Will Law Enforcement’s Inability to Combat Identity Theft Render the NHIN Moot?

<ed.note>I don’t know if you’ve had opportunity to see the "TO CATCH AN ID THIEF" episode of Dateline but it makes the case that the credit card networks are completely broken in terms of their ability to prevent ID theft. IRQ chat rooms exchange cracked and stolen data at a truly astounding rate – multiple country false charges to accounts to their limits in much less than five minutes. If you monitor the comments from the blog entry you’ll see that virtually no one is getting any effective cooperation from local police or FBI for prosecutions. Sandra Kay Miller, in Invasion of the Identity Snatchers, adds some other factors to the topic.

The commentors from the Dateline blog also make the point that using the Luhn formula ( available everywhere in the public domain ) it is relatively easy to guess legitimate credit card numbers under the current regime — a reality cited as a cause of ID theft in addition to, or comingled with, the theft of data.</ed.note>

One Comment

  1. An interesting question but maybe not even the “right” question.
    Identity theft is certainly a problem. But it is only a problem where there is the “probablity” of financial gain.
    The NHIN has far more problems than identity theft. Data format standardization is of course the huge one.
    I have been (for several years) proposing that we NOT move away from the current workflow where a patient record (EHR) exists in one place. This system works much better than “guessing” if a person is a particular patient.
    For example. If I say that Dr. Jones is the custodian of my EHR and she can be reached via email (using GPG pulic key) at dr.jones@herclinic.com or by uploading a file to https://www.herclinic.com and you should send all of my cardiac care notes to her for inclusion in my primary record. Now we have a functional, workable system that is reliable.
    This whole idea of federated health records is simply silly in a mobile population. Put people in charge of their records instead of having strangers guess if that is the correct patient. Sure the technology is cool. But just because we “might” be able to do something doesn’t mean we “should”.
    The notion of data format compatibility / interoperability is entirely another issue. It can be solved by two level modeling (see the background documents at http://www.openehr.org).

Comments are closed.