About The Blog

Debate at the intersection of business, technology and culture in the world of digital identity, both commercial and government, a blog born from the Digital Identity Forum in London and sponsored by Consult Hyperion

Advertisers

Technorati

  • Add to
Technorati Favorites

License

  • Creative Commons

    Attribution Non-Commercial Share Alike

    This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.

    Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.

« Register this | Main | The key biometric? »

Healthy scepticism

By davebirch posted Jun 7 2007 at 10:27 AM
[Dave Birch] There's a definite problem with stronger identity management in health. The German health card, a sophisticated and smart new card, is going to be postponed considerably. A health specialist called Daniel Bahr says that the card will not be rolled out before 2010 and compares the fiasco with tolls for trucks on the autobahn, which makes me curious to know what's going on with German road-tolling. The German Association of the Information Sector, Telecommunications, and New Media (Bitkom) is reporting that doctors' practices and hospitals invested 3.7 billion euros in information technology and telecommunications (ITC) last year, 5 percent more than in 2005. In 2007, the Association expects these expenditures to increase by 4 percent to 3.8 billion euros. Bitkom writes that "the launch of the electronic health card will save some 500 million euros annually according to conservative estimates." Not for a while, apparently.

Technorati Tags: , ,

What is it about smart cards and health? Health ought to be one of the places where getting someone's identity right -- and being able to authenticate them quickly and efficiently -- is a driver. In the U.K., indeed, smart cards are being used for access to NHS records, although with the Department of Health's recent security problems it might be better to just put everyone's health records on the web and be done with it. Anyway, according to Connecting for Health, staff will have smartcards and passwords, designed to restrict access to full data to those clinicians who need it, while administrative staff would only be able to see basic patient information. Sadly, in practice, this means that staff find the highest level card they can and leave it logged in all day so that anyone can look up anything, although whether the records they are looking at are real or not is another issue. Someone told me recently that Connecting for Health has been "descoped" so that medical staff can't get access to patient records any more, so perhaps security problems will go away. Or at least they will go away until home access via the website Health Space, which will be phased in from later this summer, starts up. This will give people passwords to look at their personal records from home. Connecting for Health say the site will be "highly secure, and will have far more protection than websites such as those which offer online banking". I will send a prize to the first person to receive a health phishing e-mail: "Hello, this is the Department for Health, we're just testing our security, please log in to your health record here...".

Why would anyone want to look at anyone else's health records anyway? Oh wait... Marlene Stallard was in the fight for her life with ovarian cancer when Stephanie MacDonald -- high-school sweetheart of Marlene's husband James Stallard -- accessed her private medical records and passed the information on to James. This sort of thing is against the law in Canada, and she was caught and fined $10,000. MacDonald gained access to test results, biopsy findings and X-rays belonging to Marlene 17 times between August 2005 and May 2006. (She used the information to try to "prompt James into a more permanent relationship".) So how did she get the data? Did she employ Russian master hackers? Create false identity papers? Break in to the hospital in the middle of the night? No, of course not. She was a clerk at the Dr. McPhalen Professional Corporation, and therefore had legitimate access to medical records. As an aside, note that the NHS employs something like a million people in U.K. which, in security terms, is everyone.

These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]

TrackBack

TrackBack URL for this entry:
https://www.typepad.com/services/trackback/6a00d8341c4fd753ef00df351fc4548833

Listed below are links to weblogs that reference Healthy scepticism:

Comments

This country should be more concerned about who is accessing our medical records right now vs "how" it is being stored. Right now, and I mean right now, the major payors (insurance companies) are in COLLUSION with one another developing an INTERFACE to share a few common fields. By the time Americans realize what is happening, they will be denied a job or denied health insurance---BECAUSE THE INSURANCE COMPANY THE NEW EMPLOYER CONTRACTS WITH ALREADY KNOWS YOUR HEALTH INFORMATION! The security breech is already in the works with the major payors...forget about the smart card concept--THE DAMAGE IS BEING DONE RIGHT NOW WITH EVERY AMERICAN OUT THERE THAT HAS HEALTH INSURANCE!

Dave, I think you answered your own question about why identity is hard to fit in health. It's about access to patient health data, not their identity.

The only serious attention I've seen to this is from the Chaum/Brands school. Digicash did a big project for the French medical system, and Stefan Brands' concepts address the ability to reveal sensitive information in defined slices.

However, I'm still skeptical. When I go to the doctor, I don't want her or myself to waste time. We want all access to all health info. The same goes with all the other 1000 or so accesses that might occur behind the scenes.

For such a world, the practical solution is total access at the technological level protected by meatspace security layers. Technological security will just get in the way.

The comments to this entry are closed.