HomePage RecentChanges PCEHR

Personally Controlled Electronic Health Record

aka. The centrally stored government controlled electronic health record. This system is a central unencrypted system. It is the same type of security as Facebook - you go in and authorise who can see your record. No encryption on the server. Any break in or software bug could lead to lost data. We can do better !

Security concerns

The way I would do it

Personal computer security concerns

This is still an issue. Basically you ned to have your private certificate (hopefully with a good passphrase) locally on your machine. Which means it is possible for a malicious system to capture both the passphrase and the certificate.

One solution to this problem is to use a RSA style physical key as the method to decode the private record. This then leads to the question of how to recover data in the event of lost key. Could be multiple keys signed against, where second key is stored in a secure way, offline and require physical recovery - I am sure these problems have been thought about.

Hacked Medical Database


Interesting article. They are talking about someone getting in and encrypting a database, asking for $4000 to decrypt the data... And the article goes on to say that it was cheaper to pay than get an IT expert in to fix the system.

I have one word - BACKUP - any system can have a disk failure, where is there backup system? So just restore the backup.

Very odd...