Now, I’m not arguing that a technology fan like me thinks that we shouldn’t modernise. And I’m certainly not arguing that we shouldn’t use smart cards. I rather like the French system, as it happens, where a doctor and a patient use both of their smart cards together in order to access health details. The problem is that without vision on the identity side — and I would, of course, argue for the kind of digital identity utility vision — you end up with a kind of Potemkin security: smart cards give the illusion of security but there is no actual security behind the facade.
Clearly, smart cards could make a big difference. I say “could”, because it’s not clear whether they are yet. Look at the experience in Croydon where the Mayday NHS Trust is using the cards already. Theoretically, the CfH smart cards will enable clinicians and administrators to log onto any NHS computer and access relevant information and services. But so far only one national application is available: the Choose and Book electronic appointment service (and it is only being used by 200 of 1,500 employees). In practice, all most staff use their smart cards for is logging on to existing hospital systems. In future the trust hopes to use the cards for the canteen, car parking and access but I should imagine that’s some way off. For one thing, it would mean having contactless or dual-interface cards, which they currently do not, and for another thing it would mean actually monitoring who is using what card, or even if they still have their card. Nearly 400,000 of these cards have been issued, including more than 60,000 with GP access. There are nearly 23,000 NHS “sponsors” (ie, people who can authorise issuing a card to someone). But there are no central records of cards that have been lost or stolen. The solution is, I’d imagine, would to store digital identities on the card and create shorter lifetime virtual identities for use in CfH. So, you might issue nurses with a virtual (and perhaps even pseudonymous) identity that will expire in a month — so if the card gets stolen it’s no use to a thief — whereas higher-level identities would require re-issuing in shorter cycles. Apart from anything else, this approach would begin to decouple the management of the card (and IT issue) from the management of the identity (a “business” issue).
These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]