[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnumed-devel] encryption of documents in archive

From: Karsten Hilbert
Subject: Re: [Gnumed-devel] encryption of documents in archive
Date: Wed, 8 Jan 2014 10:49:45 +0100
User-agent: Mutt/1.5.21 (2010-09-15)

On Tue, Jan 07, 2014 at 11:51:24PM +0000, Jim Busser wrote:

> > Do people think it is worthwhile to make available
> > on-demand encryption of documents stored in the
> > archive ?
> I am of two minds on this.
> Part of me thinks it could be very helpful (prudent, even)
> to have the *capacity* to encrypt a set of files,

While that seems evident it has a serious legal drawback
(and that is when it matters to the provider): IF a given
document, the disclosure of which is under scrutiny, wasn't
encrypted EVEN IF the capacity existed easily for the user
a judge will certainly ask why. If the capacity doesn't
exist at the user level the question doesn't bear as much

> in order to
> avoid copies of these files to be
> - sitting insecurely out in the file system of a praxis client machine or 
> server

That is not what I am talking about. Documents in the archive
don't sit around in a filesystem as files just so, neither
in the client nor on the server.

User-invisible temporary files are stored on storage that's
wiped out during reboot (/tmp/).

> - or transported insecurely by the patient who may
> lose their USB stick or CD in transit or misplace it

Patient documents under the custody of said
patient cannot be of concern to GNUmed.

> Challenges would be found in
> 1) the selection of the cryptographic system(s)  … symmetric, asymmetric, or 
> multiple options to support, and
> 2) management of the keys

Indeed, but they would be outsourced
to well-tested applications.

> Patients who have the sophistication to manage a key
> pair could provide the praxis with a public key with which to
> encrypt the files, which key could be stored as a comm
> channel in the existing schema, and which encrypted file
> output could be copied onto USB stick or CD or
> even emailed as an attachment. The task would then fall to
> the patient to decrypt these at their home or at a
> future point of care.

Why store documents in the praxis which the praxis
can't read ?  This is custodian work, not medicine.

GPG key ID E4071346 @
E167 67FD A291 2BEA 73BD  4537 78B9 A9F9 E407 1346

reply via email to

[Prev in Thread] Current Thread [Next in Thread]