The UK data loss disaster has again illustrated that building large systems entails risks including employees not following procedures. However, the larger the system the bigger the repercussions if something goes wrong.
a) national database containing each insured person’s electronic patient records and/or
b) national ID-card system that makes registration compulsory (cards being issued to UK residents in 2009)
So read on, our checklist with pros and cons is not to be ignored:
|electronic IDs – checklist for minimizing the risk for data security breaches a la UK|
|more code = more complexity = more vulnerabilities = more risks => more damages => less trust|
|#||argument for large database to manage ID and health cards||counterpoint|
|1||very large sensitive databases, with huge numbers of users (insiders!), will require very sophisticated security models||any such large system is likely to suffer more from sociotechnical design problems rather tan technical weaknesses|
|2||in the case of the National Health System in England, the decision to aggregate administrative and medical data on all 50 million citizens was argued as having clinical benefits (e.g. if someone with a medical condition suffers an accident far from home – info can be retrieved fast wherever the patient and doctor might be located)||to make such a complex system less risk prone to data security breaches, an highly complex RBAC (Role-Based Access Control) and “sealed envelopes” scheme must be implemented – the larger the system the more difficult it becomes to address the RBAC issue satisfactorilyMedical experts question if there are any medical benefits|
|3||giving access to electronic patient records to medical professionals across the country (if not Europe!) will help improve services and reduce administrative costs||that all medical staff has access to one’s medical record in the local hospital (not nationwide – forget about Europe) seems less frightening and prone to data security breaches, than a nationwide system that is used by thousands of staff to get access to very private and sensitive information of millions of people.|
|4||keeping such data in one hospital but separate from those of others makes it unefficient and cumbersome to get access to information
||smaller systems require far simpler security models – these are less vulnerable to security and programming bugs that could inadvertently expose confidential information to non-authorized parties|
|5||inter-hospital or public agency information exchange is easier to manage on one system||each hospital first gets and adjusts to an incremental type of bottom-up systemthat suits its needs and priorities (albeit built with standards for future inter-hopsital messaging in mind) — only after this has been achieved is any attempt made to provide secure, constrained inter-hospital information exchange|
|6||UK government claims national ID system will be self-financing||government itself has undermined its case by revising up the cost to £5.4bn – others have put the cost of the ID cards’ introduction at up to £19.2bn (meaning passport combined with ID-card will cost £300).|
|7||UK government has claimed that ID-cards will help combat ID theft||opportunity handed to fraudsters with the loss of the Revenue discs demolishes that argument – citizens should not trust Whitehall to manage such sensitive data again|
|it is better to prevent problems from arising than to have to solve them|
Point 1 in the above table is disputed by accident and emergency specialists including physicians. Moreover, point 2 in the Table may be supported by some stakeholders because it allows the imposing of a national level administrative monitoring and control, as well as top-down imposition of a particular IT centralist – one size fits all – strategy.How realistic a one size fits all strategy is, however, remains to be seen. Gordon Brown has told the UK voters that the national identity card scheme would make people feel safer.Unfortunately, the catastrophic loss of the 25 mio child benefit records has made people uneasy about handing yet more data to the government. As the table above illustrates, there are grave problems with introducing even a well-managed ID card system. Moreover, the complexity will make it vulnerable to various risks we have little if any experience in handling properly. HM Revenue and customs did not have a proper critical incident response procedure in place for the discs that got lost. In fact it took more than 30 days until the public was finally reported.
Moreover, as the skyrocketing cost estimates suggest that issueing ID cards will also drain taxpayers’ money and yet leave no-one sleeping better at night.
From the continent one might comment that since Mr Brown has displayed relish in tearing up some of Tony Blair’s pet schemes, he should add ID cards to the scrapheap – the sooner the better.
The above problem is not limited to the UK but have to be addressed by all EU Member States. We will tell you why soon ….
GET MORE REASONS for why we should neither use electronic ID cards nor biometric passports – using the NHS Connecting for Health’s National Programme for IT (NPfIT), and in particular its Care Records Service as point of departure