Vista: Secure enough for hospital life support?

I’ve been wondering for some time about standards for the stability and security of applications and operating systems supporting critical systems, like electronic medical records, and especially those applications providing decision support (e.g. computerized patient order entry). I’ve tended to punt via disclaimers about not using them for critical systems, which users ignore at their peril (and ignore them they do).

Maybe Vista will set a new standard? Bill seems to thinks so, with a number of (very valid) qualifiers. And we’ll have to see what the EULA says . . .

Excerpt from an interview with Bill Gates, from Digg:

Journalist: Let’s imagine a hospital where life support systems are running Vista. Would you trust it with your life?

Bill Gates: . . . The answer to your question is that, absolutely, Vista is the most secure operating system we’ve ever done, and if it’s administered properly, absolutely, it can be used to run a hospital or any kind of mission critical thing. But it’s not as simple as saying “If you use Vista, that happens automatically”. The issues about patient records and who should be able to see them, the issue about setting up a network, so that authorized people can connect up to that hospital network, the issue about having backup power, so that the computer systems can run even if the generators go down. There are a lot of issues to properly set up that system, so that you have the redundancy and the security walls to make sure it fulfills that very critical function. So we are working with partners to raise their skills to make sure that when get involved in an installation like that they can make it secure. So I feel better about Vista than any other operating system, but there’s a lot of things that need to be done well, and we’re certainly committed to step up and make sure these security issues are easier and better understood.

Related Posts


I Seem to be a Spime: Why Nobody Wants EHRs and PHRs

How’s that for an obscure subject line? Please bear with me; I will explain. And if you, like me, have been trying to figure out how to implement electronic health records (EHRs) and personal health record (PHRs) in the face of seemingly unrelenting foot-dragging and friction, you might even find this worth reading. First off, […]

Read story