On Sun, 6 Dec 1998 09:23:46 -0000, you wrote:
>RFA 5 should include a requirement that the system will serve up a
>plain text file in response to certain specified requests from a
>client authenticated via the network.
A very reasonable idea on the face of it, but fraught with potential
problems if approached in a naiive way. Worse still if a half-baked
'local' agreement about how authentication is managed should be
implemented in something as influential as the RFA..
The un elected group of clinicians advising on the RFA Committee
should not and in fact cannot be expected to do this on behalf of the
profession as a whole.
I could visualise the cost of illegally obtaining complete patient
records neatly printed out plummeting if this were incompetently
handled. Say, to about £30?
If we are up against an NHS management which wants to minimise trouble
and expense and doesn't care about the NHS-wide distribution of
identified patient data (Caldicott report, 11 current data flows) the
chances of getting agreement to proper old-fashioned caring
confidentiality will be slight.
Good authentication is really the key to the entire business of safe
information exchange.
The day that all UK clinicians own and keep secret their personal
private encryption key, simply as a proper part of being registered in
this country may soon be coming. It needs to have arrived before a
scheme like this will be safe for the patients and the clinicians
using it.
Kind regards,
Paul
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|