[LINK] Roxon revives smartcard plan

[Stephen Wilson]

Tom Worthington wrote:
> [If] there is no system of standardised e-heath records, then there is 
> no point in having a smart card to access them. 
Au contraire Tom.

Long before we have standardised e-health records, we could see benefits 
from the right sort of smartcard as follows:

- a card could hold a number of IDs/keys to enable indexing of different 
records
- different keys for different records means that the record systems 
need not be standardised all the same way at the same time
- putting different keys in the hands (literally) of the patient gives 
them beter control over what information is held about them in different 
places, and how different systems might be linked, if at all
- for instance, in a clinical trial, the anonymous key for a 
participating patient could be safeguarded in a smartcard, which they 
present to the investigator at follow up visit
- we should be using something like a smartcard to access Personal 
Health Records (PHR) over the Internet.

In a different vein, smartcards can also help with mutual authentication 
of websites.  Most e-health records policy now supports patients' right 
to access their records, typically online, yet access by standard 
password-secured means leaves people vulnerable to health site spoofing, 
pharming etc.  This is one example of where technology neutrality in 
policy forumulation may be harmful.  Health records schemes should I 
think be joined to superior security infrastructure, like properly 
privacy-architected smartcards, so that users are better protected. 

Cheers,

Stephen Wilson
Lockstep Consulting
www.lockstep.com.au