Using gpg to comply with HIPAA
For those of you familiar with the convolutions of HIPAA:
Comment: EMR/EHR companies usually take advantage of the fact that medical providers are usually computer illiterate and will willfully pay outrageously high fees for mediocre services which are almost as lame as using either paper and pencil or "dictation services". In general, what is so special about an EMR program/service in the software market? I know there is a handful of OS EMR out there. However, they seem to assume that they know what fields/format/complexity the provider needs and they look exaggeratedly bloated for many cases. For the purpose of recording medical information, some providers would be better off using a simple word processor like OO Writer. What prevents a medical provider from using a widely available program like OO Writer, OO Base or Kexi to keep her/his medical records? If encryption capabilities are implemented, the only thing missing to make this hypothetical method fully HIPAA compliant would be signing capabilities. This brings me to the Question: This missing feature would be using gpg to sign individual documents. Signing *.odt documents with gpg would be quite straightforward. How about signing records on a simple database? How would you implement such a simple method from a technical point of view (word-processor or database + gpg for signing)? What warnings would you make? What obstacles do you see? In short, how would you do it? |
The use of propriety software in hospitals has produced a serious problem with siloization. Doc Searls wrote an article about this in Linux Journal, and how the impact on himself was nearly fatal. I once saw an open source Content Management system that was written in large part by a Dental Medical School. Open source software is about collaboration, and IMHO, medical schools in the country should take the lead in designing standards and OS software for use by the industry. On the one hand, the records from the department performing cat scans (for example) need to be readable by a doctor in another department. On the other, the privacy of the patient needs to be preserved.
From a blog by Doc. Searls: http://blogs.law.harvard.edu/doc/200...-health-snare/ |
All times are GMT -5. The time now is 07:52 AM. |