Horst Herb wrote:
>
> One problem I come across again and again (and to my knowledge it is not
>satisfactorily solved yet) is the tamper proofing of "electronic" medical records
>(EMR).
>
> proposal 1: each day, a strong hash is generated across this days transaction
>entries. Once weekly or monthly, the hash list is printed out, sealed and then signed
>by a trustworthy person like a justice of peace.
>
> proposal 2 is similar; but instead of printing the hash list and sealing it by a
>trustworthy person, the list is emailed daily to a trustworthy server and archived
>there.
>
This scheme is called a digital notary and there are companies that have
perfected the technique. One such, a spin-off of BellCore research (who
had a nice paper on this technology a few years ago) is Surety.
Surety is found at:
http://www.surety.com/index-nn.html
You might also find Ross Anderson's Eternal Resource Locator Proposal
interesting as it touches on this issue and confronts head on the issues
of longevity and property protection on the internet.
URL is http://www.cl.cam.ac.uk/~fapp2/papers/ec98-erl/
In general see Ross's security in health care section of his home page
for all sorts of information on Policy, reliabilty and security
techniques at:
http://www.cl.cam.ac.uk/~rja14/
