Welcome to LinuxMedNews
 up a level
 post article
 search
 admin
 main


  Closed Medical Software Poses Unacceptable Risk
Security Posted by Saint on Saturday April 15, @08:46AM
from the prankster-and-the-greenie-genie dept.
Eric S. Raymond discusses the recent Microsoft security debacle in which an engineer inserted a back door in a library that allowed access with the phrase 'Netscape engineers are weenies!' The article notes that 'Apache will *never* have a back door like this one. Never may sound like a pretty strong claim. But it's true.' he further states 'Anybody who trusts their security to closed-source software is begging to have a back door slipped on to their system...' Clearly, in medical systems which contain patients most personal information, this is unacceptable.

Having recently gone through a lengthy bidding process for a hospital EMR system, I note that no open-source system or Unix based system was even on the table. It was all Microsoft based, with closed-source Electronic Medical Record(EMR) software added on. Unless conditions change, this will be the most common type of system for the forseeable future.

Without a doubt, security flaws on these systems will be found and exploited, giving EMR's a black eye and putting the adoption of these systems back in the setting of a rightfully nervous public.

Raymond's other points are compelling when he states that 'Microsoft HQ is doubtless sincere when it says this back door wasn't authorized... sincerity will [not] be any help at all...If you don't have any way to know what's in the bits of your software, you're at its mercy...Open-source software, subject to constant peer review, evolves and gets more secure over time.'

A risk that is peculiar to medicine, which the article doesn't discuss is the possibility of intrusion of government and insurance into patient data. The only way to insure against a government or insurance company back door (legal or otherwise) is to have an open source, secure system that a practitioner owns. Patient advocacy groups and practitioners can then at least know or have the potential to know about back doors and safeguard against them.

Practitioners are gambling with their patients confidential information if they use closed source. It is only a matter of time before a security hole is exploited in a closed source EMR. This will result in lasting damage to public opinion and the adoption of these life-saving systems. This is unacceptable. This is why open source in medicine is the only option.

  Post Reply

Name
Email
Notify Notify me via email of responses to this message
Title
Comment
(Check those URLs! Don't forget the http://!)
Encoding
If none of the above mean anything to you, select 'Plain'!
Attachment
(You can attach a file to your reply which can then be retrieved by other readers.
Try to keep the file sizes below 500Kb in order to conserve network and server resources.)

Enter the above code (*Required)
Allowed HTML <B> <I> <P> <A> <LI> <OL> <UL> <EM> <BR> <TT> <HR> <STRONG> <BLOCKQUOTE> <DIV .*> <DIV> <P .*>
Important Stuff:
  • Note: Fields with bold titles are required.
  • Please try to keep posts on topic.
  • Try to reply to other people comments instead of starting new threads,
  • Read other people's messages before posting your own to avoid simply duplicating what has already been said.
  • Use a clear subject that describes what your message is about.
  • Please do not post offtopic, inflammatory, inappropriate, illegal, or offensive comments. Repeat offenders will be sanctioned.

    •  
    Google
     
    www.linuxmednews.com Web
    Advertisement: CCHIT certified EMR and Medical Practice Management Software from Medical Software Associates makes patient management easy. Free practice management and medical billing software demo available.
    All trademarks and copyrights on this page are owned by their respective companies. Comments are owned by the Poster. The Rest ©2000-2006 Ignacio Valdes, MD, MS.