gnumed-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnumed-devel] on meaningfully signing off reviewed items


From: Karsten Hilbert
Subject: Re: [Gnumed-devel] on meaningfully signing off reviewed items
Date: Sat, 28 Jan 2006 19:36:36 +0100
User-agent: Mutt/1.5.11

On Sat, Jan 28, 2006 at 09:47:15AM -0800, Jim Busser wrote:

> >I still maintain the view that
> >we need to safeguard against signed-scope manipulations.
> 
> I am having a bit of trouble understanding the manipulation, in terms 
> of why it is proposed that some rows in gnumed deserve a record of 
> signing (on top of the audit trail that presumably preserves which 
> staff altered which rows).
Well, consider this case:

Patient discharged from Hospital after colonoscopy with
polypectomy. Original discharge letter forgets to mention
histology results (they may have been pending when the
letter was written). I import the scan and set the "reviewed
flag". I do not take any action since I think the histology
results will arrive in a followup letter (standard procedure
over here). Later that letter arrives and my locum scans it
but fails to bring it to my attention. The additional page
is *added on* to the original letter. Three years later
carcinoma of the colon is found in the followup colonoscopy.
Had I known about the high-grade dysplasia I would have
scheduled a half-year followup. Now I am busted.

#1: This shows why we need to sign off single objects as
reviewed, not entire documents - as long as we don't use
crypto for signing. If I had signed off the *document* the
additional page would have fallen under my "reviewed" flag
while never having been reviewed, actually.

#2: Even if we flagged individual objects as reviewed we are
still prone to manipulation: Assume the original letter
stated: "low grade dysplasia, no sign of malignancy,
follow-up in 3 years". Now, the patient is, again, diagnosed
with carcinoma of the colon. The patient is the father of
the IT student of my practice management service company.
She decides to get some money out of this and manipulates
the scan to say "high-grade dysplasia, re-colonoscopy in 6
months is recommended". Now, even though I reviewed and
ticked off the document I cannot prove what I saw back then ...

... wait, this is solved by digitally signing backups of my
database well before the manipulation, or addition, for that
matter, happens - so this whole thing is a non-issue  :-)

Nevertheless, to *detect* *legit* additions of document
objects as not having been reviewed yet we need the
per-object reviewed flag.

Hehe, spelling it out helps at times to find flaws in the
reasoning :)

Karsten
-- 
GPG key ID E4071346 @ wwwkeys.pgp.net
E167 67FD A291 2BEA 73BD  4537 78B9 A9F9 E407 1346




reply via email to

[Prev in Thread] Current Thread [Next in Thread]