[log in to unmask],Net wrote at 23:45 on 24/09/98 
about "RE: GP nets":
-----------------------------
>
>>Do you imagine the security implications of connecting clinical
systems   
>>to NHSNet are any different to connection to the internet?
>Are you saying that in either case the security of the GP system cannot
>be guaranteed. 

I think the security of the GP system can be garanteed, provided 
the right software and technology is used.
The security implications of connecting to a wide area IP network 
are identical regardless of the flavour, name, brand of internetwork 
Service Provider, and of whether the connection is direct or as 
seems now to be accepted in the Strategy[1], via a metropolitan health 
network such as is found in Leeds, and which I proposed in Exeter.

The exposure to threat is greater on the NHS network, and the 
internal monitoring of traffic is greater, which can be presented as 
either a security feature - identifying malefactors - or as a 
security threat/breach of confidentiality.
If the communications are secured by an unbreakable code for 
content, and cryptgraphically signed to assure provenance and 
integrity, then the NHS net is fine, but so is the internet.

The way in which practice servers should serve up medical data 
should be simple Web stuff, not involving server side automagic, 
just turning up a page of text to read manually or automatically at 
the recipient.

Industry standard and strength solutions exist for this, of which 
the nicest seems to be Lotus Notes/Domino, which the BMA adopted for 
their CorpNet.

MS Exchange has always seemed to me to be complex, slow, and poorly 
integrated, Outlook 98 looks as if it is still a couple of versions 
away from a paradigm, and I don't understand it so I am wary of 
trusting it.

If we were all using a shared drug database of course, you wouldn't 
need access to the notes.  You would have your machine make a 
statement to mine "I propose to dispense Ibuprofen otc"
Mine would look at the patients' medical record, checking for asthma 
(although the patient should know and tell you, and also against the 
list of drugs in the patient's allergy/avoid list, and in the 
recent prescribing section of their medical record documents, 
including the dscharge and OPD notes replicated from the hospital.

So the Methotrexate would provoke a response.
You still have to determine what the patient is _actually_ taking, in 
the face of an indication that they have been prescribied this drug, 
and I suggest you interrogate their home network for the bathroom 
cabinet contents list, question them twice and then cross your 
fingers and hope<g>
-------------------------
[1]  "3.38 Alongside the inevitable and rapid development of the
public Internet, there remain many
powerful arguments for doing internal and clinical NHS "business"
across a private network. A
private managed service offers the potential of a faster and much
more consistent and reliable service
and the NHS has its own private intranet available for use now.

3.39 The NHSnet will be the best medium for the transfer of clinical
information, but we must
recognise the power of the Internet in the global development of
information technology, in particular
its rich source of academic information. 
******   The plan is to enable a community of networks ***********
taking
maximum advantage of the features of a managed service such as the
NHSnet, and also
accommodating developments within the wider Internet. Specifically,
NHSnet already provides an
SMTP relay service through a safe gateway to the Internet and should
be enhanced to provide an
SMTP mail service. This provides clinicians with an Internet mail
address as well as an X400 email
identifier. As technology allows, these should be integrated to
appear as one to the recipient.
National infrastructure costs
"
--- OffRoad 1.9r registered to Adrian Midgley


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%