Regular readers of mine will know I’m not the greatest fan of the consent model used in the Cheshire Shared record and I presume by other similar initiatives elsewhere. Ticking a popup box, that the patient agrees is hardly, to my mind secure. There is no guarantee the patient is there, or that they understand or that they agree to having their records accessed. I’m not a great believer in security systems that rely on catching the horse after its bolted or relying on the integrity of the users. The whole point is that there are unscrupulous people out there and it should be hard for them to break the rules.
Now when I pop into my local building merchants and buy something on my account, I have to tell them my account name and postcode and I sign on a USB signing thing which records my signature and is replicated on my invoices. A USB thingy might be difficult to do – its hardware – a cost – it would need distributing and installing all costs. The idea that it asks some info that the person asking for permission doesn’t know might be a good one. Problem is what would it ask? To select the patient in the first place you would probably need the user to know the DOB and postcode, to pick the right John Smith from the long list and what info would every patient be guaranteed to know on top of that – that the computer system would know but not a neighbour or person trying to access their record fraudulently.
In the local Coop the other day I just paid by ApplePay. I’d preloaded my credit card details and this transferred my info to the EPOS machine. OK I guess it used NFC and the average NHS computer isn’t going to have that, but you could imagine given we are now meant to have Wifi or 3/4G everywhere – the computer asking for consent displays a unique code – perhaps a QR code. You scan that into your smartphone and through the magic of the internet, it replies to a server in the cloud or perhaps just gives an authentication code to be typed into the computer. A challenge/response type scenario.
The patient would have to authenticate with fingerprint or face. It could transfer over an email address or SMS number and perhaps check with the spine if these are valid and then email or SMS’s could be sent to these to confirm/audit the transaction as a backup.
OK does it prove they are who they say they are? Well, it proves someone was there at the time and place, the system could send them a patient info leaflet about the scheme or procedure as I’m thinking this could be used for minor ops and surgical procedures, not just Cheshire records. It could come close to prooving, if for example it sent over the credit card details or somehow used that as part of the verification process (one way unique hash springs to mind), not for paying but as another proof of ID and it send perhaps my apple ID or similar (sorry Android users I’m sure there is an equivalent system its just I know the Apple ecosystem)
The NHS computer is being given multiple forms of proof that it becomes increasingly difficult for someone to fake. Perhaps when I’m sent the appointment I’m sent a one time code to scan/use. We SMS all our patients reminding them about their appointments. Perhaps that could include a unique code similar to a boarding pass that is part of the validation process?
All of this is software so in theory no capital or distribution costs – it relies on some QR codes on screen or typing in some numbers to an app – I may be under/over thinking it but I really think given whats out there now it shouldn’t be hard to electronically almost prove who I am or come close or at least make it really hard for people to pretend to be me.
I wonder if we need a HACK day working some of this up? Would Apple or Google host?