On Fri, 14 Dec 2001, Adrian Midgley wrote: > On Friday 14 December 2001 17:17, Andrew Ho wrote: > > On Fri, 14 Dec 2001, Adrian Midgley wrote: > > > This won't work because the Eternity Server trades confidentiality for > > availability. Therefore, it is a poor solution for personal health > > records. > > Not that I'd noticed, in that the personal health document or its hash, > whichever it was we were rambling on about in an increasingly off topic > fashion given to the service would surely be strongly encrypted.
Adrian, If it were so simple. Encrypted content cannot be retrieved from the Eternity service without a known retrieval key. As I illustrated previously, the protection of such retrieval key is the equivalent problem to the protection of the original document. The is a commonly overlooked aspect regarding the use of crypto - the protection of keys (=key management). I also respectfully disagree with your suggestion that mitigation of record destruction risks is off-topic with regards to health information systems. :-) > I beleive access controls can be added, such that only someone who > knows there is a document can retrieve it. I believe a similar thing was suggested back in March. It is hard enough to remember a passphrase or two. How realistic is it for anyone to remember an unique passphrase for every patient under one's care? ... > If they can delete the record from our system then we do have a problem, but > the court might take an interest in their whereabouts, and in breaches of the > system around the time shortly before the case was brought. Actually, it is more likely that you (the defendent) will delete the records that are unfavorable to your case. What I have shown is that you will be able to get away with it. > Ordinary system administration has the responsibility for dealing with > this threat. Sure. If we feel comfortable trusting them with this responsibility, then why are we not willing to trust them with preventing other types of record tampering???? ... Best regards, Andrew --- Andrew P. Ho, M.D. OIO: Open Infrastructure for Outcomes www.TxOutcome.Org (Hosting OIO Library #1 and OSHCA Mirror #1)
