personal identity in the health sector
DESCRIPTION
By Ralph Adam. Published in: ID Credentials, 2012, pages 74-77.TRANSCRIPT
el Credent- alssecure identity solutions
~•
Personal identity in the health sector
by Ralph Adam, freelance editor, communications & IT
"I'm just a waste of time and I can't tell what I'm good for" (From: I Think, Therefore I Am by A Moment's Worth, 2007).
Can I be you?
What is personal identity? That is 0 question which has puzzled
philosophers and social psychologists for centuries, ever since
Rene Descartes coined his famous tag Cogito ergo sum ("I think,
therefore lam"): does the fact that I exist, in itself, prove that I
con think and hove 0 permanent existence, os opposed to
'something' having different thoughts os moments change?
Consideration of what is meant by 'identity' is important for the
supply of personal services: we talk glibly of issues such os
'identity theft' without analysing what they mean. For example,
is it really possible for my 'identity' to be stolen? Or ore we, in
fact, talking about 'impersonation'? If I go on 0 phishing trip
and land your credit cord details in order to enjoy 0 shopping
spree - does that make you 0 victim of identity theft, or do you
become someone who has hod their cord details copied illicitly?
There ore many occasions when we impersonate others
legitimately or otherwise. Perhaps, pretending to be someone
else for fun. For actors, it is port of the job: spending on
evening os Henry V or Elvis Presley does not make them guilty
of stealing the King's identity! Similarly, if I enter 0 hospital
wearing 0 white coat and insist on doing 0 word round (os
someone did recently) or if I come from 0 poor country claiming
to be 0 local resident to obtain high-quality medical treatment
(possibly, using 0 stolen health card) does that make me on
identity thief? Or on impersonator?
When we refer to medical 'identity theft' we ore talking about
gaining access to medical services, money or goods through
the unauthorised use of someone's personal information, such
os their name, health insurance or social security number,
without their knowledge or permission.
74 ID c RED ENT I A L S I w w w 9 lob 0 I s n' 0 r I (0 m
What is a health service?
In discussing security in health services, we need to consider the
needs of 011the different user-groups within the system and
examine their features.
The key element of 0 health service is, of course, the patient.
Patients expect on ultra-high quality service to be provided at
little or no cost (and prefer their own financial transactions to
be handled invisibly); they anticipate treatment in clean, well-
run surgeries, clinics and hospitals by highly-prafessianal staff
who never make mistakes. They also expect perfectly-organised
record-keeping.
The second element is the staff - family and hospital doctors,
medical specialists, associated professionals, such os dentists,
opticians, pharmacists and radiographers, therapists, nurses,
midwives, information professionals, (such os librarians),
administrators (including receptionists and secretaries),
domestic staff: the list is long. Yet, 011must contribute to ensuring
o clean, efficient and secure environment. Privacy is very
important os is the need to provide on error-free service.
Confidential information must travel between 0 range of
professionals; medical records ore particularly sensitive and
everyone involved must be authenticated at every stage. This is
increasingly achieved through the use of public key
cryptography (PKI) with digital signatures and secure payment
methods.
The third element consists of the medical establishments.
Dealing with pharmacists, dentists or genera) practitioners is
relatively simple. Hospitals, however, ore not only physically
complex, but administratively and structurally complicated, too.
Increasingly so. Yet, they also ploy the most important port in 0
health service.
Other features include notional insurance systems (which
control the financial, managerial and administrative sides of the
service), the private insurance companies responsible for
reimbursing those costs not covered by the state and (perhaps,
the most powerful, but not often taken into account) the
governmental agencies, ministries and quangos that set the
rules and create operational parameters for the service.
Modern health services need increasingly to be supported by
strong authentication methods to verify that everyone involved
in the supply or receipt of health core is who they soy they are.
Hello, I'm your doctor ....
Virtually 011 governments aim to provide the highest-possible
level of universal health core, with continuous development in
medicine and technology. However, to achieve this it is olso
necessary to hove competent management. And one aspect of
health management is to ensure that expensive treatment is
received only by those who ore entitled to it. This requires the
application of new forms of technology, with many approaches
being tried - from electronic prescriptions and patient records
to telemedicine, smart cards and digital signatures, and even
implanted radio-frequency identification (RFID) chips,
supported, of course, by readers, terminals and other hardware.
The expectation that treatment will be reasonably-priced (or
free), as well as safe and efficient is a difficult aim to meet in
countries, such as Germany, where the administration and
management are cumbersome and bureaucratic. However, the
cost of providing good health services, in a challenging
economic environment, is rising everywhere as people require
more (and increasingly expensive) treatment during longer life-
spans. It is the rising cost of treatment, plus variations in its
quality between countries, that has led to an upsurge in identity
'theft'. This is becoming an important issue: unqualified people
posing as practitioners or foreigners claiming entitlement to free
services are just two examples.
While the British health services are built on the principle of
providing comprehensive care based on clinical need, not
ability to pay (but with hospital charges for non-residents), press
reports suggest that, in England, 'health tourists' currently owe
£40m. for treatment (with one London hospital group reportedly
owed over £8m.): much of this is written off, while other debts
are left unrecorded. A BBC television progromme revealed a
black market serving foreign patients keen to buy their way on
to doctors' lists. Concern about entitlement to treatment is on
the increase, especially in countries where costs are high and
where insuronce companies devise ever-stricter techniques to
cut reimbursements.
This is a particular problem in the US, with ,its fragmented (and,
in some States, old-fashioned) system. That is despite the
existence of the strictly-enforced Federal Privacy and Security
Rules under the HIPAA (Health Insurance Portability and
Accountability Act) specifying administrative, physical, and
=---J _ www q l o b o l s rn c r r om I ID CREDENTIALS 75
1010110101 1
1101101
110) 1 01 q L_~-..cl£:>o,e:.....--'
Erika MU5terma~~23456789106415300 :-_--,.,.. vers1<he""'9"'----""'.--
technical safeguards to ensure the confidentiality, availability
and integrity of electronic health information.
Medical information differs from other forms of personal data
in that, once it has been compromised or has fallen into the
wrong hands, that loss cannot be reversed. It is easy to see that
such fraud con hove devastating effects - the consequences con
be fatal or, in lesser cases, victims may be affected for the rest
of their lives. A patient whose medical record is replaced by
someone else's could be put in danger if they receive the wrong
treatment or ore given inappropriate drugs. In addition, they
may suffer financial loss if they, or their insuronce company, is
billed for another person's treatment. Damaging reputational,
financial and legal consequences con also follow for hospitals
or doctors if patients ore wrongly treated. Medical records
(especially electronic ones) contain highly-sensitive personal
information and require the highest levels of accuracy and
integrity - supported by the strongest authentication. That
implies strict access controls. Electronic tronsactions depend on
on individual's proof of identity and right of access to data,
whether in person or remotely. To protect electronic healthcare
systems, it is necessary both to verify the identity of anyone
requesting access to sensitive medical data and to determine
that person's access rights. We must know with certainty to
whom we ore entrusting our private information.
" Transaction records, including those forstaff, patients, prescriptions, finance andaccess, form another area that is crucial forthe security of health services. Their existencealso implies the need for the creation ofeffective security layers similar to thoseneeded for bank cards and near-fieldcommunication (NFC). "
... or your new patient!
One US doctor, Sean Scorvo, who writes 0 regular blog,
suggests that 0 significant proportion of the patients seen by
casualty departments use fraudulent or stolen identities. He
claims that, while some ore there to receive unauthorised health
care, others try to obtain drugs either using another person's
'identity' or a mode-up one, with the result that individual
hospitals ore losing between $750,000 and $3m. annually. This
is supported by figures from official US bodies suggesting that
3% of 011 health core spending is lost to fraud each year, with 0Harris Interactive poll estimating that nine million adult
Americans, or four per-cent of the population, believe they or
o family member hove lost confidential personal medical
information or suffered from information theft.
For Scorvo, the most intractable problem relates to drug-
seeking: patients have used the addresses of, for example, local
grocers' shops (showing receipts os evidence) with the truth
being discovered only after shop-keepers complained about
76 ID c RED ENT I A L S I w w w 9 ') b 0 S m 0 ri, "
unexpected bills! Further examples include people who are well-
known to hospital staff, yet claim never to hove been treated
before (and use hitherto unknown names and addresses) or
others who, having 'stolen' friends' personal details, do things
like adding blood to their urine in order to demand treatment
for kidney stones.
The electronic backbone
The technology must guarontee confidentiality for patients and
staff, os well os ensuring that records cannot be altered or
repudiated so as to maintain their integrity. Health services are,
by their nature, complex and each user group (patients, service
suppliers, professionals and administrators) requires a different
level of identification and authentication.
Tronsaction records, including those for staff, patients,
prescriptions, finance and access, form another area that is
crucial for the security of health services. Their existence also
implies the need for the creation of effective security layers
similar to those needed for bank cards and near-field
communication (NFC). Countries with sophisticated large-scale
electronic record systems (such as France, Germany and
Taiwan) have taken different approaches to security as well as
the necessary software and terminals. It is useful to compare
some of the strategies used. Here are three large-scale
examples of developments in Europe that are based on secure
transactions technology, focused on the management of
financial flows:
Electronic health services in practice
France is considered to have Europe's highest-quality health
service and the most sophisticated smart-card technology
(deployed in health care since the early nineties). SESAM-Vitale
is 0 service aiming eventually to become poperless. Around
300,000 professionals participate in it, with the insurance side
handling 1,000m. refund claims annually.
At the its heart of the system are two cards: patients receive the
Carte Vitale 2, a second-generation chip card containing health
and insurance data for the holder and his or her dependents. It
includes enhanced security features, such as a new operating
system, cryptographic capabilities and enhanced memory.
Eventually the card will hold health and insurance data, as well
as prescriptions, with administrators and health professionals,
including pharmacists, having readers. Vitale 2 is key to the new
Personal Health File ("dossier medical personnolise"] and
numerous potential applications ore also linked to its IAS
(Identification, Authentication, Signature) features.
For health service staff, there is a Carte de Professionnel de
Sonte (CPS): a contactless code-protected electronic identity
card, with strong authentication, containing the holder's
personal details (including electronic signature), profession and
specialism as well as his or her workplace details. It provides
for the transmission af treatment forms to insurance providers,
the creation, revision and consultation of patients' records, has
telemedicine features and gives secure access to messaging
services.
Germany, too, has recently intraduced a second-generation
electranic health cord with secure authentication: the
Elektranische Gesundheitskarte. This replaces the five-year card
in use since the early nineties and is tied to insurance
companies. As well as a photo, it carries basic personal details.
With the patient's consent, additional information can be
stored, such os emergency data and medicines, allergies or
drug intolerance. In the future, the card will facilitate the
exchange of information. Its chief benefits include the prevention
of unnecessary medical examinations and the online updating
of administrative data.
Following a crisis in the health service and a change of federal
government in the autumn of 2009, the whole of the German
e-health infrastructure, including the e-cord project, was
reappraised with 0 stronger emphasis on security and
confidentiality. As 0 result, specific responsibilities were given to
individual organisations, such os insurance companies, with key
elements now being the anline verification of patients' insurance
status, and ensuring that insurance information is up-to-date -
this includes the data set of the European Health Insurance
Card (EHIC). Planned additional features include on
emergency-care data-set for patients as well os facilities for
direct communication between doctors (electronic discharge
information). Plans for electronic prescriptions have been
delayed by the health ministry until it is satisfied by the level of
data-protection. Plans for the development of telemedicine
services have also been announced. In 2010, the Federal
Ministry of Health launched an "e-heolth-initiotive", uniting key
players in the healthcare system: doctors, insurers, the
Fraunhofer Gesellschaft (Europe's largest application-orientated
research organisation) and other relevant bodies.
Estonia is 0 small EU member state (population 1.3m.). It is
one of the most wired and high-tech societies, where electronic
services (branded E-Estonia) ore the norm (mobile phone
payments for parking have been commonplace for many years,
digital administrative services are considered standard, voting
is done over the web, legal documents can be signed using
mobile phones and over 95% of the population is claimed to
use internet banking); Skype was invented by Estonian
developers. At the base is 0 compulsory digital ID cord (the
primary document for the purposes of personal identification),
containing two certificates: one authenticates identity, the other
renders a digital signature.
Estonia uses a medical information system allowing residents to
view their own medical histories. The digital prescription service
was introduced in 2010, replacing the need for patients to carry
paper documents (which were easily lost and might contain
illegible doctors' handwriting!) to the pharmacy. All prescriptions
are sent to a central database from which the pharmacist
downloads the details.
The system contains information on diagnoses, doctor's visits,
tests, hospital treatments and discharge letters, prescriptions,
and much more. It is compulsory for medical professionals to
add information to the database; authentication is confirmed
using the ID card. The service is accessible only to licensed
professionals, while patients (who con access all their medical
data, such as discharge letters, ambulatory care summaries and
test results as well os on-line booking services, through a
hospital information portal called I-patient) have the right to
block access to their data. Patients can also state their
preferences and intentions or view logs to see who is accessing
their files. They do not, however, have the right to opt-out of
having their data added to the central information bank. All
attempts to view health care data ore also monitored by the E-
health foundation which takes instant action if unlawful access
to the data is suspected.
A single digital health community?
In each of the cases mentioned, the complexity of electronic
health services is recognised as new applications are
developed: terminals and readers provide an essential security
layer to meet the needs of each function, ensure seamless
integration within work flows and guarantee security and
confidentiality for both professionals and patients.
Several EU projects are contributing to the development of 0
secure cross-border health system - for example, SSEDIC
(Scoping the Single European Digital Identity Community - a
thematic network for the Digital Agenda for Europe), STORK
2.0 (Secure Identity Across Borders Linked 2.0 - aimed at
creating a single European electronic identification and
authentication area while promoting the uptake of electronic
identity management) and the ClP-ICT PSP (the ICT Policy
Support Programme for the Competitiveness and Innovation
framework Programme) which is intended to ensure the
interoperability of electronic health systems both across and
within Member States in order to de-fragment the market.
Yet, many questions remain unanswered. For example, what is
the role of biometrics in health care identity verification - will
patients and staff accept its use? We have learnt recently that
in English hospitals many staff are unwilling to go through
identity checks on foreign-born patients before treating them.
This leads to questions of human rights: is it discriminatory to
charge 0 'health tourist' for services that would be provided free
to 0 resident? And does such discrimination encouroge fraud?
Assuming, of course, that we 011 hove personal identities!
For further information email: [email protected]
w w w gob 0 I s m 0 r t C 0 m I I 0 C RED ENT I A L s 77