The Case for a Biometric Identifier on Health Care Records

Americans have long been concerned about privacy and have never supported a National Identity Card of any kind. But when it comes to electronic health records, we might have to give that a second thought. Right now Health and Human Services is taking comments on Conditions for Trusted Exchange (CTE) of Electronic Healthcare Care records within a Nationwide Health Information Network. They are trying to determine how to verify that your health care records are indeed Your Health Care records when they transfer information between parties.

The complexity of verifying personal identity without biometric authentication on a national level is mind-boggling. How many thousands of John Smiths and James Johnsons are there in this country? According to there are 45,354 people named John Smith in the United States and 35,933 people in the U.S. named James Johnson. What is the probability that hundreds of those individuals also share the same birthdate?

The HHS is recommending a goal of achieving a 99.9% match rate, but no matter how sophisticated the demographic matching algorithm might be, no CTE could be expected to achieve a specificity of 99.9% when dealing with the population of the whole country. Adding some sort of biometrics, whether it be iris scans, hand scans or finger prints, will add the needed level of identification that is mandatory in life and death situations.

If every person had a medical card, which carried electronic identification data, they could have access to their medical records wherever they went. They could give access to new medical practitioners while avoiding the need to fill out the packet of forms at each appointment.

Today thousands of individuals who work in private industry and government have such a card that allows them […]

Personal Hygiene and Data Quality

I read a blog post in LinkedIn recently comparing data quality to personal hygiene. The article stated that “If we are ill, then being clean and hygienic will not on its own make us better. We need medicine to do that. But being hygienic to start with may have prevented us from getting ill in the first place. And being hygienic will speed up the recovery process by preventing re-infection. Being hygienic keeps us fit and in tip-top condition.”

I want to take this analogy a step further. The company I work for, Partnet, is an expert in electronic marketplaces. In this environment, data quality is essential. Like personal hygiene, data quality represents your value and integrity as well as your health. It gives your customers a first impression. They make immediate judgments as to whether they want to do business with you based on the way your application and your data looks to them. How many people would go to a job interview with crumpled, stained clothing and disheveled hair. What kind of first impression would that give? Would you expect to get the job? Having poor data quality can give the same bad first impression.

With an eCommerce site, the customer has to have confidence in your ability to keep their financial information safe. Why should a customer trust a marketplace that does not offer accurate product descriptions, properly spelled words and good product images? If you can’t make sure your item descriptions are spelled correctly, why would they think you could keep their credit card information safe.

It is a poor reflection on both the individual vendor and the marketplace. It may cost money to get the haircut before the interview and to have […]

Sans AppSec Summit 2012: What you can learn from Partnet about AppSec

I’ll be representing Partnet at the SANS AppSec Summit at the end of this month.  We will participate on a panel called What you can learn from small businesses about AppSec.  I love working for a smaller company.  I think the flexibility, and the “buck stops here” mentality makes small businesses more effective than larger businesses.  But I think there is a misconception that small companies are not disciplined – that they have a “wild-west” like attitude.  That may be true generally, but not here.  Discipline and ownership of security are what I think is the “secret sauce” to a successful AppSec program.  We’ll talk about it at the SANS AppSec summit.  If you are attending, please come by and say hello.


By |May 2nd, 2012|Security|0 Comments|