In article <9311261629.AA05385@gold.chem.hawaii.edu> you write:

...

I realize that this is of marginal crypto import, but I need as much info as possible on Hospital Information Systems and security. Especially on CICS and AIX systems. Do any cryptographic protocols exist yet to protect huge interactive medical databases?

What specifically are you asking about? Are you talking about encrypted password protection or encryption of part or all of the databases?

The company I work for does a lot of work with HISS systems. We've been told to develop a system to display selected data from a HISS on PCs for use by hospital staff. (Possibly off the premises). We asked about security and encryption, and were told we could leave all the patient data in clear but to encrypt the file containing the names and the correspondence between those names and patient data. I don't think this is sufficient - I'm sure anyone getting the data could work out who it was about from all sorts of internal detail - but that's all the UK Health Service at least expects. We will, of course, be putting in a *considerable* deal more security than they mandate as minimum, because if patient data were to get out via one of our products, it would be no use saying 'but the NHS said that was all we needed to do' - not only would we be morally negligent, but it would do our company's public image no good at all. G -- Personal mail to gtoal@gtoal.com (I read it in the evenings) Business mail to gtoal@an-teallach.com (Be careful with the spelling!) Faxes to An Teallach Limited: +44 31 662 4678 Voice: +44 31 668 1550 x212