[mseebach]

First, this is not about doctors exchanging patients' medical histories, it's about two central government offices exchanging everybody's medical histories.

Second, the fact that security is (really!) hard is not a valid argument against doing it.

Third, there's a huge difference between the appropriate levels of security around individual patients' medical histories, a single doctors office worth of patients' data, and then the collective medical histories for every single patient in the nation.

[DanBC]

> Third, there's a huge difference between the appropriate levels of security around individual patients' medical histories, a single doctors office worth of patients' data, and then the collective medical histories for every single patient in the nation.

Hang on: If you're extracting an individual's medical data and putting that on a USB stick you better make sure it's encrypted, and that there are audit trails in place for who extracted the data, when, and why, and where they put it.

[walshemj]

Yes if its everyone's data you have a senior member of staff drive over and deliver it by hand Denmark isn't a very large.

[Lawtonfogle]

That it is hard isn't an excuse. That the customers don't pay for security is. And by pay I mean not only the paycheck but also funding and giving prestige and power to doing so. Government IT security is often seen as a necessary evil and most troubles stem from that view.

If you buy a cheap knockoff don't complain when it turns out to not be as good.