el

Credent- als
secure identity solutions

Personal identity in the health sector

by Ralph Adam, freelance editor, communications & IT

"I'm just a waste of time and I can't tell what I'm good for" (From: I Think, Therefore I Am by A Moment's Worth, 2007).

Can I be you?
What is personal identity? That is 0 question which has puzzled philosophers and social psychologists for centuries, ever since

What is a health service?

In discussing security in health services, we need to consider the needs of 011 the different examine their features. user-groups within the system and

Rene Descartes coined his famous tag Cogito ergo sum ("I think, therefore lam"): does the fact that I exist, in itself, prove that I existence, os opposed to

con think and hove 0 permanent 'something'

The key element of 0 health service is, of course, the patient. Patients expect on ultra-high quality service to be provided transactions at to

having different thoughts os moments change?

little or no cost (and prefer their own financial Consideration of what is meant by 'identity' services: we talk glibly is important for the be handled invisibly); they anticipate treatment

in clean, wellstaff

supply of personal

of issues such os

run surgeries, clinics and hospitals by highly-prafessianal

'identity theft' without analysing what they mean. For example, is it really possible for my 'identity' fact, talking about 'impersonation'? to be stolen? Or ore we, in If I go on 0 phishing trip

who never make mistakes. They also expect perfectly-organised record-keeping.

and land your credit cord details in order to enjoy 0 shopping spree - does that make you 0 victim of identity theft, or do you become someone who has hod their cord details copied illicitly?

The second element is the staff - family and hospital doctors, medical opticians, midwives, specialists, associated professionals, such os dentists, therapists, os nurses,

pharmacists information

and radiographers, professionals, receptionists

(such and

librarians), secretaries),

There

ore

many

occasions

when

we

impersonate

others

administrators

(including

legitimately

or otherwise. For actors,

Perhaps, pretending

to be someone on

domestic staff: the list is long. Yet, 011must contribute to ensuring o clean, important Confidential professionals; efficient and secure environment. Privacy is very service. range of

else for fun.

it is port of the job: spending

evening os Henry V or Elvis Presley does not make them guilty of stealing wearing the King's identity! Similarly, if I enter 0 hospital
0 word

os is the need to provide information medical must travel records

on error-free between
0

0 white

coat and insist on doing

round

(os

ore particularly

sensitive and

someone did recently) or if I come from 0 poor country claiming to be 0 local resident to obtain high-quality medical treatment

everyone involved must be authenticated increasingly cryptography methods. achieved through the

at every stage. This is use of public key

(possibly, using 0 stolen health card) does that make me on identity thief? Or on impersonator?

(PKI) with digital signatures and secure payment

When we refer to medical gaining access to medical

'identity theft' we ore talking about services, money or goods through personal information, or social security such

The third Dealing relatively

element

consists

of the medical dentists or genera)

establishments. practitioners is

with pharmacists, simple. Hospitals,

the unauthorised os their name,

use of someone's health insurance

however, ore not only physically and structurally complicated, too.

number,

complex, but administratively Increasingly

without their knowledge

or permission.

so.

Yet, they also ploy the most important

port in 0

health service.

74

ID

c RED

ENT

I A LS

w w w

9 lob

I s n'

r I

(0

Other

features

include

notional

insurance

systems (which sides of the for

control the financial, service), the private

managerial insurance

and administrative companies

responsible

reimbursing the most

those costs not covered by the state and (perhaps, powerful, but not often ministries taken into account) the

governmental

agencies,

and quangos

that set the

rules and create operational

parameters for the service.

Modern

health services need increasingly

to be supported

by

strong authentication

methods to verify that everyone involved

in the supply or receipt of health core is who they soy they are.

Hello, I'm your doctor ....

Virtually

011

governments

aim to provide

the highest-possible development in

level of universal health core, with continuous medicine and technology.

However, to achieve this it is olso management. And one aspect of is

necessary to hove competent health management

is to ensure that expensive treatment

received only by those who ore entitled to it. This requires the application of new forms of technology, with many approaches prescriptions and patient records

being tried - from electronic to telemedicine, implanted

smart cards and digital signatures, and even identification (RFID) chips,

radio-frequency

supported, of course, by readers, terminals and other hardware.

The expectation

that treatment

will be reasonably-priced

(or

free), as well as safe and efficient is a difficult aim to meet in countries, such as Germany, are cumbersome good where the administration and bureaucratic. services, and

management cost of economic

However, the

providing

health

in a challenging

environment,

is rising everywhere as people require

more (and increasingly expensive) treatment during longer lifespans. It is the rising cost of treatment, plus variations in its

quality between countries, that has led to an upsurge in identity 'theft'. This is becoming an important issue: unqualified people

posing as practitioners or foreigners claiming entitlement to free services are just two examples.

While the British health services are built on the principle providing comprehensive care based on clinical

of

need, not press

ability to pay (but with hospital charges for non-residents),

reports suggest that, in England, 'health tourists' currently owe 40m. for treatment (with one London hospital group reportedly owed over 8m.): are left unrecorded. much of this is written off, while other debts A BBC television progromme revealed a

black market serving foreign

101 01101 01 1 1101 101

patients keen to buy their way on to treatment is on

to doctors'

lists. Concern

about entitlement

the increase, especially

in countries where costs are high and devise ever-stricter techniques to

where insuronce companies cut reimbursements.

110 ) 1 01 q L_~-..cl:>o,e:.....--'

This is a particular

problem in the US, with ,its fragmented system. That is despite

(and, the

Erika MU5terma~~23456789

in some

States, old-fashioned)

106415300

:-_--

existence of the strictly-enforced Rules under Accountability the HIPAA (Health

Federal Privacy and Security Insurance Portability physical, and and

,.,..

"'----""'.--

vers1<he""'9

Act) specifying

administrative,

=---J

www

q l o b o l s rn c r r

om

ID

CREDENTIALS

75

technical

safeguards

to ensure the confidentiality, health information.

availability

unexpected bills! Further examples include people who are wellknown to hospital before staff, yet claim never to hove been treated unknown names and addresses) or personal details, do things treatment

and integrity of electronic

(and use hitherto

Medical

information

differs from other forms of personal data or has fallen into the

others who, having 'stolen' friends' like adding

in that, once it has been compromised

blood to their urine in order to demand

wrong hands, that loss cannot be reversed. It is easy to see that such fraud con hove devastating effects - the consequences con

for kidney stones.

be fatal or, in lesser cases, victims may be affected for the rest of their lives. A patient whose medical record is replaced by

The electronic backbone

The technology must guarontee confidentiality cannot for patients and be altered or

someone else's could be put in danger if they receive the wrong treatment or ore given inappropriate drugs. In addition, they is

may suffer financial

loss if they, or their insuronce company, Damaging reputational,

staff, os well os ensuring repudiated

that records

billed for another person's treatment. financial and legal consequences if patients electronic

so as to maintain their integrity. Health services are,

con also follow for hospitals treated. Medical records personal and That

by their nature, complex and each user group (patients, service suppliers, professionals level of identification and administrators) requires a different

or doctors (especially information integrity

ore wrongly ones) contain

highly-sensitive

and authentication.

and require

the highest

levels of accuracy authentication.

- supported

by the strongest

Tronsaction prescriptions, crucial implies similar

records, finance

including

those

for

staff,

patients,

implies strict access controls. Electronic tronsactions depend on on individual's proof of identity and right of access to data, healthcare of anyone

and access, form another

area that is

for the security of health services. Their existence also the need for the creation to those needed for of effective cards security layers and near-field large-scale and

whether in person or remotely. To protect electronic systems, it is necessary requesting both to verify medical the identity

bank

access to sensitive access rights.

data and to determine with certainty to

communication electronic

(NFC). Countries with sophisticated systems (such as France,

that person's

We must know

record

Germany

whom we ore entrusting our private information.

Taiwan) have taken different the necessary software some of the strategies

approaches

to security as well as

and terminals. used. Here

It is useful to compare are three large-scale

" Transaction records, including those for staff, patients, prescriptions, finance and access, form another area that is crucial for the security of health services. Their existence also implies the need for the creation of effective security layers similar to those needed for bank cards " and near-field communication (NFC).

examples of developments transactions financial technology,

in Europe that are based on secure focused on the management of

flows:

Electronic health services in practice France is

service (deployed considered to have Europe's highest-quality smart-card health

and

the most sophisticated

technology

in health care since the early nineties). SESAM-Vitale eventually to become poperless. Around

is 0 service aiming

... or your new patient!

One US doctor, Sean Scorvo, who writes
0 regular

300,000 handling blog,

professionals 1,000m.

participate

in it, with the insurance side

refund claims annually.

suggests that 0 significant casualty departments

proportion

of the patients seen by or stolen identities. He

At the its heart of the system are two cards: patients receive the Carte Vitale 2, a second-generation chip card containing health It

use fraudulent

claims that, while some ore there to receive unauthorised care, others try to obtain 'identity' or a mode-up drugs either using another

health

and insurance data for the holder and his or her dependents. includes enhanced system, security features, such as a new operating capabilities and enhanced

person's

one, with the result that individual and $3m. annually. This that

cryptographic

memory.

hospitals ore losing between $750,000 is supported 3% of Harris by figures from official

Eventually the card will hold health and insurance data, as well as prescriptions, with administrators and health professionals,

US bodies suggesting

011

health core spending is lost to fraud each year, with poll estimating that nine million

including pharmacists, Personal numerous Health

having readers. Vitale 2 is key to the new medical personnolise"] and

Interactive

adult

File ("dossier applications

Americans, o family information

or four per-cent of the population, member hove lost confidential

believe they or medical

potential

ore also linked

to its IAS

personal theft.

(Identification,

Authentication,

Signature) features.

or suffered from information

For health service staff, there is a Carte de Professionnel For Scorvo, the most intractable problem relates to drugSonte (CPS): a contactless card, with strong code-protected electronic the

de

identity holder's

seeking: patients have used the addresses of, for example, local grocers' shops (showing receipts os evidence) with the truth about

authentication,

containing

personal details (including electronic signature), profession and specialism as well as his or her workplace details. It provides

being discovered

only after shop-keepers

complained

76

ID

c RED

ENT

IA LS

w w w

') b 0

S m 0 ri,

"

for the transmission af treatment forms to insurance providers, the creation, revision and consultation telemedicine services. of patients' records, has

The system contains information tests, hospital treatments

on diagnoses, doctor's visits, letters, prescriptions,

and discharge

features and gives secure access to messaging

and much more. add information

It is compulsory to the database;

for medical professionals to authentication is confirmed

using the ID card. The service is accessible

only to licensed

Germany,
electranic

too, has recently intraduced health cord with secure

a second-generation authentication: the

professionals,

while patients (who con access all their medical

data, such as discharge letters, ambulatory care summaries and test results as well os on-line hospital block information booking services, through a

Elektranische Gesundheitskarte.
in use since the early

This replaces the five-year card and is tied to insurance

nineties

portal called data.

I-patient)

have the right to state their

companies. As well as a photo, it carries basic personal details. With the patient's consent, additional information can be or the

access to their

Patients can also

preferences and intentions or view logs to see who is accessing their files. They do not, however, have the right to opt-out of having their data added to the central information bank. All by the E-

stored, such os emergency drug intolerance.

data and medicines, the card

allergies

In the future,

will facilitate

exchange of information.

Its chief benefits include the prevention and the online updating

attempts to view health care data ore also monitored health foundation

of unnecessary medical examinations of administrative data.

which takes instant action if unlawful access

to the data is suspected.

Following a crisis in the health service and a change of federal government e-health in the autumn of 2009, including stronger the whole of the German the e-cord on project, security was and In each of the cases mentioned, health services is recognised the complexity as new of electronic are

A single digital health community?

infrastructure, with
0

reappraised confidentiality.

emphasis

As 0 result, specific responsibilities

were given to

applications

individual organisations,

such os insurance companies, with key

developed:

terminals and readers provide an essential security ensure seamless security and

elements now being the anline verification of patients' insurance status, and ensuring that insurance information this includes the data set of the European Card (EHIC). Planned data-set additional is up-to-date -

layer to meet the needs of each function, integration confidentiality within work flows and

guarantee

Health

Insurance on for

for both professionals and patients.

features

include

emergency-care

for patients as well os facilities (electronic

Several EU projects are contributing secure cross-border health

to the development for example,

of 0

direct communication information).

between doctors electronic

discharge have been

system Digital

SSEDIC - a

Plans for

prescriptions

(Scoping the Single European thematic 2.0

Identity Community

delayed by the health ministry until it is satisfied by the level of data-protection. Plans for the development of telemedicine the Federal uniting key insurers, the

network for the Digital Agenda for Europe), STORK at

(Secure Identity Across Borders Linked 2.0 - aimed a single European electronic identification

services have also been announced.

In 2010,

creating

and

Ministry of Health launched an "e-heolth-initiotive", players in the healthcare system: doctors,

authentication identity Support

area while promoting

the uptake of electronic

management) Programme

and the ClP-ICT PSP (the ICT Policy for the Competitiveness which is intended and Innovation to ensure the

Fraunhofer Gesellschaft (Europe's largest application-orientated research organisation) and other relevant bodies.

framework

Programme)

interoperability

of electronic

health systems both across and the market.

Estonia is

0 small EU member

state (population

1.3m.). It is

within Member States in order to de-fragment

one of the most wired and high-tech societies, where electronic services (branded E-Estonia) ore the norm (mobile phone Yet, many questions remain unanswered. the role of biometrics For example, what is - will

payments for parking have been commonplace digital administrative services are considered

for many years, standard, voting

in health care identity verification

patients and staff accept its use? We have learnt recently that in English hospitals many staff are unwilling to go through

is done over the web, legal documents

can be signed using is claimed to by Estonian

mobile phones and over 95% of the population use internet developers. banking); Skype was invented digital

identity checks on foreign-born

patients before treating them. to

This leads to questions of human rights: is it discriminatory

At the base is 0 compulsory

ID cord (the

charge 0 'health tourist' for services that would be provided free to 0 resident? And does such discrimination Assuming, of course, that we encouroge fraud?

primary document

for the purposes of personal identification), identity, the other

containing two certificates: one authenticates renders a digital signature.

011

hove personal identities!

Estonia uses a medical information

system allowing

residents to

view their own medical histories. The digital prescription service was introduced in 2010, replacing the need for patients to carry paper documents (which were easily lost and might contain to the pharmacy. All prescriptions from which the pharmacist For further information email: sd324@hotmail.co.uk

illegible doctors' handwriting!) are sent to a central downloads the details.

database

w w w

gob

0 I s m 0 r t

C0 m

I 0

C RED

ENT

IA L

77