[Dave Birch] The National Health Service’s vast Connecting for Health programme has within it a fascinating identity management case study. In order to ensure the security of the system — which naturally includes sensitive medical records — the NHS decided to issue smart cards to all staff. Unfortunately, a recent assessment found

…serious weaknesses in controls over access to patient data, with more than 4,000 NHS smartcards already missing and one in 10 trusts admitting they had no idea how many cards had been lost or stolen.

[From Pulse – The GP’s website – MPs told of new patient record breaches]

Many years ago, at a meeting of the Parliamentary IT Committee (PITCOM), I asked the then head of the programme, former management consultant Richard Granger, how security would be maintained in a system with more than a million users and I was told (rather abruptly, as I recall) that I shouldn’t worry about it because top security boffins had taken care of it, and that smart card would be required to access everything, and audit trail would be kept and so forth. Well,

The national rollout of the Summary Care Record is to take place this year and speaking during a debate over the committee’s inquiry into the rollout, Labour MP Keith Barron revealed examples where NHS workers breaching security controls had gone unpunished. Admitting he had previously believed the BMA to be scaremongering over the issue, he described one case in which no action was taken by a PCT after an employee gained access to identifiable patient information by persuading a district nurse to disclose her username and password.

[From Pulse – The GP’s website – MPs told of new patient record breaches]

Wait a moment! What happened to the smart card that would be required to access identifiable patient information? The system started off by requiring an unrealistic level of security, millions of pounds were spent trying to build it, and then they went back to usernames and passwords? This does not bode well for other giant databases full of personal information that will be kept secure (through mechanisms as yet unknown to science) despite having hundreds of thousands of users.

I’m no luddite — in fact I’m enthusiastic about the potential for IT to improve the delivery of services such as health care — but I don’t think that this has all been thought through properly. Which is odd, because I know (personally) a couple of the people who were involved in some of the security work on the project and they were both very, very good security guys. The problem must be institutional in some way, related to a disconnect between policy makers and system builders. Is it simply the scale of these systems? There is certainly an issue of numbers…

Under current plans eventually about 1.2m smartcards will be issued to staff across the NHS. The cards give varying levels of access to patient records, but more than 60,000 will offer GP-level access and a further 63,000 will give nurse-level access.

[From NHS smartcard losses raise security concerns – Computerworld UK – The Voice of IT Management]

But that doesn’t explain why identity management and security can’t be dealt with more effectively. I’m convinced it’s because the mental models of identity and authentication that are used by the politicians are so outdated. As I’ve said before, in large scale deployments like this it’s going to be difficult to make any real process so long as “the card” is seem as the fundamental and indivisible unit of identity. We need proper digital identity infrastructure to make systems on this scale manageable and a first step would be to decouple the management of the card (an “IT issue”) from the management of the identities (a “business” issue).

These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]

Leave a Reply


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.
%d bloggers like this: