Latest LQ Deal: Latest LQ Deals
Go Back > Forums > Linux Forums > Linux - Software
User Name
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.


  Search this Thread
Old 03-17-2009, 09:30 PM   #1
Registered: Aug 2002
Distribution: Archlinux, Garuda Linux
Posts: 283
Blog Entries: 11

Rep: Reputation: 41
Thumbs down Using gpg to comply with HIPAA

For those of you familiar with the convolutions of HIPAA:
  1. An EMR company offers a web server based solution for a medical practice with electronic signing as an additional service (not as an integral part of their charting service). A medical practice initially takes the charting service but not the signing feature and prefers to print all created documents instead and keeps them on paper files.
  2. HIPAA requires signing capabilities for all electronic documents created. That ensures authenticity and (what is also crucial) that the document cannot be altered in the future.
  3. After some time, the practice decides to pay the extra fee to acquire signing capabilities, which allows them to keep electronic records only.
  4. When I take a look at the signed records I notice that they have implemented gpg to sign individual records, all within File Maker Pro on a Windows server.


EMR/EHR companies usually take advantage of the fact that medical providers are usually computer illiterate and will willfully pay outrageously high fees for mediocre services which are almost as lame as using either paper and pencil or "dictation services". In general, what is so special about an EMR program/service in the software market? I know there is a handful of OS EMR out there. However, they seem to assume that they know what fields/format/complexity the provider needs and they look exaggeratedly bloated for many cases. For the purpose of recording medical information, some providers would be better off using a simple word processor like OO Writer. What prevents a medical provider from using a widely available program like OO Writer, OO Base or Kexi to keep her/his medical records? If encryption capabilities are implemented, the only thing missing to make this hypothetical method fully HIPAA compliant would be signing capabilities. This brings me to the


This missing feature would be using gpg to sign individual documents. Signing *.odt documents with gpg would be quite straightforward. How about signing records on a simple database? How would you implement such a simple method from a technical point of view (word-processor or database + gpg for signing)? What warnings would you make? What obstacles do you see? In short, how would you do it?
Old 03-17-2009, 11:41 PM   #2
LQ Guru
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
The use of propriety software in hospitals has produced a serious problem with siloization. Doc Searls wrote an article about this in Linux Journal, and how the impact on himself was nearly fatal. I once saw an open source Content Management system that was written in large part by a Dental Medical School. Open source software is about collaboration, and IMHO, medical schools in the country should take the lead in designing standards and OS software for use by the industry. On the one hand, the records from the department performing cat scans (for example) need to be readable by a doctor in another department. On the other, the privacy of the patient needs to be preserved.

From a blog by Doc. Searls:



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
gpg / gpg-agent -- Can't connect to /root/.gnupg/S.gpg-agent jrtayloriv Linux - Security 9 06-03-2019 11:06 AM
timestamps dont comply with hardware or system time leontini Linux - General 2 04-04-2007 06:20 AM
I have chosen to comply... redcat01 Member Intro 2 01-18-2007 02:29 AM
LXer: Dibona: Just Comply With Open Source, Will Ya LXer Syndicated Linux News 0 08-16-2006 08:54 PM
LXer: Why Comply? The Movement To W3C Compliance LXer Syndicated Linux News 0 04-01-2006 08:54 AM > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 01:59 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration