[Cryptography] Auditable logs?

[dan at geer.org]

Where I do think this has relevance is Electronic Health Records
(EHRs).  I do not see a unitary EHR per person but rather, like
today, health records dispersed at least as broadly as the number
of providers that the patient has (your internist has some, your
cardiologist has some, your urologist...) plus the number of insurance
carriers involved plus, perhaps, regulatory overseers of the most
nannified sort.  Today this is part self-protection on the part of
the provider against the event of malpractice claims -- "Here is
the information I was furnished from the laboratory and thus my
decision was as follows."  It is also partly that in most (U.S.)
states, the medical record is the property of the provider, not the
patient.  (Ownership was legislatively swapped from patient to
provider in the middle 1970s in Massachusetts when I was myself
working in teaching hospitals on the then-novel idea of an automated
health record; such change became a generalized trend nationwide.)

In short, there is little to no likelihood of a unitary EHR for the
patient and thus it is likely that logs will have increased meaning
including in front of juries.  On the other hand, there are those
in the medical community with whom I am still in touch who believe
that in due course the ownership of the medical record will revert
to its previous form, i.e., that the patient will own it.  Whether
patients will want to have the facility of log analysis over how
their providers use their EHRs, including how those to whom their
providers outsource use their EHRs, remains unknown.  People on
this list are probably not representative of the general public in
these matters.  In any case, we have begun a natural experiment on
the importance of auditable logs though probably a slow running one.

--dan