> It says that whatever else you implement in terms of security you must implement a bypass that can be activated by routinely non-authorised staff to access health information if someone's life is in danger.
Huh.
I can see why this needs to exist, but hadn't thought of it before. Same deal as cryptography and law-enforcement backdoors.
> logged and reviewed after use
I was going to ask how this has protection from mis-use.
Seems good to me… but then I don't, not really, not deeply, not properly, feel medical privacy. To me, violation of that privacy is clearly rude, but how the bar raises from "rude" to "illegal" is a perceptual gap where, although I see the importance to others, I don't really feel it myself.
So it seems good enough to me, but am I right or is this an imagination failure on my part? Is that actually good enough?
I don't think cryptography in general can use that, unfortunately. A simple review process can be too slow for the damage in other cases.
Huh.
I can see why this needs to exist, but hadn't thought of it before. Same deal as cryptography and law-enforcement backdoors.
> logged and reviewed after use
I was going to ask how this has protection from mis-use.
Seems good to me… but then I don't, not really, not deeply, not properly, feel medical privacy. To me, violation of that privacy is clearly rude, but how the bar raises from "rude" to "illegal" is a perceptual gap where, although I see the importance to others, I don't really feel it myself.
So it seems good enough to me, but am I right or is this an imagination failure on my part? Is that actually good enough?
I don't think cryptography in general can use that, unfortunately. A simple review process can be too slow for the damage in other cases.