[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnumed-devel] Better-supporting staff and other non-patient persons
From: |
Karsten Hilbert |
Subject: |
Re: [Gnumed-devel] Better-supporting staff and other non-patient persons |
Date: |
Sun, 26 Oct 2008 02:52:19 +0100 |
User-agent: |
Mutt/1.5.18 (2008-05-17) |
On Sun, Sep 14, 2008 at 09:32:20PM -0700, Jim Busser wrote:
> I have a lot of experience with requirements for privacy in official
> capacities and this minimum capacity can let GNUmed be used in many more
> places than would be permitted without such a capacity. This would
> hopefully strike a balance against Karsten's reasonable concern that
> short of video capture of user and screen nothing is perfect, also the
> impracticality of logging and storing *everything*, against the
> legitimate need patients may have to know which person(s) in the praxis
> have been accessing their record.
The problem here is that this CANNOT be known by reasonable
technical means and pretending otherwise is utter bullsh*t
no matter who pretends it.
More polite people call it "security theater" and, yes, I do
know that there are local laws requiring such bullsh*t and,
yes, if the case is made that implementing this sort of
bullsh*t will allow significantly more users to use GNUmed I
am not averse to it because it does not take that much
technically. However, it still remains bullsh*t.
Logging accesses is like looking at a person's drivers
license to find out whether or not they drove a car on a
particular day. It sorta sounds right but is utter crap.
Now, logging changes suffers the same problem - it does not
prove WHO changed things, only how they were changed. Which
is why we do it - the "who" comes for free.
Karsten
--
GPG key ID E4071346 @ wwwkeys.pgp.net
E167 67FD A291 2BEA 73BD 4537 78B9 A9F9 E407 1346
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: [Gnumed-devel] Better-supporting staff and other non-patient persons,
Karsten Hilbert <=