BBC medical records story

Owen Blacker owen.blacker at wheel.co.uk
Wed, 6 Mar 2002 13:37:25 -0000 

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Pete Chown:
> 
> > They will expect whoever issued the card to keep a backup.
> 
> But if they do that, why have people carry the data around?  Why not
> just get the person to identify him or herself and then read 
> it from the "backup"?

The main reason, I think, for not doing that is political.  People will;
like the idea of "carrying their own data", despite it not belonging to
them or being accessible to them and despite carrying it 24*7.

Surely a secure online store would be a better way of handling the data
anyways?  Think, for example, of the computers that US cops have in their
cars that allow them access to individuals' criminal records.  An analogous
system would, surely, be a better way to handle it (from a technical PoV,
not a privacy one), rather than insist people remember to bring along a
piece of card (or even a CD ROM) with them.  I can barely remember to
ensure I take urine samples with me to the doctor's, when required, much
less a smartcard.

And I don't think my medical records would fit on a smartcard chip,
either...  *GRIN*

Another point, raised on another list, gave me cause to think a little. 
I'm quoting, unattributed for anonymity:

| I had cause to visit my GP a couple of years ago, and she was very
| helpful.  I was visiting her about what some people might consider to be
| a sensitive matter, and at the time stressed that I was concerned about
| the permanent storage of what I was saying to her on my medical records. 
| I did not want a permanent record of something that might adversely
| affect my choice of career.                                              
|                                                                     
| 
| Basically, I didn't want the reasons for treatment going on the records,
| but had no problem with the treatment itself being recorded.  She very
| obligingly recorded a lot of the information I gave her on a 'Post-It'
| note for disposal later, only recording what she actually had to on the
| formal records.  I was, as you can imagine, very grateful.               
|                                                        
| 
| I would be worried that were records electronic, or perhaps stored on a
| central database, the ability to do something like this might be
| compromised, and that's without even going into the privacy / security
| issues.  

Though that's more an argument against computerisation, that smartcarding,
of course.


O x
- -- 
Owen Blacker
Senior Software Developer, InfoSecurity Consultant  Wheel:Kensington
See http://www.owens-place.org.uk/pgp.html -- more about my PGP keys
Sig  0xb48e805e | 0e31 ac2a 4ff2 62a0 89da  ddef 4223 99a6 b48e 805e

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0
Comment: Pls see http://www.owens-place.org.uk/pgp.html about my keys

iQA/AwUBPIYaskIjmaa0joBeEQKWRgCeJozT8uM3NBa6IbcOH32AHrswtR0AoMfu
IjcyvxrwvBdfQa1FHNCjxw81
=r1Xk
-----END PGP SIGNATURE-----

_____________________________________________________________________
This message has been checked for all known viruses by UUNET delivered 
through the MessageLabs Virus Control Centre. For further information visit
http://www.uk.uu.net/products/security/virus/