There has been a lot of discussion in the Senate Inquiry and elsewhere regarding the protections offered by the use of audit trails within the Health Identifier Service. These are meant to be in place to ensure that if unwarranted access to the service is made it will be detected and that the individual will be able to find out who has been accessing their record.
Fundamental to the HI Service having audit trails that are of any value all users of the service need to have their identity authenticated.
To meet this need NEHTA say they have NASH.
That is the National Authentication Service for Health.
This gives the basics – From June 2008.
“NASH & the Authentication Vision
The vision for authentication in the Australian health sector is that provider authentication should use a strong credential (smartcard with PKI certificate) issued by a NASH-accredited organisation. All e-health transactions and records that need to be electronically signed will use standard credentials.
The goal is to issue NASH credentials to all healthcare professionals over the next five years.
NEHTA‘s vision for NASH is:
• A healthcare community and professional smartcard system that supports and facilitates the use of e-health information, for example unique healthcare identifiers and the individual electronic health record (IEHR), within the whole Australian community.
• Coordination of smartcards and reader supply arrangements for health professionals and employees.
• Provision of support for the smartcard implementation and operation to jurisdictions, software vendors and end users.
• Design and delivery of support arrangements that meet the needs of jurisdictions and software vendors.
• Provision of a trusted authentication service that addresses the data protection and privacy requirements of stakeholders and regulators.”
Source: NEHTA Brochure on eHealth ID – Dated 6/6/2008
Note that this is a vision for 600,000+ smartcards etc
I have written about this in detail here:
We have also been alerted to the fact that NASH is running very late and looks like failing here:
Indeed it seems the only robust authentication to be in place anytime soon is the Medicare HESA System.
You can read about this here:
While both Location and Individual Certificates do exist the use of the Individual ones is very low as there is essentially no reason to do so.
In parallel we have these observations about the way clinical staff behave.
The Scottish Parliament has recognised a "a culture amongst some NHS staff of sharing IT usernames and passwords", according to a report in The Scotsman.
"Health professionals and the Scottish Government, giving evidence to the committee, pointed to greater levels of security and traceability of access to electronic portal systems compared to traditional paper records. But they also acknowledged "a culture amongst some NHS staff of sharing IT usernames and passwords".
It's not an encouraging comment at a time when the national roll-out of NHS Connecting for Health's NPfIT Summary Care Records in England is gathering pace.
This is from the report published this month by the Scottish Parliament's Health and Sport Committee:
"Both health professionals and Scottish Government officials pointed to the greater levels of security and traceability of access that an electronic portal system provides over a traditional paper record.
"There was recognition however, of a culture amongst some NHS staff of sharing IT usernames and password.
"This was especially true amongst junior doctors in busy hospitals where it had arisen as a matter of convenience as a result of busy medical staff needing quick and almost continuous access to hospital IT system.
"The issue of locum or temporary staff gaining access to hospital IT systems for short periods of time was also a problem that had given rise to this culture."
More on all this is found here:
In response to the article on this blog "a culture among some NHS staff of smartcard sharing" GP Gavin Jamie writes:
"I am sure it is no surprise to many that it is often the IT systems that implicitly encourage password sharing. If two people use a computer then the switch process is more like logging out and logging back in again in Windows than the instant switch you see behind a bar or with point of sale systems.
"Procedures too often encourage this system. As a junior doctor it was routinely a week before I ever received my pass around the hospital and so for the first few days, when nobody knew my face, I would bang on the door and be let into sensitive locations. I am sure systems have not changed.
"24 hour cover for lost passwords/cards and instant issuing of credentials is expensive and difficult but unless there are no situations where sharing a password is acceptable then a culture of acceptance will develop."
More with links here:
So where are we?
The answer is that both technically and culturally we do not have in place the protections needed to assure an audit trail worth the name exists, or will exist in the foreseeable future, for the HI Service.
We have been told a range of porkies I believe, and when people notice how they have been misled I suspect we will notch down the trust level in e-Health yet further.