[OpenID] Law 1 and EMTs

Jaco Aizenman skorpio at gmail.com
Sun Feb 11 01:42:22 UTC 2007


Troy, regarding the white paper, this paragraph may be the main resume
text...?:

Text from this thread by Johannes:
"A famous study said there might be up to 98,000 avoidable deaths from
medical errors in the US per year alone. (That's more than twice as
many as traffic deaths) Lack of information where and when it is the
primary reason for those medical errors..."

And I agree with you on what you wrote:

I suppose you start by assuming that whatever method you use to protect
medical records *will* be broken, and then you convince people that
having some organized crime group in another country get their medical
records is worth the benefits of having their life be saved by the
medical professionals having access.

The same idea is also good for other applications...



On 2/10/07, Troy Benjegerdes <hozer at hozed.org> wrote:
>
> I think you should probably start by quantifying the risk of dieing
> because of lack of lack of access to medical records. If you can write a
> whitepaper documenting how likely someone is to die because of lack of
> access to records, then you have something to convince individual
> patients to put their electronic records in control of an ibroker.
>
> The big risk with doing this electronically is that one hacker (or
> organized crime group funding hackers) can break the protocol and then
> get *everyone*'s medical records. The case of stealing someone's records
> by non-digital is definitely possible, but you only get one person's
> records.
> If there is an exploitable security hole in the ibroker's web site, or
> in the protocol itself, everyone's records could be disclosed. This risk
> can't be quantified unless you start talking about formal methods
> verificiation of the protocol, and all the software the ibroker runs.
> Now we're back into astronomical costs again ;)
>
> I suppose you start by assuming that whatever method you use to protect
> medical records *will* be broken, and then you convince people that
> having some organized crime group in another country get their medical
> records is worth the benefits of having their life be saved by the
> medical professionals having access.
>
> On Fri, Feb 09, 2007 at 02:53:16PM -0600, Jaco Aizenman wrote:
> > How about giving all the liability problems to a third party? (answer me
> to
> > my email please)
> >
> > I mean, the owner of the iBroker can be a local CR company,
> > http://www.labstein.com/ , and not your company.
> >
> > BTW, today if someone really wants it, most probably can get a medical
> > info/record, using also non digital means (with the "help" of clerks
> working
> > on hospitals for example...). But most probably today a doctor can not
> get
> > all your medical record, and many times this mean dead or serious
> problems
> > if the person survives....
> >
> > It is incredible to find out that more poeple die for this reasons than
> for
> > car accidents!.
> >
> > On 2/9/07, Troy Benjegerdes <hozer at hozed.org> wrote:
> > >
> > >On Fri, Feb 09, 2007 at 11:17:38AM -0600, Jaco Aizenman wrote:
> > >> Jon, in emergency situations, in most countries, security forces will
> > >get
> > >> all info needed to save the people. For all other cases the Supreme
> > >Court
> > >> and other?s, should protect the fundamental right of not having
> virtual
> > >> personality (not letting others see your vp content, or  contact you
> > >> without passing your presence  choices).
> > >>
> > >> Eric, my father is a Doctor in CR, and he and others I talked in the
> > >health
> > >> sector, want the best(*) content of the patient virtual personality,
> > >> available at all times, in all the places.
> > >
> > >Two words: Cost/benefit.
> > >
> > >Getting the 'best' patient information to everyone *that needs it*,
> > >everywhere,
> > >at all times, *without* disclosing this information to unauthorized
> > >persons
> > >is either going to be horrendously expensive, or horrendously insecure
> > >first then horrendously expensive in the resulting litigation from
> > >inevitable security breaches.
> > >
> > >How much are you willing to pay an iBroker to accept that liability?
> Who
> > >is going to pay for it? If you have several hundred thousand to just
> get
> > >started documenting the security process, and then a few million to
> > >implement it, then let's talk about this more.. But right now, I think
> > >we need to see OpenID deployed for *low risk* information like online
> > >blogs first. If you feel you need to discuss this now, put a dollar
> > >value on it.
> > >
> > >>
> > >> Some local CR actors in the health sector, including Government, want
> to
> > >> find an iBroker that can provide this service of projecting the
> medical
> > >> record content,to the right people, at the right time, at the right
> > >places.
> > >>
> > >> (*) Just critical content for emergency situations, and the full
> patient
> > >> medical record for non emergency situations.
> > >>
> > >>
> > >>
> > >>
> > >> On 1/29/07, Jon Callas <jon at pgpeng.com> wrote:
> > >> >
> > >> >
> > >> >Discussions of this sort set off my own special form of paranoia.
> > >> >
> > >> >When I hear that we have to have identity information opened up so
> > >> >the EMTs can get them, I really hear that we need to do this so that
> > >> >the security forces can get them when you're declared an enemy
> > >> >combatant, or attend the wrong public gathering.
> > >> >
> > >> >        Jon
> > >--
> >
> >--------------------------------------------------------------------------
> > >Troy Benjegerdes                'da hozer'
> hozer at hozed.org
> > >
> > >Somone asked me why I work on this free (http://www.fsf.org/philosophy/
> )
> > >software stuff and not get a real job. Charles Shultz had the best
> answer:
> > >
> > >"Why do musicians compose symphonies and poets write poems? They do it
> > >because life wouldn't have any meaning for them if they didn't. That's
> why
> > >I draw cartoons. It's my life." -- Charles Shultz
> > >
> >
> >
> >
> > --
> > Jaco Aizenman L.
> > My iname is =jaco (http://xri.net/=jaco)
> > Founder                - www.virtualrights.org
> > XDI Board member - www.xdi.org
> > Tel/Voicemail: 506-3461570
> > Costa Rica
> >
> > What is an i-name?
> > http://en.wikipedia.org/wiki/I-name
>
> --
> --------------------------------------------------------------------------
> Troy Benjegerdes                'da hozer'                hozer at hozed.org
>
> Somone asked me why I work on this free (http://www.fsf.org/philosophy/)
> software stuff and not get a real job. Charles Shultz had the best answer:
>
> "Why do musicians compose symphonies and poets write poems? They do it
> because life wouldn't have any meaning for them if they didn't. That's why
> I draw cartoons. It's my life." -- Charles Shultz
>



-- 
Jaco Aizenman L.
My iname is =jaco (http://xri.net/=jaco)
Founder                - www.virtualrights.org
XDI Board member - www.xdi.org
Tel/Voicemail: 506-3461570
Costa Rica

What is an i-name?
http://en.wikipedia.org/wiki/I-name
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070210/d61f377c/attachment-0002.htm>


More information about the general mailing list