In Trust and PCAST model John Moehrke comments on the PCAST security model. For some reason blogger won't let me add comments. So here are some some legal requirements issues. Most states have similar rules. These are for MA.
The ruling case is DYLAN KEENE vs. BRIGHAM AND WOMEN'S HOSPITAL, INC. 439 Mass. 223. This was appealed, upheld, and later incorporated into MA law by the legislature.
In this case, B&W lost 8 hours of relevant medical records in a malpractice case. There was no indication of intentional destruction. This was an accident. As penalty, B&W was ruled in default. They could offer no defense. All claims were awarded without question. As a charitable hospital the damages were capped and their license to operate protected. A for profit organization or doctor's practice would have their license subject to revocation. One dissenting judge felt that this was too mild, and that B&W's record keeping practices should be reviewed and made part of their license renewal requirements.
PCAST may be unaware of the laws around record keeping. In most commercial operations, record keeping rules are determined by the organization until a court issues a legal hold. All medical records are subject to the equivalent of legal hold from the moment they are created. They can only be deleted when allowed by law. The medical provider is fully responsible for providing all medical records to a patient upon request. Failure to do so can cost them their license, and will cost them an immediate default for any lawsuit where those records are relevant.
The diagram shown could work if it is entirely within one organization. But if the user is in a different organization, it implies that the user has contracted with the DEAS to provide records management. The user is 100% responsible if anything goes wrong in the DEAS, so these will be interesting contracts with staggering insurance requirements to cover the penalties for any record keeping errors. If a doctor loses their license or a malpractice suit due to a record keeping problem, they will go after the DEAS insurance for compensation.
(All the above assumes that the data loss is un-intentional. An intentional violation of these record keeping rules is a felony punishable by up to 5 years in jail. But intentional violations are very rare. Almost all lost record cases are un-intentional.)
In MA, the ethical issues of patient access to medical records for personal use, professional evaluations, second opinions, etc. are covered by the same laws. The doctor or hospital can pay substantial fines and may lose their license if they lose records.
The users will also demand some extra capabilities from the DEAS. It is the users that are responsible for providing records to patients upon request. The users may have contracted with DEAS, but the patient deals with the user. Again, this is a legal requirement consistent with the ethical demands for the doctor to provide patient information to the patient upon request.