Scott Penrose


Scott is an expert software developer with over 30 years experience, specialising in education, automation and remote data.

Personally Controlled Electronic Health Record

aka. The centrally stored government controlled electronic health record. This system is a central unencrypted system. It is the same type of security as Facebook - you go in and authorise who can see your record. No encryption on the server. Any break in or software bug could lead to lost data. We can do better !

Security concerns

The way I would do it

  • Web of trust certificates, e.g. PGP style
  • Central authority (star style) - government authorise medical authorities to authorise doctors, etc.
  • Central revocation system - allow compromised certificates to be replaced. (note, need to consider how old records are accepted, maybe have to trust date and date of revocation)
  • Log based records - always append to end, no need to worry about merging or conflicts, offline easy access, late syncing (for offline sites that could be visiting or away from base for days or even weeks) etc
  • All records added are signed by the creator - e.g. practitioner, pharmacist, or even personal. Referrals, even perceptions are then guaranteed author.
  • Records given to individuals are always encrypted with the individuals public key. This means only the individual can decrypt them.
  • Results records would be encrypted with individual key and sent that way, and encrypted with practitioners key and sent that way. Thus the practitioner and patient have a secure record.

Personal computer security concerns

This is still an issue. Basically you ned to have your private certificate (hopefully with a good passphrase) locally on your machine. Which means it is possible for a malicious system to capture both the passphrase and the certificate.

One solution to this problem is to use a RSA style physical key as the method to decode the private record. This then leads to the question of how to recover data in the event of lost key. Could be multiple keys signed against, where second key is stored in a secure way, offline and require physical recovery - I am sure these problems have been thought about.

Hacked Medical Database

Interesting article. They are talking about someone getting in and encrypting a database, asking for $4000 to decrypt the data... And the article goes on to say that it was cheaper to pay than get an IT expert in to fix the system.

I have one word - BACKUP - any system can have a disk failure, where is there backup system? So just restore the backup.

Very odd...