tag:blogger.com,1999:blog-20382865.post1030167872261363716..comments2023-05-19T05:11:35.329-04:00Comments on Dr. Greiver's EMR: First week on EMRMichelle Greiverhttp://www.blogger.com/profile/15528486116262255346noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-20382865.post-10668485588992013812008-05-14T22:11:00.000-04:002008-05-14T22:11:00.000-04:00Thank you. I have walked into a company's office ...Thank you. I have walked into a company's office and seen email passwords on post-its, stuck on the computer screen. When I asked, it was because the password changes every 6 weeks, you can't re-use passwords etc. People just can't remember the thing, can't manage the security, so it gets completely bypassed. Security experts need to think about how people function too.<BR/><BR/>I am not saying that security is a bad thing, on the contrary. I am saying that we need some common sense, a balance, and an estimation of risk vs benefits of security measures. "Intelligent risk management", if you wish.<BR/><BR/>As an example, when an ambulance is called, the paramedics have to start CPR, whether it is appropriate or not. We now have a new form that patients can sign, authorizing no CPR (Do not rescuscitate); if someone has terminal cancer, they may make the choice of DNR. The form has a serial number on it, and can only be ordered from the Queen's printer, on pads of paper. A downloaded form is not to be used; if it is signed and witnessed, but does not have the serial number, it is not valid. This is yet another example of really good security measures, ensuring that almost no one will use the document.<BR/><BR/>MichelleMichelle Greiverhttps://www.blogger.com/profile/15528486116262255346noreply@blogger.comtag:blogger.com,1999:blog-20382865.post-83213629624795099642008-05-13T16:20:00.000-04:002008-05-13T16:20:00.000-04:00I totally agree with your comments about security....I totally agree with your comments about security. When we think about security, we need to think about both the costs and benefits. What people tend to do instead is to use fear-mongering rhetoric when discussing security issues, and people rarely get around to discussing what the costs of security are. As you point out, if security makes a system too difficult to use, it will completely derail the system, making it useless to everyone. We need to have more open disussions about the realistic risks associated with security breaches, and balance the appropriate security measures with system usability.Anonymousnoreply@blogger.com