I spent all day today in a meeting discussing technical aspects and challenges for PING, the Personal Internetworked Notary and Guardian. It is a very interesting project, funded via federal grant, to come up with a way for individuals to control access to their own medical records.
The idea is that medical facilities not only don't give patients access to their own records, but they also sometimes give access to those records to parties whom the patient might not approve of. So the patient is stuck not knowing what their own records say, not being able to get other medical practitioners the information they need, and losing a lot of privacy. Read more about it in British Medical Journal and the International Journal of Medical Informatics. (Sorry gnat, it is not bioinformatics, but it is close ... .)
Some of the problems they are running into are some of the same ones many of us run into daily. How to keep data secure, how to accomplish reasonable authentcation, how to protect privacy, how to be scalable. The problems are exacerbated by the heightened interest in security, however; everything in my medical record, including what is in my record, has to be encrypted. Even the "database" of patients is distributed, and only by having proper permissions can you gain access to that information.
Did I mention the whole thing is going to be Open Source? Perhaps not. So far the reference implementation is in Java, but a PING server can be written in any language, so long as it follows the API and specifications. Of course, that means a whole layer of dealing with standardizations and certifications and ... maybe Java is an appropriate language for it to be written in. ;-)
Anyway, the technical problems are significant, but not insurmountable. Public acceptance is a much tougher issue. It is very interesting, and I have only spent a day thinking about most of it, which is far too much to express here and far too little to fully grasp it all ... as with most of life. :-)