gnumed-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnumed-devel] Proposal for a remotely web-accessible patient summar


From: Karsten Hilbert
Subject: Re: [Gnumed-devel] Proposal for a remotely web-accessible patient summary
Date: Sun, 1 Aug 2010 18:37:23 +0200
User-agent: Mutt/1.5.20 (2009-06-14)

On Fri, Jul 30, 2010 at 05:39:06PM -0700, Jim Busser wrote:

> *************
> Search box
> *************
> 
> Upon selection, be shown only a *limited* summary (name, birthdate, sex).
> 
> The apprehension here is that the cautious doctor who (for convenience) used 
> the only available but untrusted machine may prefer to not expose (to key 
> loggers or screen capture) any more of the patient information than is 
> necessary. So, the concept includes:
> 
> 1) Display initially only the information that orients you to this patient:
> 
> 2) Allow the selective opening of additional information "sections", 
> facilitated by an "open all" button / link
> 
> 3) The ability to be able to add even just:
> 
> - a Waiting List item (a way to not "lose" that something known about 
> remotely is going to need to be done and)
> - an Inbox item (a message that can be directed to any existing user or to no 
> user, concerning this patient)
>       - maybe here to just show the users short signing alias, not their 
> userid (to mitigate user identity takeover)

It is not so much what is *seen* on-screen. You could search
the room for hidden cams and lock the door behind you and
move the machine into a portable Faraday cage.

The problem is what is going on *inside* the machine.

Over which you have no control if you

        "used the only available but untrusted machine"

unless you booted said machine from a live-cd you brought
along which will gain you *some* more protection than
before (the above caveats still apply).

The real meat is found inside the software. It'll have to
have some way of retrieving user names and passwords from
users which means - unless you can exert complete physical
control over the machine - there's inevitably some way to
subvert that information.

But that's state of the art and doctors do it every day :-)

> **********************************
> (limited summary)
> 
> LASTNAME, Firstnames
> BIRTHDATE: YYYY.Mon.DD (tokenized)
> SEX: value
> 
> **********************************
> (sections)
> 
> <Inbox items>
> ...
> ...
> 
> 
> <Waiting list items>
> ...
> ...
> 
> 
> <Demographic and identity>
> Health number: value (tokenized)
> ...
> ...
> 
> 
> 
> <Hospitalization (most recent known)>
> ... 
> 
> 
> 
> <Operation (most recent known)>
> ...
> 
> 
> 
> <Allergies & intolerances (known)>
> ...
> ...
> 
> 
> 
> <Medications, current (known)>
> ...
> ...
> 
> 
> 
> <Medications, discontinued (known, past 120 days)>
> ...
> ...
> 
> 
> 
> <Problem list (filter TBA)>
> ...
> ...
> 
> ************************************
> (footer)
> 
> generated <datetime> by <user> from <IP> using GNUmed (gnumed.org)
> 
> ************************************

Looks very good to me.

Karsten
-- 
GPG key ID E4071346 @ wwwkeys.pgp.net
E167 67FD A291 2BEA 73BD  4537 78B9 A9F9 E407 1346



reply via email to

[Prev in Thread] Current Thread [Next in Thread]