On 14/11/2017 14:50, Bert Verhees wrote:
I think we are heading an era where it can be impossible to tell where
from and/or when data are received /created and which event created
the data or made the data cause to interchange when the data do not
tell us themselves on an accountable way. For that we need an open
notary-system which does not rely on third parties (which would make
it to expensive).
There are not many kinds of personal data which will be interchanged
so much or are created in chains of events (context) as medical data.
I see that is quite a challenge to arrange such a system, but we will
need it to guarantee professional and medical safety and also privacy.
Maybe I am wrong, but I think blockchain may be a way to help us with
that.
I have not seen in this discussion many people acknowledging these
near future problems which can effect clinicians (in accountability)
and patients (in health-safety).
How about a clinician taking a fatal decision on base of an event
described on another system and that other system changed its contents
afterwards?
well if the physician included in his/her notes a mention of the
original event, or better, it was included in a FEEDER_AUDIT, the
versioning in the openEHR system will make sure there is medico-legal
protection. It is very unlikely that a physician would record a decision
(e.g. to prescribe some drug) without mentioning why.
So unless you are talking about the openEHR system being actively
hacked, I don't think this is a real use case. If we are talking about
the openEHR versioning being hacked, then a) they had to hack RAID 10
storage, DB persistence mirroring, daily backups, b) the data centre has
singificant security, c) some security analysis will have been made in
advance (it will, won't it?!), and depending on the perceived threat,
there may be e.g. hashing + notary, or signed hashes + notary, which
requires the hackers to be of a superior variety.
It's a fair bit of work to invisibly hack a properly implemented
versioned DB implementation within a secure facility, which is what is
needed for a medico-legal claim based on data to fail.
How about a patient who discovers its employer has knowledge of
private medical data? People often think about psychiatric
circumstances, but it can be other things in this time of revival of
religions, f.e. a woman who hides the fact she has had an abortion and
is now teaching on a christian school.
ok, now that's privacy, so we are talking data theft, not integrity or
non-repudiation of authorship.
Also interesting in this discussion is how to handle deletion of
medical data (the patients right to be forgotten).
Can it be that data refer to data on other systems, or may they only
refer to data on the same system, copies of data from other systems?
Do these copies need some accountable reference to where they come from?
these are I agree, important questions, and we've tried to cover some of
it with openEHR e.g. via FEEDER_AUDIT
<http://www.openehr.org/releases/RM/latest/docs/common/common.html#_feeder_system_audit>,
URI datatype, and more recently some thinking in a new REPORT type
<https://openehr.atlassian.net/wiki/spaces/spec/pages/92358988/Reports>
being considered for the RM (I've added a note to this to cover the
requirement to safely refer to / ?copy content from external systems).
We need to consider these kind of reference questions more carefully and
provide more comprehensive solutions for sure.
- thomas
--
Thomas Beale
Principal, Ars Semantica <http://www.arssemantica.com>
Consultant, ABD Team, Intermountain Healthcare
<https://intermountainhealthcare.org/>
Management Board, Specifications Program Lead, openEHR Foundation
<http://www.openehr.org>
Chartered IT Professional Fellow, BCS, British Computer Society
<http://www.bcs.org/category/6044>
Health IT blog <http://wolandscat.net/> | Culture blog
<http://wolandsothercat.net/>
_______________________________________________
openEHR-technical mailing list
[email protected]
http://lists.openehr.org/mailman/listinfo/openehr-technical_lists.openehr.org
