[LINK] The "health" record security model

David dlochrin at key.net.au
Mon Nov 12 11:02:02 AEDT 2018

On Sunday, 11 November 2018 22:24:30 AEDT Karl Auer wrote:

> The emergency room scenario is freighted with emotion, unstated expectations, time criticality, life-and-death decisions at their most extreme. [...]

It's also the place where it's critical to know the allergies, drug regimes, and co-morbidities of patients who are quite often not in a fit state to communicate reliably.  Administering a drug to a patient who is hyper-sensitive to it for one reason or another can result in death.

> And it implies that one goal of the system, in it's first iteration, is support emergency room decisions.  [...]  Ambitious, but pretty much doomed to failure if it's anything more complicated than a decal.

Well no, I was suggesting that as an example of a system which would be achievable and useful in practice, not as the first iteration of some grand ediface.

> More to the point it is not a broadly useful thing to support. The vast majority of medical providers are not emergency room staff. The vast majority of patients are not in emergency rooms.

Precisely!  The vast majority of patients are able to converse with their doctors, usually in a practice they've been going to for years, and MHRecord is then just more paperwork.

> I think there are probably better candidates, but we are seriously jumping the gun. There are much higher-level aims that need to be defined.  I reckon a good guiding light would be "to directly improve the health outcomes of people receiving medical treatment in Australia". That would shut out all the crap about law enforcement, the ATO, Centrelink and commercial interests.

That wouldn't cut out the crap.  The ATO, Centrelink, and the police are attracted to MHRecord because of the honey-pot of other information it might contain about individuals.  The only way to guarantee to eliminate that problem is to eliminate the honey-pot.  Of course we might do it by rigorously enforcing access restrictions, but then we get a politician like Peter Dutton...

> Complex systems need to be described in very simple terms at the top.

Yes, but there's a direct relationship between the very simple description and the number of vested interests, ideas about system objectives, and committee sizes bought to bear on implementation, and of course on the final cost of the resulting monument.

David L.

More information about the Link mailing list