On Sat, 2004-10-23 at 09:14, Calle Hedberg wrote: > Hi, > > Tim Ch wrote: > > OK, I'll try it again on some other machines. The memory stick was running > at USB 2.0 speed, though (the LED in it glows a different colour depending > on whether it is being accessed at USB 1.1 or 2.0 speeds). > > I cannot say anything about these VPN apps, but I find that external USB 2.0 > hardisks are remarkably fast whereas USB 2.0 memory sticks vary a bit. > > Using these VPNs for demo & testing purposes makes a lot of sense to me, but > not to use for EHR "production" systems. One reason should be obvious - > these memory sticks are not particularly robust and I've seen many > physically falling apart after a year or two. They are also easily lost, > easily stolen, AND they would not necessarily fit well in team work > situations (different work shifts all need access to the same data etc).
The foregoing discussion thread on EHR architectures is noted. Although some people think that the primary EHR should be on something the patient carries around with them, most people now concede that a somewhat centralised record is necessary. However, there is much debate and disagreement over the appropriate level(s) of centralisation of the record (plural levels because data can be copied and summarised in more than one repository). I think the value of something which is carried bythe patient is in health care systems in which medical records aren't held or available in large, centralised repositories (possibly for very good reasons). In those circumstances, it may be valuable for patients to have a secondary copy of their medical recors which they can carry with them. Various formats for this have been tried and deplaoyed, from dedicated smartcards to USB memory sticks and even credit-card sized CD-ROMS (which hold about 30MB and cost very little). The problem is how to design a patient-held EHR repository which is not vulnerable to the data being misappropriated. From teh patient's point-of-view, we must assume that teh host computer into which the portable EHR device or storage is inserted is potentially hostile. All systems which make files available to the host computer operating would seem to have the problem that those files can be stolen by the host computer, and furthermore, any password used to decrypt those files can also be intercepted bythe host computer. Thus the popularity of "smartcards", which have built-in intelligence and are accessible via an API, not via the filesystem, in this context. The problem is that smartcards and similar devices tend to be proprietary and relatively expensive. Are there any counter-examples to this? What about the Brazilian smartcard-for-health experience? -- Tim C PGP/GnuPG Key 1024D/EAF993D0 available from keyservers everywhere or at http://members.optushome.com.au/tchur/pubkey.asc Key fingerprint = 8C22 BF76 33BA B3B5 1D5B EB37 7891 46A9 EAF9 93D0
