In article <[log in to unmask]>, Ross Anderson <[log in to unmask]> writes >> it may be more easier to watch over one supplier's security & >> confidentiality arrangements than it would be with six. > >Safety and privacy are attriibutes of end systems, not of the network (except >insofar as safety includes the reliability aspects, and even there you benefit >from being able to tear up your BT contract and moving to Mercury) I have been 'listening' to this thread with interest. Ross's point above bears emphasising. Health care professionals have an ethical duty to protect their patient's safety and privacy which cannot be abrogated to a company or a network. Regardless of how 'safe' may be the network we need to ensure that confidential information only leaves one secure domain 'sealed' in a way that cannot be cracked till it reaches its intended receiving secure domain. That can be achieved by digital authentication and encryption. The network and all the comms protocols (eg X400, SMTP, TCP, IP) ought to be transparent to this. A further benefit is that we are then not locked in to any single network provider. On another point - it is important to distinguish between Email (unstructured messages) and Electronic Data Interchange which implies exchange of structured data carried on carefully designed electronic forms. EDIFACT provides those carefully designed forms. In the UK the NHS Trial Version 1 EDIFACT messages for Pathology, Radiology requests and results, and for Hospital referrals and discharges have been designed with heavy clinical input - i.e they are 'owned' by the profession. The EDIFACT standard continues to evolve and is now additionally able to support the very authentication and encryption alluded to above. 'Secure EDIFACT' is what the GP - Provider links project (IMG project) intends to use for the exchange of all clinical information. So it is important not to go overboard and throw out EDIFACT with X400 and the NHSnet. EDIFACT may not be perfect and there are alternatives such as ASTM but at present EDIFACT looks the best. It already happily runs with Kermit and with X400. In theory it could be carried by SMTP - but hands up who would want to trust to the vagaries of MIME or uuencoded attachments :-) Why do we necessarily have to use the same comms protocol for Email as for EDI? After all, we think nothing about using http for the Web because powerful applications such as Netscape and IE just sort it all out for us transparently. I am not persuaded by arguments for single solutions - but rather hanker after empowering the individual to make choices -- John Williams, Senior User GP / Provider Links Project Email: [log in to unmask] Fax: 01483 440928 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%