Quoting "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>: ... > >>Information archiving, retrieval and update cannot be completed > without > >>the Patients active participation. The Payer and Provider can each > hold > >>a key that individually and together cannot create access to the > >>information and join the constituent parts. > >> > >> > > > >Sounds very interesting. > > > >What do you mean by "active participation"? > >Does the patient hold/present a key too? > > > The Patient or the Patient's representative holds a key. The > representative can be a > legal representative, a family member or a private security agent. Both > the Patient > and the representative should have a tool to audit requests for access. > > The key is in turn limited/restricted, i.e., you can access records > related to a > specific condition my not other non-related conditions. It would also be > in part > declarative, e.g., the Patient can withhold permission to use their DNA. > > The Patient's key would have a structure compatible with their records > hence > their would be a Patient-specific format that supported general > information, > e.g., date-of-birth.
This sounds good and very useful. Typically in a key-based system, the most difficult part is key management - from the moment of key creation. In your design, who creates these keys and how does the system assure the security of that process? ... > >What if the patient loses his/her key? > > > Patient keys can be re-generated from Records-based information (similar > to fault-recoverable file systems). What prevents non-Patients (e.g. evil government agents) from re-generating patient keys? > Since the key is not saddled with a fixed format, > additions and modifications will modify the key. Do you mean changing information in patient records always lead to a modified key? > The Patient provides information and updates rules. That sounds good. > The physical format of a key is simple. 256 MBytes in the volume > occupied by a 25 cent coin leaves some room for other things. You might > inject it like my dog's ID, I agree. We can store keys on portable devices. However, there may still be unresolved issues relating to key-regeneration and key-updating. Best regards, Andrew --- Andrew P. Ho, M.D. OIO: Open Infrastructure for Outcomes www.TxOutcome.Org
