LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 03-17-2009, 08:30 PM   #1
xri
Member
 
Registered: Aug 2002
Distribution: Slackware 14.1, Archlinux
Posts: 268
Blog Entries: 10

Rep: Reputation: 32
Thumbs down Using gpg to comply with HIPAA


For those of you familiar with the convolutions of HIPAA:
  1. An EMR company offers a web server based solution for a medical practice with electronic signing as an additional service (not as an integral part of their charting service). A medical practice initially takes the charting service but not the signing feature and prefers to print all created documents instead and keeps them on paper files.
  2. HIPAA requires signing capabilities for all electronic documents created. That ensures authenticity and (what is also crucial) that the document cannot be altered in the future.
  3. After some time, the practice decides to pay the extra fee to acquire signing capabilities, which allows them to keep electronic records only.
  4. When I take a look at the signed records I notice that they have implemented gpg to sign individual records, all within File Maker Pro on a Windows server.

Comment:

EMR/EHR companies usually take advantage of the fact that medical providers are usually computer illiterate and will willfully pay outrageously high fees for mediocre services which are almost as lame as using either paper and pencil or "dictation services". In general, what is so special about an EMR program/service in the software market? I know there is a handful of OS EMR out there. However, they seem to assume that they know what fields/format/complexity the provider needs and they look exaggeratedly bloated for many cases. For the purpose of recording medical information, some providers would be better off using a simple word processor like OO Writer. What prevents a medical provider from using a widely available program like OO Writer, OO Base or Kexi to keep her/his medical records? If encryption capabilities are implemented, the only thing missing to make this hypothetical method fully HIPAA compliant would be signing capabilities. This brings me to the

Question:

This missing feature would be using gpg to sign individual documents. Signing *.odt documents with gpg would be quite straightforward. How about signing records on a simple database? How would you implement such a simple method from a technical point of view (word-processor or database + gpg for signing)? What warnings would you make? What obstacles do you see? In short, how would you do it?
 
Old 03-17-2009, 10:41 PM   #2
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
The use of propriety software in hospitals has produced a serious problem with siloization. Doc Searls wrote an article about this in Linux Journal, and how the impact on himself was nearly fatal. I once saw an open source Content Management system that was written in large part by a Dental Medical School. Open source software is about collaboration, and IMHO, medical schools in the country should take the lead in designing standards and OS software for use by the industry. On the one hand, the records from the department performing cat scans (for example) need to be readable by a doctor in another department. On the other, the privacy of the patient needs to be preserved.

From a blog by Doc. Searls:
http://blogs.law.harvard.edu/doc/200...-health-snare/
 
  


Reply

Tags
gpg


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
gpg / gpg-agent -- Can't connect to /root/.gnupg/S.gpg-agent jrtayloriv Linux - Security 6 07-16-2014 01:26 PM
timestamps dont comply with hardware or system time leontini Linux - General 2 04-04-2007 05:20 AM
I have chosen to comply... redcat01 LinuxQuestions.org Member Intro 2 01-18-2007 01:29 AM
LXer: Dibona: Just Comply With Open Source, Will Ya LXer Syndicated Linux News 0 08-16-2006 07:54 PM
LXer: Why Comply? The Movement To W3C Compliance LXer Syndicated Linux News 0 04-01-2006 07:54 AM


All times are GMT -5. The time now is 01:26 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration