Those who have been following the development of the Health Identifier (HI) Service by Medicare / NEHTA will be aware that a key document is that one describing the Concept of Operations for the HI Service.
The document is found here for those who do not have access to it.
A key part of the document describes the process by which one obtains a person’s IHI.
In the Use Cases provided the individual turns up to a health care provider (with or without a Medicare Card (A Trusted Data Source Identifier) and when the details are entered, and an exact match is found, the IHI is returned for incorporation in the patient record.
If no match is found – or multiple matches are found – the address is used to get an exact match and all the entered information and the IHI is provided by the HI service in return.
What this means – among other more useful attributes – is that we will now have 600,000 healthcare providers who now all have a way to confirm a name, DOB and sex and address for accuracy. Either an IHI will be retuned – details are correct and current – or an error will be returned and an unverified IHI process follows.
The issue is that this is the biggest and hopefully most reliable name, DOB and Address data base in the country that can now be used by all sorts of people for all sorts of reasons to confirm current details – some valid and some possibly considerably less so!
Better still it also offers a batch update capability so all sorts of options can be checked for validity!
The Australian Electoral Commission has a similar system but you can disappear easily from it by moving or never registering to vote – and of course children are not covered by the AEC – and you have to search one at a time.
It seems to me the sheer number of people who can access this environment make it virtually certain there will be abuse and it will be very hard to detect such abuse as those who do it can just claim typing inaccuracy.
It seems to me making sure such a facility is not abused and that no harm will flow is another very good reason to conduct a range of scaled pilots of a live and working system.
If there are clever, and possibly other, ways to abuse the HI Service we need to find out sooner rather than later. There is really only one way to do this and that is live progressively scaled testing.