Dr Paul Golik, secretary of North Staffordshire LMC and a GP in Norton-in-the-Moors, Stoke on Trent… accessed the personal details of a number of other patients registered elsewhere, including, with their consent, staff at his practice – all without being detected… ‘It’s basically open – we might as well put our names and addresses on Google,’[From Pulse – GPs’ fears over new IT security loophole]
This is apparently the Conservative Party’s plan anyway.
Health records could be transferred to Google or Microsoft under a Tory government.[From Google or Microsoft could hold NHS patient records say Tories – Times Online]
Why do health records have to be transferred anywhere? Everyone has to be registered with a GP, so let the GPs choose whichever service providers they want to store the data provided they comply with certain interface requirements. Then when I go to GP B while on holiday, he can put his smart card in his laptop and look up my health details at GP A (it would be easy to do: just make firstname.lastname@example.org autorespond with my health record in XML encyrpted using the public key of the requesting doctor). Of course, there might still be ways for it to go wrong, provided people are involved somewhere. Even the Germans are having problems securing national health data, although in their cases they’ve buggered it up in a “fail safe” way and lost the keys so that no-one can read the data, rather the having everyone read the data which I suppose if you’re going to make an error is the better way to do it.
Test runs with Germany’s first-generation electronic health cards and doctors’ “health professional cards” have suffered a serious setback. After the failure of a hardware security module (HSM) holding the private keys for the root Certificate Authority (root CA) for the first-generation cards, it emerged that the data had not been backed up.[From Loss of data has serious consequences for German electronic health card – News – The H Security: News and features]
Health is an acid test of identity management schemas. I happened to be in a meeting with some health care experts in connection with a project we’re working on and so had the opportunity to explore one or two options. Generally speaking, I think we need to rethink the approach so that we can more clearly distinguish between the security, convenience and privacy trade-offs that are involved. For example, one approach put forward is to put health records on to smart cards.
“Far better would have been to issue each of us with a smart card containing our medical records – to be presented at your GP, hospital or pharmacy – thus underlining the philosophy of personal responsibility for health.[From Daily Mail GP attacks NPfIT and calls for smartcard records (Tony Collins’s IT Projects Blog)]
I don’t want to run the risk of being maltreated, or not treated at all, because I can’t find my smart card. The smart card, or the mobile phone, or the USB key or wherever else I choose to store a key to my health records should be my choice and basically about convenience. The security of the system shouldn’t depend on my having any or all of these: if I want to look up my health record and change my address or correct an error, then my Health ID stored in my SIM should me it easier than going down to the surgery, that’s all. But that’s enough: I’d pay. In fact, I can remember going to a presentation about a smart card trial with GPs some years ago (was it in Birmingham or somewhere nearby? I can’t find it by googling) and a great many of the citizens involved were happy to pay, not because they cared less about privacy but because the smart card allowed them to log on from home and schedule appointments with the doctor without having to phone over and over again and then talk to a receptionist. On the web they could see the available appointment slots and click to book. Who wouldn’t?
If we are concerned about our medical records being read by the tabloids rather than by authorised medical personnel, then how about a text alert system, as is being introduced for credit cards? Let medical professionals have unrestricted access to my medical records through the use of their smart cards (not mine) and send me a text message every time my records are accessed. Then I can see for myself that my sensitive personal health data is being properly managed.
These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]