verification of authenticity' is required. Verification, however, can be 'fooled' as well, e.g., where digital signatures are collected in advance into a set of 'secure signatures' the presence of one or more of these signatures within an EHR indicates just that and no more. How is this solved in other fields? 'Bio ID' is one approach, e.g., 'finger and thumb imprint', a digital photo and a voice track, in addition to other digital signatures puts up a much higher wall. I am intrigued by the combination of voice tracks with background syn, e.g., Practitioner and Practitioner + Patient.. An example would be a Hospital Delivery Room (multiple persons) and an automatically generated voice track Properly encrypted the track would be hard to break and/or deny. In other areas similar approaches are available, e.g., encrypted time/date/voice tracks can be integrated into Medical devices and then into EHRs. Side benefits include integration of the time/date into the EHR. A major problem with the photo approach is that some persons become unrecognizable after a 12 hour shift. A problem with ordinary 'digital signatures' is that they can be hacked, patched and the wrong ones, e.g., a reserved place in an EHR for a fixed-length digital signature is bad since one might be able to place another there. Regards! -Thomas Clark USM Bish wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >On Sat, Mar 05, 2005 at 07:34:47PM +0100, Karsten Hilbert wrote: > > >>>The main issue here is varification of authenticity of digital >>>data entry. There must be some mechanism to ensure that every >>>entry placed in the EHR must be authenticated by the signitory, >>>even if the entry is made by a secretary, DEO or transcription- >>>ist. >>> >>> >>A first-step solution might be this: >> >>- writes are tracked (author, timestamp) >>- regular clear-text database dumps are taken (say, twice daily) >> this includes the tracked writes (eg audit logs) >>- dumps are signed to be authentic by a, say, CMO >>- dump hashes are timestamp-signed by non-affiliated third >> parties (say, digital notary servers provided by medical >> faculties, etc.) >> >> >> > >This is a logical process to start with. The issue here is >acceptance and institution of the 'notary servers' ... these >need to find a place within the system universally. > > > >[some snipped] > > >>>Audit trails of visits are only to ensure read access by >>>authorised agencies. >>> >>> >>Even that does not really add any value. IF access occurred it >>must have occurred with proper credentials (barring bugs in the >>software). >> >> > >Yup, as far as the technical side is concerned, this should be >the end point that we need to go for presently ... > > > >>The question is whether those credentials were abused by >>someone who wasn't supposed to know them or by someone in the >>know but who wasn't supposed to access that part of the data. >>One study showed a decrease in the latter when "tracking reads" >>was announced to the regular users. >> >> > >These are human shortfalls. The fact is, if a sysadmin is happy >to broadcast access passwords to all-and-sundry, ultimately, >he/ she is to be held responsible. It is possible to >incorporate much more stringent access methods by thumb imprint >or pupil signature varification (and methods yet to come). >However, such mathods may not be easily deployable or cost >effective. > >Just my 2p > >Bish > > > >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.2.3 (GNU/Linux) > >iD8DBQFCKrmHr5z5toona28RAkTiAJ4hy3mVByXwyOIhPnzFQhoxQ+3powCfbiMq >Chr+CL6Y/Z6uAj+fvXReau4= >=4UHc >-----END PGP SIGNATURE----- >- >If you have any questions about using this list, >please send a message to d.lloyd at openehr.org > > > - If you have any questions about using this list, please send a message to d.lloyd at openehr.org
