“The purpose of the Healthcare Identifiers Bill 2010 (‘the Bill’) is to implement a national system for consistently identifying consumers and healthcare providers and to set out clear purposes for which healthcare identifiers can be used. ”
later it states
“Using an individual healthcare identifier will provide a way for healthcare providers to more accurately match the right records to the person they are treating and improve accuracy when communicating information with other healthcare providers.”
The Bill assumes that the individual healthcare identifier is a number.
The Health Care Identifier Bill details how an identifier number will be used and the restrictions and use of the ID number. The introduction of a Health ID number is seen as a necessary precondition to the development of a comprehensive ehealth information system.
An alternative healthcare identifier
Modern computing and communications technologies do NOT require an identifier number to “consistently identify consumers and healthcare providers”. An alternative is an electronic health identifier for both consumers and providers. The electronic health identifier is an electronic record of information about a person that uniquely identifies them. In Australia there already exists, in electronic form, many records about each person. An electronic health identifier provides links to this information and it is the combination of links that provides the uniqueness that enables the person to be identified – without the need for yet another identifier number. An outline of an existing implementation of an electronic identifier is given later in this submission. Electronic identifiers, as described in this document, have been in use in Australia for two years and are starting to gain acceptance in the financial sector as the preferred way for organisations to identify people so that organisations comply with Anti Money Laundering and Counter Terrorism Financing legislation. Demonstrations of the use and utility of electronic identifiers can be provided.
A health care identifier NUMBER is a VERY expensive approach to matching records across databases because it requires all existing and future health care record systems to include space for a health care identifier number. This means all existing health care record systems have to be changed. It requires this legislation and the ongoing compliance costs to ensure that the id number is not misused.
An electronic health identifier requires NO CHANGE to the structure of existing health record systems because it links to, not changes, existing records. Because there is no new identifier number there are NO ADDITIONAL compliance costs IF the electronic health identifier is controlled by the individual being identified.
Because of the need to change existing systems the introduction of an identifier number based system will be slow. An identifier number used across many databases gives rise to privacy issues because the health care id number will enable the matching of health care records without the knowledge or approval of the person involved.
By contrast, an electronic health identifier, is inexpensive to implement because construction can be directed by the individual themselves. It keeps silos of information separate and hence there is no increase in compliance costs.
An electronic health identifier can be implemented immediately, the matching of records can commence tomorrow and there is no need for legislation to enable this to happen. The cost of introducing an electronic health identifier will be many times cheaper than the cost of a introducing a health care identifier number. An electronic health identifier is extendible in ways that will give greater utility for less cost to the Health industry. The concept is easily transferrable to other Australian and State government identification projects with resulting savings.
For these reasons it is recommended that a health care identifier NUMBER be abandoned and replaced with an electronic healthcare identifier.
If it is isn’t abandoned then it is recommended that an electronic health identifier, as outlined below, be established in parallel with the introduction of a health care identifier number. The Bill, as it stands, will impede the introduction of an electronic health identifier because it will hinder electronic access by individuals to their own health care records.
If the Bill is not abandoned it should include the right of an individual to electronically access any factual personal information held electronically about them by any registered health care provider. Individuals already have this right as part of privacy principle 6 but for administrative reasons it will be necessary to explicitly mention the right to electronic access. If it is not explicitly included, the bureaucracy is unlikely to facilitate electronic access by an individual to their own data. This is currently the case with many government departments and agencies. The Bill, as it stands, will put yet another barrier in the way of individuals accessing their own data electronically.
The electronic health identifier technology can be used by other departments such as Education who could implement an electronic education identifier instead of student id number, the Passport Office who could use an electronic passport identifier as a way of introducing electronic passports, Social Security as a way of solving their identification problems with which they are currently wrestling, Taxation with a taxation electronic identifier to simplify the collection of financial dealings and remove the need for organisations like banks to store the taxation id number, and help the Defence force introduce a more secure identification system for its members. Electronic identifiers will reduce the cost of identification systems many times over current plans which are mainly based around the idea of using NUMBERS to identify people ACROSS databases.
An electronic identifier
An electronic identifier is a computer record of links to other records about a person held in other databases. The links in an electronic identifier are often existing identification numbers. No personal information about a person need be held in the electronic identifier. The electronic identifier record is controlled by a computer program. This computer program is part of the electronic identifier and makes it smart. Access to this computer program and to the links to other databases is RESTRICTED to the individual concerned and to anyone the individual authorises.
The links in an electronic identifier are created by an individual asserting that other organisations hold information about them then proving the links through the use of “secrets”. Secrets are extra pieces of information held by an organisation about a person that other people are unlikely to know. Examples could be the balance of a bank account on a particular day, or the last date and country where the person’s passport was used, or the full set of benefits a person is currently receiving from Social Security, or the serial number of the weapon issued to a Defence employee.
An electronic identifier can ask other individuals if they agree that they know the person represented by the electronic identifier. This agreement might be the identification of a photograph or via some other information passed between individuals – such as a verbal request using a non electronic channel.
The more links to organisations and other individuals an electronic identifier establishes the more confidence there is that the electronic identifier represents a particular individual. As electronic identifiers will be used in day to day transactions the confidence in an electronic identifier will grow. This contrasts to the use of an id number. The more an id number is used the more likely it is to be stolen and compromised.
Access to the electronic identifier is achieved through some form of biometric, secret or physical device that is under the control of the individual. Common forms of access are passwords, pins, access to telephones, access to emails, possession of smart cards, voice prints, photographs and fingerprints. The level of security of access can be established by multiplying the different access methods used by the individual. Using two access methods is called two factor authentication which is rapidly becoming standard in banking. However, it becomes easy to implement multi-factor authentication with the assistance of a smart electronic identifier. Using a telephone, analysing the voice characteristics and the semantics of what is being spoken can be handled by an electronic identifier, and give three factor identification without entering any codes or passwords. This will help prevent identity theft.
Identity theft happens incrementally and is typically done with an id number. A person steals credit card information and is able to become the person who owns the credit card. This is difficult to do with an electronic identifier because the electronic identifier program has knowledge about the person that the thief is unlikely to know. It knows how they speak, their approximate physical location, and ways they typically transact. The electronic identifier program can alert the person if their pattern of behaviour changes in significant ways. A common example in today’s world is the use of a credit card in several different countries at nearly the same time. This prompts most credit card companies to alert the individual who owns the card.
Much of the functionality envisaged in ehealth can be embedded inside electronic identifiers. For example, because the electronic health identifier can get access to information held about the individual across several databases, it can check for drug incompatibilities at the point of prescription rather than the point of dispensation. This approach to implementation is less expensive than traditional methods and is easily scalable and adaptable. This will result in even more savings for the ehealth initiative. Another example is the payment for ehealth services and the checking for benefits. At the point of delivery bills can be paid, rebates given, taxation records updated, and benefits all checked. This ability to communicate across many different areas instantly is the easiest way to reduce administrative costs.
It is difficult to estimate the level of savings that can be obtained with an electronic identifier instead of id number but electronic identifiers will mean the implementation of ehealth will be a small percentage of the cost of implementing using a Health ID number. The subsequent benefits arising from ehealth are likely to be increased rather than decreased.
An overview of the idea, and planned developments, of an existing electronic identifier can be viewed on YouTube