If you need me to host the data for you, just give me a ring or an
email and I can give you an FTP account. You would then send a link to
your doc so that he can download the data.
How can you make sure your data will only remain accessible to your
chosen M.D.? Who's going to deploy the infrastructure for accessing
patient's records on their end? Who's going to pay for it?
> > have to request a copy on a CD from the hospital where it was done,
> > and then physically ship that across the country? Anybody else
> > perturbed that life and death critical data is still subject to these
> > needless delays?
>
> If you need me to host the data for you, just give me a ring or an
> email and I can give you an FTP account. You would then send a link to
> your doc so that he can download the data.
<ahem>privacy</ahem>
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
I think we have good enough encryption for the real need here. Am I wrong?
- samantha
> >> If you need me to host the data for you, just give me a ring or an
> >> email and I can give you an FTP account. You would then send a link to
> >> your doc so that he can download the data.
> >
> > <ahem>privacy</ahem>
>
> I think we have good enough encryption for the real need here. Am I wrong?
Have you ever looked at smartcard-based national health ID projects?
They are a clusterfuck of epic proportions. The encryption/authentication
isn't at all the issue.
Are we talking about smart cards necessarily though? If I use PGP
can't I be reasonably assured that my data goes only from who I told
to send it to the respected recipient and that only they or someone in
possession of the private key can read it? Which is what we are
talking of here, secure transmission of medical records. I don't
know of any technical reason that a workable solution cannot be
achieved. Do you?
- samantha
> Are we talking about smart cards necessarily though? If I use PGP
If you want a nation-scale solution, yes. So we're dealing with
billions of smartcards, and associated infrastructure, which must
be present in each medical endpoint.
Suddenly, things aren't that cheap or simple anymore.
> can't I be reasonably assured that my data goes only from who I told
Which data? In which formats, specifically? Acessed by which applications,
specifically? Who's installing and administering these on the end points?
How much of it? Where is it stored? How is it accessed? How is it backed up?
Who's assering the whole infrastructure is trustable? How do you
deal with bad apples, who sell million of patient records to insurances
or employers?
> to send it to the respected recipient and that only they or someone in
> possession of the private key can read it? Which is what we are
Very good, let's assume we're just dealing with email and have the GPG
key locked in a smartcard and a trustable reader (not one you could
trivially compromise to run Tetris on it). Who's going to deploy
this minimal infrastructure, and train millions of M.D.'s and their
assistants in its use?
> talking of here, secure transmission of medical records. I don't
> know of any technical reason that a workable solution cannot be
Millions of technical reasons. They're called people.
> achieved. Do you?
>> talking of here, secure transmission of medical records. I don't
>> know of any technical reason that a workable solution cannot be
>
> Millions of technical reasons. They're called people.
>
So we do nothing? That isn't agreeable. The current situation kills
people. What can we do that is better even if not perfect? I don't
assume that better has to include perfect patient data security. What
we have today doesn't have that feature either. The perfect is also
the enemy of the "much better" and the "good enough".
- samantha
No -- we do something. Vote for the right people, start a grassroots
campaign, launch an open source effort, or a company that offers such
services and Does It Right(tm).
> people. What can we do that is better even if not perfect? I don't
When you're doing medicine, you must always be aware that people's lives
are at stake. Both literally, if you screw up the records, and indirectly,
if millions of patient's records are available on the black market, and
you've made it possible.
In may places, you will be sued, and in yet others, go to jail or
worse.
> assume that better has to include perfect patient data security. What
> we have today doesn't have that feature either. The perfect is also
> the enemy of the "much better" and the "good enough".
The problem is that such attitudes have killed cryonics, for instance.
Medicine is better protected, so most likely you'll only get a bloody
nose yourself, and can't do a lot of damage.
First off: please do not top-post, and please trim your replies.
> that when participating in a discussion like this, bringing up
> difficulties
> would be necessary only if you are doing so in order to help find
> solutions to those problems. What I'm hearing is a bunch of people
This is precisely why I have been writing it.
> naysaying, under the assumption that what is being discussed is
> technically unfeasable. It seems that a discussion group like this is
They are technically feasible. They are difficult because of
scale and people and deployment issues. A holistic view makes
no such distinctions, but few subscribe to that view.
> to bring up problems in medicine, then figure out how to solve those
> problems, not discourage others from attempting to do so.
If you're in secure system design, you should resign now. Seriously.
> What is being implied, but not said directly, because it sounds
> ridiculous to do so, is that storage of this type of data for easy
> retrieval is not possible, will never be possible, and thus is not
> worth putting energy or time into. The reality of the situation
It is possible. It's just hard. It's so hard we don't even have
the components, such as a distributed cryptographic filestore, for
instance. We don't know how to route around people as the weakest
link.
> is that medicine will most likely move in this direction at some
> point. Unfortunately when it does, it probably will be through
> some second rate contractor, and not people who really care
> to think these problems through and fix them. This is what
> we've seen in other government run programs, such as
> passports.
Let's talk about smartcards. Have you ever, personally designed a
cryptographic protocol (not a cypher, a protocol) that survived
peer-review? Have you ever implemented such a protocol, and have
it survived peer-review? Have you ever implemented such a system
in hardware, and ever successfully deployed it in practice?
Have you ever been a black hat, or at least a security professional
with a proven track record? How well-versed are you in medical IT?
How well versed are you in medical practice, including patient
contact? Medical administration, including running a major medical
facility? How well versed are you in medical law practice, and the
various data privacy laws in various legislations?
You need to assemble the experts from all these areas (and a dozen
more I haven't mentioned) to be successful.
> It is easy to shit on an idea. It is harder to bring it to fruition.
If you're in secure system design, you should resign now. Seriously.
> This forum, as I understand it, is supposed to be a place
> to discuss needs in medicine, and to come up with ideas
> to them. If we bring up questions, it should be in pursuit
> of finding answers to those questions, not discouraging
> others. Condescendingly trying to discredit others' ideas
I wasn't condescending the last time. Now I am condescending.
> and concerns without trying to be helpful or contribute
> to solving the problem is unnecessary, these problems are
> difficult enough already.
>
> So when brainstorming about the difficulties, the question
> should be "What are the hurdles to be overcome?" not
Everybody knows what the hurdles are. That's the trivial part.
> "Why is this impossible?"
If you're in secure system design, you should resign now. Seriously.
> Let's not forget that we live in a world of things that were
> so unfathomable, that they were beyond impossible, yet
> here we are, having a discussion using pieces of precious
> metals and synthetic plastics melted into just the right
> shapes with just the right proportions.
>
> Mistakes were made along the way, and mistakes will
> be made in the future. Now let's get on with it.
There's no point repeating mistakes people are well aware of.
You should study failures. They're highly informative.
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org