How secure is my messaging protocol for clinical communication?

Add to your list(s) Download to your calendar using vCal

• Mohammed Al-Ubaydli
• Friday 16 January 2009, 16:00-16:30
• Computer Laboratory, William Gates Building, Room FW11.

If you have a question about this talk, please contact Ross.Anderson.

I am working on a secure messaging protocol for patients and clinicians. At the moment, patients are sending their questions over e-mail to NHS clinicians and the clinicians are forced to either ignore the questions – because of the insecurity of the medium – or send clinical information in the clear – because of trying to serve the patient’s immediate clinical needs.

I am hoping to offer a better service that is more secure but minimizes impact on clinicians’ workflow, i.e. by allowing them to continue to use their NHS e-mail. I need to know from the group:

1. how technically secure is this protocol?
2. where are the social engineering vulnerabilities?
3. are vulnerabilities low enough to allow adopting this protocol as an improvement over existing workflow?

By way of background, my name is Mohammad (www.mo.md) and I trained as a physician at Cambridge University and a programmer at Anglia Ruskin University. I wrote six books about the use of IT in health care but have no expertise in security so was hoping to benefit from the Friday security group meetings.

This talk is part of the Computer Laboratory Security Group meeting presentations series.

This talk is included in these lists:

• All Talks (aka the CURE list)
• Computer Laboratory Security Group - Talks of Interest
• Computer Laboratory Security Group meeting presentations
• Computer Laboratory Security Seminar
• Computer Laboratory talks
• Computer Laboratory, William Gates Building, Room FW11
• School of Technology
• de239's list

Note that ex-directory lists are not shown.