I produced a formal definition of most of Anderson's Security 'Principles' in
1996 (see http://www.soi.city.ac.uk/~bernie/hsp.pdf) and circulated it within
TC251 and ASTMS 31.1 in an attempt to promote a more formal approach to the
definition of EHR standards in general, and their security in particular.
This approach was met with almost universal hostility from both supply and
demand communities.
The problem is not only that formalisation is intellectually difficult but that
it exposes logical inconsistenciies in the composition of what practitioners
and users believe to be in their best interests (and promote as 'common
sense').
The exposure of such inconsistencies, and their repair by altering models on
both the supply and demand sides, is the essence of strategic development.
Unfortunately, it is also the bane of standardisation.
Quoting Tim Churches <tchur@optushome.com.au>: