Healthy scepticism
By davebirch posted Jun 7 2007 at 10:27 AMTechnorati Tags: government, health, ID cards
What is it about smart cards and health? Health ought to be one of the places where getting someone's identity right -- and being able to authenticate them quickly and efficiently -- is a driver. In the U.K., indeed, smart cards are being used for access to NHS records, although with the Department of Health's recent security problems it might be better to just put everyone's health records on the web and be done with it. Anyway, according to Connecting for Health, staff will have smartcards and passwords, designed to restrict access to full data to those clinicians who need it, while administrative staff would only be able to see basic patient information. Sadly, in practice, this means that staff find the highest level card they can and leave it logged in all day so that anyone can look up anything, although whether the records they are looking at are real or not is another issue. Someone told me recently that Connecting for Health has been "descoped" so that medical staff can't get access to patient records any more, so perhaps security problems will go away. Or at least they will go away until home access via the website Health Space, which will be phased in from later this summer, starts up. This will give people passwords to look at their personal records from home. Connecting for Health say the site will be "highly secure, and will have far more protection than websites such as those which offer online banking". I will send a prize to the first person to receive a health phishing e-mail: "Hello, this is the Department for Health, we're just testing our security, please log in to your health record here...".
Why would anyone want to look at anyone else's health records anyway? Oh wait... Marlene Stallard was in the fight for her life with ovarian cancer when Stephanie MacDonald -- high-school sweetheart of Marlene's husband James Stallard -- accessed her private medical records and passed the information on to James. This sort of thing is against the law in Canada, and she was caught and fined $10,000. MacDonald gained access to test results, biopsy findings and X-rays belonging to Marlene 17 times between August 2005 and May 2006. (She used the information to try to "prompt James into a more permanent relationship".) So how did she get the data? Did she employ Russian master hackers? Create false identity papers? Break in to the hospital in the middle of the night? No, of course not. She was a clerk at the Dr. McPhalen Professional Corporation, and therefore had legitimate access to medical records. As an aside, note that the NHS employs something like a million people in U.K. which, in security terms, is everyone.
These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]
This country should be more concerned about who is accessing our medical records right now vs "how" it is being stored. Right now, and I mean right now, the major payors (insurance companies) are in COLLUSION with one another developing an INTERFACE to share a few common fields. By the time Americans realize what is happening, they will be denied a job or denied health insurance---BECAUSE THE INSURANCE COMPANY THE NEW EMPLOYER CONTRACTS WITH ALREADY KNOWS YOUR HEALTH INFORMATION! The security breech is already in the works with the major payors...forget about the smart card concept--THE DAMAGE IS BEING DONE RIGHT NOW WITH EVERY AMERICAN OUT THERE THAT HAS HEALTH INSURANCE!
Posted by: Melissa | 07/06/2007 at 12:20 PM
Dave, I think you answered your own question about why identity is hard to fit in health. It's about access to patient health data, not their identity.
The only serious attention I've seen to this is from the Chaum/Brands school. Digicash did a big project for the French medical system, and Stefan Brands' concepts address the ability to reveal sensitive information in defined slices.
However, I'm still skeptical. When I go to the doctor, I don't want her or myself to waste time. We want all access to all health info. The same goes with all the other 1000 or so accesses that might occur behind the scenes.
For such a world, the practical solution is total access at the technological level protected by meatspace security layers. Technological security will just get in the way.
Posted by: Iang | 07/06/2007 at 03:50 PM