[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Patient medical files on Net



     WSJ - 2/20/96, page B1 
     
     "Click! Doctor to Post Patient Files on Net" by G. Bruce Knecht
     
     "An audacious experiment ...
     [snip]
     "Deep in the heart of Appalachian coal country, a doctor is about to 
     put his patients' records on the World Wide Web.  The Doctor, Bruce 
     Merkin, works at a community health clinic in Wayne, W. Va."
     [snip]
     "Dr. Merkin and Vasudevan Jagan-nathaniel, a West Virginia University 
     professor who is responsible for developing the software for the 
     system, say they have yet to decide how secure the system should be.  
     At one extreme, they could encrypt the information, offering the 
     highest possible degree of protection.  But encryption is expensive 
     and time consuming and thus could hinder the goals of cutting costs 
     and rapidly transmitting information."
     [snip]
     
     
     Cypherpunks:
     
     The WSJ report seems to indicate that the system is to be deployed 
     without any encryption safeguards.
     
     After talking by phone to Lee Oxley ([email protected]) at Valley 
     Health in Wayne, WV, I got clarifications of what was in the WSJ 
     story.  The present pilot system is an intranet system with dedicated 
     frame relay links and does use encryption.  Eventually they may deploy 
     a system that would be internet based.  They are considering how much 
     protection to put into the system.  The reference in the article about 
     encryption costs was intended to be about CPU cycles not dollars. 
     Vasudevan Jagan-nathaniel's email address is [email protected]
     
     Some obvious proposals would be to use something like SSL to do server 
     to workstation encryption.  I don't know what issues may exist such as 
     the effort to install SSL, key management, and processing delays due 
     to session keys and traffic encryption.  In addition, how could an 
     on-call doctor access patient records through an ISP and maintain 
     patient privacy.  An obvious issue (which I know have been discussed 
     on this list) has to do with the trade-off between key size and 
     privacy.
     
     Any other thoughts?
     
     Martin G. Diehl