[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Health Security



In article <[email protected]> you write:
>> I realize that this is of marginal crypto import, but I need as much info
>> as possible on Hospital Information Systems and security.  Especially
>> on CICS and AIX systems.  Do any cryptographic protocols exist yet to
>> protect huge interactive medical databases?

>What specifically are you asking about?  Are you talking about encrypted
>password protection or encryption of part or all of the databases?

The company I work for does a lot of work with HISS systems.  We've
been told to develop a system to display selected data from a HISS
on PCs for use by hospital staff.  (Possibly off the premises).

We asked about security and encryption, and were told we could leave
all the patient data in clear but to encrypt the file containing the
names and the correspondence between those names and patient data.

I don't think this is sufficient - I'm sure anyone getting the data
could work out who it was about from all sorts of internal detail -
but that's all the UK Health Service at least expects.  We will, of
course, be putting in a *considerable* deal more security than they
mandate as minimum, because if patient data were to get out via one
of our products, it would be no use saying 'but the NHS said that was
all we needed to do' - not only would we be morally negligent, but it
would do our company's public image no good at all.

G
-- 
Personal mail to [email protected] (I read it in the evenings)
Business mail to [email protected] (Be careful with the spelling!)
Faxes to An Teallach Limited: +44 31 662 4678  Voice: +44 31 668 1550 x212