Re: Secure site for medics

[Adam Shostack <adam () homeport org>]

Be sure to get the proceedings of the first conference on Personal
Medical Information, edited by Ross Anderson.  There are a *lot* of
issues in handling medical data, many of the best thinkers on the
subject have papers in this volume.

I suspect that you will find a firewall is not what you need, but I
don't know if there is a mailing list that covers medical security.

Adam

On Fri, Dec 04, 1998 at 02:01:23PM +0000, Alex Melichar wrote:
| 
| Hi,
| 
| I've been asked to come up with a recomendation for a secure medics
| site. I'm posting in the hope someone can point out major holes in my
| thoughts. Thanks in advance.
| 
| The aim of the proposal is to have a database that contains sensitive
| patient data. This database is to be accessed by about 30-50 users
| (maybe more later) - all non-literate users (please think of users who
| ask what icons are. I'm meaning to deride them just that the solution
| has to be transaparent and secure). Their are several different
| locations they will be accessing the database from but will have
| Window (95 or NT) machines. The last part is the hardest: The
| administrator will have who printed what. 
| 
| So how does one provide a secure server? My thoughts are. Use Caldera
| Linux (comes with Sybase SQL server). Get Apache, get the SSLeay
| modules and use the server as a web server. As the UK has no
| restrictions on key size we can use 128 bit (thereby making it secure
| for sometime, important for patient data). Make the whole weeb site
| user-authorisation access only. To solve the print problem use a
| non-print friendly html page when information is asked for (say a
| patients records) and have print friendly pages where prescriptions
| can be printed from (given that people log in a list of who asked for
| what pritn page can be compiled). 
| 
| Where is this solution weak (in terms of how can patient data be
| accessed by unathorised users - this server will be left in a lecked 
| location so i'd prefer answers of how someone can get at it from the 
| outside not the inside)? 
| 
| Personal thoughts:
| 
| Given that the server will only be a web server (no mail, no ftp,
| etc.) and nothing else, i can't see any immediate holes. Also there
| will be only a very small turnover of users and as this is patient
| data, human engineering is unlikely to work (doctors are used to
| junkies asking for free prescription pads etc). As access will be
| using only SSL (v3?) i can't see leaks when data is going over the
| net.  Essentially i think this will work. However i have this feeling
| of "I'm missing something *huge*". 
| 
| As this is a firewall mailing list, something more on topic: What
| firewall protection do need to implement? I hope that i don't need to
| as i'll only allow ssl connections....If i need to can it done cheaply
| and what do people suggest?
| 
| Thanks in advance.
| 
| Alex
| -------------------------------------------------------------

-- 
"It is seldom that liberty of any kind is lost all at once."
                                                       -Hume