This adds a number of significant additional risks:
It adds a delay.
It adds the risk that the human will mix records, or will fail to do the job without reporting back.
It generates confidential waste that needs to be managed.

I work a specialist hospital, which gets patients from over a wide region, including neighbouring states. The normal way of transferring X-ray/MRI/CT records is by file transfer from one hospital's server to the other. However, for hospitals which are not common "feeders", which haven't gone to the expense of setting up the particular VPN connections required to connect into our site, a different approach was required.

So, when a patient is transferred to have their brain haemorrhage removed, the scanning hospital must first prepare a CD (using a proprietary encryption tool, to meet local regulations regarding confidentiality - a standard encryption format (including public key encryption to simplify key management) for medical image files has finally been introduced in the 2013 update to the specification, but is useless due to zero support in existing devices, and a typical device replacement period of 8-15 years), the CD has to be labelled, sent with the patient, taken to an admin office, the password has to be obtained by phone call, the proprietary encryption decrypted, the clear files burned to a new CD, and the clear CD loaded into the server (which has a specification conforming medical device is not permitted to load files except from a specification-conforming medium - i.e. an unencrypted CD or single layer DVD-R (with the files recorded in clear in a specific directory structure).

This adds substantial time, and frequently goes wrong. I've had blank (unrecorded CDs) sent with patients; CDs for the wrong patient; CDs labelled correcly, but with some other patient's images on; Some where the password has been lost, and a new disc has to be burned and couriered over; I've had episodes where the technologist on a 3 am, doesn't know how to burn a CD, or doesn't know how to the work the new proprietary encryption package that they're now seeing for the first time; we've had problems with permissions, where the technologist on-call cannot burn a clear CD, because their group policy has blocked CD burning under their user profile, etc. I'm aware of a number of cases, where patient's have gone for emergency brain surgery, where the only scan the surgeon has to guide the surgery, is a photo of a computer monitor taken with a cameraphone and sent by MMS (let's not even start on the privacy aspects of that).

Of course, with care, this procedure work, and we use it during network downtime (planned and unplanned). Similarly, we have backup plans when out CT scanner can't connect to the regional patient registry to verify identities, etc. However, in audits of data quality problems and data mix-up incidents, pretty much 100% can be traced to the use of a manual intervention.

It depends. A/V software can hook large parts of the OS.

Most commercial A/Vs these days hook into the network stack at the packet-driver level (below the TCP stack), into the keyboard driver (anti keylogger, the hardware driver is hooked, and an encryption routine hooked. When a browser extension, or supported tool detects confidential data such as access to online banking, the encryption hook is enabled, and the key presses are encrypted at hardware driver level, and then decrypted by the browser extension; any keylogger running at anything higher than hardware driver will see only encrypted data).

For kernel bugs, it would likely be possible to hook the calls into the kernel at the appropriate point, and block "suspicious" activity. Similarly, for remote network attacks, an A/V system could simply drop packets known to contain an attack, before they get very far into the networking stack.

This probably won't fix all vulnerabilities, but pro-active A/V companies could certainly reduce the attack surface significantly.

Then, don't forget modern firewalls with deep packet inspection - many are capable of sophisticated protocol or application specific filtering.

Indeed. I have had a 1080p 30fps dash cam with wide-angle lens, sound, GPS, accelerometers, etc. with sophisticated recording management for nearly 18 months.

In the last 12 months, cameras with wifi, android/ios apps, to view and manage video/records/configuration while the camera is still operating (e.g. following a collision, the video of teh incident can be shown to an attending police officer, without the need to switch off the camera and install the memory card in a reader) are now standard fayre - available off the shelf.

Interestingly, this is the opinion that the UK courts had, over a legal case about just what "unlimited downloading" means in a residential broadband contract.

A customer had restrictions put on his account after purchasing what was advertised an "unlimited downloads" ADSL package. However, it turned out that this package actually had a 1 GB/month data cap, after which the connection would be throttled to approximately 32 kbps.

He sued the ISP for mis-selling, but the courts agreed with the ISP, that technically his connection was unlimited, as it had not been cut off completely, merely throttled, and that the 1 GB cap was sufficiently high that it did not need to feature in the advertising material.

Yes, they are well aware of that fact. Their argument was that open source was a security risk, because it would make probing for vulnerabilities easier. And because open source was a risk, the source had to be closed and only shown to persons on a strictly need to know basis.

The problem wasn't so much with virtualized IO. The problem was the way in which the middleware communicated with the *client* software on the workstation. It did some horrible hackery where it loaded the other apps DLLs and directly called various interfaces exposed by the DLLs in the software to send messages. No RPCs or pipes in this software (which says something about the quality of the middleware).

No one could find a way of doing that unless the client software ran in the same VM as the middleware. This would have been an option, but these workstations did *nothing* else apart from run these half-dozen apps.

It was decided that it was better to just run XP on the bare metal, than load win 7 with nothing except VMware, which would then run the fully loaded XP.

The problem is customers. I work at a major hospital and a local consortium is looking to purchase some new medical records software, worth about $10 million.

We've been drafting the new contract for tender, and line 1 of the tender instructions is "The software will run on Windows Server 2008 R2 or Windows Server 2012 64-bit on the servers, and on Windows XP, 7 and 8 32-bit and 64-bit on the client side". I protested at this, but was told by the technical chair, that this term was not negotiable as it was a critical part of the spec; they simply did not have the in-house experience to manage a *nix system.

Later on, there was another line in the tender instructions. "The distribution of the source code of the product must be strictly controlled with appropriate audit trails for persons who have seen it, includes the source code of any 3rd party components used within the product". Again, I protested about this, but the chair of information governance and security said, that this term was non-negotiable due to the large volume and the critical nature of the data stored in this system!!

True. However, there may be issues of vendor support. Some business apps are, and this includes specialist medical apps, mission critical, or at least sufficiently important that business may be compromised in the event of failure.

I know one hospital that recently upgraded their hardware. However, some of the middleware needed to make their various medical records applications work together, was only supported by the vendor on XP SP1. There were several problems:
1. The critical nature of this middleware, and the fact that the vendor would not support windows 7 (or even XP SP3) with their version of the software.
2. The complex interaction of this middleware with so many other apps meant that they could not run the middleware in VM as it would not connect to the other apps via OLE/COM or whatever non-networkable protocol it used.
3. The prohibitive cost of sourcing an updated version of what was effectively a custom built solution, and the fact that the original vendor had been bought-out by a new company who were desperate to kill the original product, but were tied into a 10 year support contract. So, although they were contracted to provide 10 years of support, they were only going to support the original config.

The result was that when the original hardware reached end-of-life and had to be updated late last year, the hospital had shiny new quad-core Xeons with 8 GB ECC RAM, and 15k RPM SAS RAID workstations with 2 GB Quadro cards running XP SP1.

Well, it's $1000 for the consumables for the device, and the operator's time. Then there's the cost of the machine, building, admin, etc.

In reality though, this is extraordinarily cheaper than what is done at present. Currently, if a physician suspects a genetic disorder, then they the typical process used in a medical genomics laboratory is to use a "matching" technique where the patient's DNA is matched to known mutations. Typically, this costs around $500-700 per mutation tested against. For a number of diseases, this only gives a 75-80% accuracy, because certain genes are prone to new spontaneous random mutations, and have a lot of "normal" functioning variants - so simply checking for a known good gene isn't an option. As a result, these patients end up only with a presumptive diagnosis, leading to difficulties in family and reproductive counselling (i.e. do siblings need to be aware of the risk of passing on a genetic disorder to their offspring?)

Sequencing is occasionally performed in patients with unknown presumed genetic diseases, where a suspected gene is known - but the cost is very high, and it is infrequently done, unless a whole family are affected, and it is possible to identify which the culprit gene is likely to be.

Total genome sequencing, while not a panacea, would greatly help the diagnosis and research into newly recognised, presumed genetic diseases. If the total cost of the testing can be brought down to $2000 per analysis, then that would be cheap compared to the current techniques for genetic diagnosis.

Finally, as to the MRI - the actual cost of an MRI scan including scanner, building, maintenance, staff, admin is about $300-600 depending on scan complexity (or at least, that's the "bulk" price charged by private MRI facilities to insurers or hospitals who have exceeded the capacity of their own MRI scanners).

The big changes which have affected apple with the implementation of IEC 60950 Amendment 1 are:

1. Requirement for guards and warnings on fans located within equipment where the fans are accessible during user maintenance/servicing.

The previous regulations did not specify particular requirements for guarding during servicing, on the assumption that service personnel would be expected to know where fans, etc. are.

The new regs for fans in areas accessible during user maintenance are: A fan likely to cause pain if contacted by a finger, needs at minimum a warning label. A fan likely to cause injury if contacted, needs both a label and a guard. In both cases, if the user is expected to service the fan, the some method of deactivating the fan needs to be labelled (e.g. a sticker saying disconnect mains power before removing fan guard would be sufficient).

Where equipment is intended for maintenance by qualified service personnel only, then fan guards are not required.

2. New methods of testing fully solid-state circuit breakers used for providing power to externally accessible ports.

Prior regs only required short-circuit testing of electronic circuit breakers (e.g. as provided on USB ports). The new regs prescribe a whole suite of tests, including response times, handling pulsed overloads, etc.

A number of the Japanese manufacturers use a similar system.

Toyota use a dual NFC (RFID) / "far-field" radio system. The same transponder in the fob is connected to both an NFC antenna, and a battery powered MCU and RF power amp.

With a working battery, a button push on the fob will cause it to transmit an appropriate radio signal to the car. When key-less starting, the battery will provide power to the RFID transponder, and power the RF amplifier to allow a successful authentication whenever the fob is in the interior of the vehicle.

In the event of a discharged or removed fob battery, there is a mechanical key concealed in the fob which can open the vehicle doors. By placing the fob directly on top of the "push-to-start" button, then transponder will be sufficiently energized by the car's antenna (which is concealed in the button) to complete an authentication transaction.

That's not correct. The Data Protection Act allows disclosure, "on or by order of a court", for the purpose of "legal action", for "legal advice" or for "defence of any legally recognised right".

So, for example, if I enter into a contract with another party, even if I refuse consent for my personal information to be handed to a 3rd party; if I fail to pay a contractual obligation, the other party to the contract can pass my details on to a debt collection agency, as they are defending the legal right to collect monies owed.

No, the legal process of handling illegal parking has been delegated to councils and does not require police involvement.

However, more concerning is the fact that there are a lot of private parking enforcement contractors operating on private land. The DVLA also offers a service to these private companies, whereby the DVLA provide drivers' identity details from a plate number, in exchange for a fee. Technically, this service is open to any party who can provide a legitimate reason for wanting it.

Hence, if I were to park at a supermarket car park, and overstay the 2hr free-parking period, I might "implicity agree to a contract where I pay £100 per 24 hours to park", as stated in the small print on a sign by the entry road. A private contractor can then contact the DVLA with my plate details, and the DVLA will provide my name, address, DOB and other details.

I recently tried to do the same, because a driver was repeatedly parking on my land and obstructing access to it by my own vehicles. He failed to respond to notes on the car, and he kept late hours, so never saw him in person. I contacted the DVLA (and paid their fee) with the plate details and explained that I needed the details to send formal notice of impending legal action for trespass. The DVLA refused, stating that I did not have legitimate grounds to request this privileged personal information.

Probably magneto-optical disc, as those were widely used in medical imaging at that time. Although each generation of MO disc was supposedly backwards compatible, in general, the backwards compatibility was flaky as hell. So, although a 540 MB MO disc should be readable in a 5.2GB drive - in practice, this often wouldn't work. Only a 540 MB drive could be used.

In general, the workstations were supplied as a complete package with an expensive support contract, so no hardware modifications were possible. As MO was the standard method of archiving medical data in the late 1990s/early 2000s, when this device was likely acquired, there may not have been any other type of drive attached to the workstation. So, while the image could be displayed on screen, it could not be copied to a new medium (like a CD).

Alternatively, it's possible that the last 540 MB drive died, and none of their existing drives could read it. I know at one hospital where I was doing some research on MRI scans, I needed to retrieve some historical scans which were on 540 MB MO discs. We couldn't read them on anything in the hospital, even though are modern drives were supposedly compatible (or the OS was incompatible, e.g. the discs were formatted in ext, but the drive was connected to a windows box). In the end, I used some research funds to buy a refurb drive off ebay, and connected that to a linux box which could copy the data onto a more practical format. I could get away with doing that myself in a research context - if a hospital had to get an IT consultant in to source the drive and do the format conversion, then the bill could have been substantial.

In the UK, 7 years from last modification date is generally regarded as the minimum retention period. Up till now, paper records would be destroyed after this point, due to the cost and space constraints of maintaining them. However, some hospitals would have microfilmed them, or scanned them into a document management system prior to destruction, with retention of the microfilm or digital data for a longer period.

However, although 7 years is the "normal" retention time, there are lots and lots of exceptions; cancer cases , clinical trials, legal cases - 25 years after death; children - at least till age 25 or 7 years after death; the list goes on and on...

One of the things with digital data storage, especially server based storage is that it is now so cheap that there is much less pressure to destroy data. I was recently involved in purchasing a PACS system (digital X-ray/CT/MRI storage/viewing solution). One of the things that I asked the vendors was do they offer a method to destroy old data to free up space on the discs. (the previous system was subject to an insane markup on the cost of the SAN, and not only that, the system didn't support tiered storage, so the only storage upgrade option that the solution vendor would support was another EMC box of 15k drives with a 200% markup on top). Out of 8 vendors, 7 stated that they do not support automated data destruction; the answers basically came back "we sell this software in 53 countries. We have never had this request outside of the UK. Bearing in mind that we are only charging you $500/TB for archive storage on SATA arrays, realistically, why would you ever want to delete anything when the cost is that low, and only set to drop further if you purchase an upgrade at a later date?".

While current guidelines do recommend data destruction when the data is sufficiently old, and with the cost of storage continuing to drop, have decided that it is better to hoard it just-in-case.