The problem is restricting access. You need to keep the key in
the person's possession (smartcard + PIN), requiring personal
approval to give access (of course, you have to back up the
key, and escrow it), log access, provide patient with ways to
inspect the log, ways to track leaked records (M.D. XYZ
made unauthorized copies, pooled the records and sold them
on the black market), draconian legislation making trade
in medical records a risky proposition, and the like.
So encryption is only a tiny part of it. Without infrastructure,
and legal backing of it all there's not going to be anything
useful.
> should solve this problem. There is nothing about storage in a cloud
> that says the data needs to be readable by unauthorized parties.
Right, but even authorized parties can do mean things with your
records when you turn your back. So you don't need just cryptographic
authentication, but watermarks, too.
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
>
> On Thu, Nov 05, 2009 at 10:00:02AM -0800, Samantha Atkins wrote:
>>
>> Sorry to top post but reasonably good encryption of said records
>
> The problem is restricting access. You need to keep the key in
> the person's possession (smartcard + PIN), requiring personal
> approval to give access (of course, you have to back up the
> key, and escrow it), log access, provide patient with ways to
Doing (1), the encryption and keys, is a good start. Other services
can be added later.
> inspect the log, ways to track leaked records (M.D. XYZ
> made unauthorized copies, pooled the records and sold them
> on the black market), draconian legislation making trade
> in medical records a risky proposition, and the like.
There is no way to stop someone that can decrypt the information from
sharing clear text copies. However, that is not part of the problem
of making the information secure in the cloud.
>
> So encryption is only a tiny part of it. Without infrastructure,
> and legal backing of it all there's not going to be anything
> useful.
>
I disagree. Having (1) has many benefits to patients. Simply having
the records online saves lives. You don't have to have everything
100% perfect for a system to be worth deploying. The perfect often
is the enemy of the good.
>> should solve this problem. There is nothing about storage in a
>> cloud
>> that says the data needs to be readable by unauthorized parties.
>
> Right, but even authorized parties can do mean things with your
> records when you turn your back. So you don't need just cryptographic
> authentication, but watermarks, too.
Nice to have but not immediately essential. Nor will watermarks stop
bad things from being done. But bad things are already done with
confidential information in its current form. So?
How about very very strong penalties for misuse of such information?
- samantha