[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Patient medical files on Net (fwd)

  ---------- Forwarded message ----------
  Date: Thu, 22 Feb 1996 11:11:46 -0500 (EST)
  From: V. Juggy Jagannathan <juggy@cerc.wvu.edu>
  Subject: Re: Patient medical files on Net
  Dear all:
  We are pleased with the national attention the ARTEMIS project of the
  Concurrent Engineering Research Center(CERC) sponsored by NLM has
  attracted. On February 20, there was an article in
  the Wall Street Journal calling ARTEMIS an "audacious experiment" by a
  rural physician in West Virginia, Dr. Bruce Merkin, M.D. This was
  followed by an ABC Evening News story with Peter Jennings (Feb 21,
  Wednesday) which declared Dr. Merkin is "the future."
  While we  are most happy to receive this attention, we are also
  concerned that some people may erroneously draw the conclusion that we
  are jeopardizing patient confidentiality by "putting their records on
  the Web." We are both  extremely security conscious and thouroughly
  familiar with all the available security technologies. We have taken a
  number of steps to ensure that our experiment will not be compromized:
  1. The patient records are on the INTRAnet which is secured with a
  firewall and we continously monitor and evaluate the efficacy of this
  2. Standard UNIX network security mechanisms with all the known security
  holes addressed and verified with programs such as "Satan"
  3. Multiple levels of access controls, role-based access controls,
  user-id based access controls - implemented using Oracle DB mechanisms
  4. Audit trails as a separate CORBA-service to track all transactions
  and accesses to any patient information
  We can add additional layers such as classification of sensitivity of
  information, stripping patient identifying information etc as our core
  infrastructure is based on CORBA.  We have and continue to experiment
  with a number of security technologies. We have in our research
  testbed prototypes of systems using Kerberos, PGP, MOSS, and RSA-based
  public-key server technologies. We are currently investigating
  commercial security technologies and technologies that can securely
  bridge World Wide Web and distributed object technologies and CORBA
  standards promoted by OMG. Until a satisfactory implementation of
  security and a market acceptance of the mechanisms using these
  emerging and potent technologies are in place, confidential patient
  information will NOT be put in the "Internet".
  Ramana Reddy, CERC
  V. "Juggy" Jannathan, CERC 
  Bruce Merkin, Valley Health Systems Inc.
  Co-Principal Investigators
              Ramana Reddy (Also known as Y. V. Reddy) 
              Concurrent Engineering Research Center
              West Virginia University
              Morgantown, WV 26506
         e-mail: rar@cerc.wvu.edu