The new developments in e-book publishing may provide an answer to this sort
of problem. For example, Microsoft Reader requires Microsoft Passport to
work and the documents are encrypted. Digital rights management (including
PKI access control and authentication) uses XrML (Extensible Rights Markup
Language) to specify the user rights. XrML is the successor to Xerox PARC's
Digital Rights Markup Language and is now supported by ContentGuard (jointly
owned by Xerox and Microsoft). Adobe ePaper and Glassbook have a similar
approach with EBX. This technology is bound to become ubiquitous as the
media industries seek to close the stable door after Napster.
Access to a patient record is fundamentally little different to accessing an
eBook. Standards such as the Open eBook Publication Structure provide a
useful set of facilities, such as automatic content lists, indexes,
bookmarks, annotations and trails that could be of great value in browsing
individual patient records. Synchronisation tools are also available to
keep the "book" up to date automatically from the host server.
Tim Benson
Abies e-Health
12 St Georges Road, London, NW11 0LR
020 8455 8106; 07768 825 012 (mob); 020 8458 9577 (fax)
[EMAIL PROTECTED]
> -----Original Message-----
> From: Michael J. Kramer [mailto:[EMAIL PROTECTED]]
> Sent: 29 November 2000 17:09
> To: [EMAIL PROTECTED]
> Subject: PDA Security
>
>
> I have been intermittently lurking, Has anyone discussed the issue of
> security for PDA's?
>
> A wide variety of applications can store data on the PDA's and they have
> effectively been used to collect patient data. I have over 400 patient
> records on my PDA. According to some estimates, 1 in 4 PDA's are lost or
> stolen every year (Gartner Group). It is clear that a lost or stolen PDA's
> place this data at high risk and the number of patient records per PDA may
> be quite large.
>
> Currently, many applications use password authentication for their
> applications. The most common method is to require authentication each
> time the device or application is used. Frequent requirements for
> password authentication are cumbersome and reduce the usefulness of the
> PDA.
>
> Despite adequate password use, most all PDA based healthcare applications
> fail to encrypt the actual data. Furthermore, These PDA's are often
> synchronized or backed up onto the personal desktop computers of the PDA
> user. In the instance where synchronizing computers are attached to an,
> "always on," Internet service such as DSL or a cable modem, the exposure
> of this unencrypted patient data is extraordinary. With hundreds of PDA
> users, it is possible that there is a large exposure to healthcare data on
> personal computers attached to the public Internet.
>
> I have been looking for methods to secure the PDA based synchronization
> process. One method would be to encrypt the data in the PDA, but palm
> devices have limited encryption software and little power to encrypt and
> decrypt. Further, the Palm does a complete backup of all devices on the
> PDA every 5th synch. I am unsure how to prevent this, allow it only on
> our secure "enterprise sych workstations", or exclude certain PDA
> databases. Perhaps a enterprise based synchronization strategy that
> created an encrypted conduit directly back to the a synch server. I have,
> however, been very unimpressed by the PDA industry to provide
> enterprise/centralized synchronization services.
>
> The only company that seems to be promoting enterprise PDA management and
> is touting the release of a secure conduit is Aether. Licensing for this
> starts at >$100 per seat.
>
> Has anyone else found a solution to these issues?
>
> We have been discussing this on the palm-med listserver if anyone is
> interested in contributing there as well, send an email to
> [EMAIL PROTECTED] with the word "subscribe" in the subject line.
>
> Mike
>
>
> <<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>
> J. Michael Kramer, MD
> Medical Informatics Fellow, Department of Internal Medicine and
> The Michigan Collaboratory for Health Informatics, MiCHI
>
> Web and Alpha Page:
> http://www.umich.edu/~jmkramer
> Office: (734) 615-0026 Fax: (734) 936-3617
> Voice Mail: (734) 615-0605 page: (734 )936-6267
>
