19 August 2017
Dean Procter

Dean Procter

Dean Procter - Transinteract

330Posts 1,048,579Views 471Comments
Whatever...

Whatever...

A place to share stuff that isn't at all fintec related but is amusing, absurd or scary.

Extortion: Up To 50 million People's Data Breached

07 November 2008  |  2623 views  |  3

The New York Times reports that the FBI is investigating an extortion threat involving the personal and medical information of up to 50 million people. The actual extent of the breach is unknown however the extortionist has provided sample data including names, DOB, social security numbers and prescription information.

The target of the letter threatening to expose the records of millions of people is Express Scripts, a medical benefits management company which holds the records of an estimated 50 million people.

The cat is out of the bag there folks.

It's time for a new strategy to provide privacy and security with medical services. Practical identity procedures could reduce the incidences or error, script-shopping, perscription drug abuse and last but not least patient privacy breaches.

One thing it could definitely do is streamline legitimate access to your medical records and reduce any unnecessary exposure of your personal data when seeking treatment or obtaining your prescrition drugs.

Medical insurance fraud would be reduced, a more privacy compliant and real-time view could be taken of disease accross the entire population enabling more efficient targeting of health resources, reducing costs and on the whole, improving patient outcomes.

It's not like anyone doesn't think there's a problem, it's time to think about the solution.

Did you take your mobile with you last time you went to the doctor's?

 

Comments: (6)

Stephen Wilson
Stephen Wilson - Lockstep Group - Sydney | 07 November, 2008, 18:52

Dean asked rhetorically: Did you take your mobile with you last time you went to the doctor's?"

Err, no I didn't actually.  It's frowned upon to have the phone turned on in the GP's clinic.  And of course they're banned altogether in hospitals.

And another thing -- my cell phone battery is rubbish. So, what if it were to die just when the doctor were to try and access my health records with it? 

No thanks!

Stephen Wilson, Lockstep.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Dean Procter
Dean Procter - Transinteract - Sydney | 07 November, 2008, 22:53

 

Hi Stephen,

While I don't think a system where the doctor used your phone to access your health records would work, perhaps one where you used your phone as you enetered reception, to ID yourself and give the doctor permission to access your records? Of course there is a backup plan for the technologically challenged just like there is a backup for people who run out of petrol driving their car (ie. call the road service - although if you let your mobile battery go flat and run out of petrol...)

It is generally better for the doctor to review your medical history before you enter his examination room so identifying yourself at reception is a good idea. Although I haven't been in a hospital lately where mobiles are not allowed, and I have only just recently been visiting a friend in (your local) hospital (in fact), I found no restrictions in place regarding the mobile.

Having surveyed doctors on the process we could only find doctors keen to adopt the system. Of course as soon as you have ID you have integrated billing, and that makes the doctors' job easier and leaves them more time for doctoring. The reduction in the potential of litigation with better access and control of medical records and less opportunity for health insurance fraud excited doctors almost as much as the potential for better patient outcomes. Cost reductions held some attraction too.

 As in many of our day to day interactions, there are often many stakeholders in what might appear a simple process.

Medical treatment is particularly challenging. The list of stakeholders in your visit to your doctor's surgery can include:

You

Receptionist

Doctor

Consultant Specialist

Health Insurance Provider(s)

Veterans Affair's

Government

Medical Records Management Provider

Your bank or credit card provider

Pharmacist...

You probably see the main problem now. With so many stakeholders, each requiring some level of knowledge of your interaction, going to the doctor is a little more complicated than you think. Each of the stakeholders have their own issues and litigation is an ever present risk.

However most doctors have patient care as their primary concern and that is the way it should be, so we should be looking at ways to make it easier for doctors, and all stakeholders, to provide patients with the best, lowest cost, and most efficient business processes in their provision of health care.

Health care is a significant issue for governments, draining tax dollars at an astonishing rate and in order to provide adequate services we must look to bring the doctor's business processes into the 21st century, and then it is possible we might all get the excellent health care, medical technology promises and, we all deserve.

Mobilising health care also opens up some great ongoing options for improving post-healthcare outcomes, monitoring patients and doing things as simple as reminding the elderly to take their pills.

Perhaps we could also offer a service to remind those who let their batteries go flat that the device occasionally needs recharging, after all, it is the 21st century - anything is possible.

 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Stephen Wilson
Stephen Wilson - Lockstep Group - Sydney | 10 November, 2008, 04:16

Dean suggested vaguely:

While I don't think a system where the doctor used your phone to access your health records would work, perhaps one where you used your phone as you enetered reception, to ID yourself and give the doctor permission to access your records?

What do you actually imagine doing here?  To whom am I am identifying myself?  Which doctor, and for which of my records?  If I am booked in to see a doctor, then they already have permission to read my records; if it's an emergency then permission is moot and other consent protocols kick in.  So, do you have any real workflows in mind?  Electronic health records and consent management are not trifling problems.

Of course there is a backup plan for the technologically challenged ...

That's nice, but it would be good to know exactly what the up-front plan is, before turning to the promise of a backup plan.

It is generally better for the doctor to review your medical history before you enter his examination room so identifying yourself at reception is a good idea.

They do this now, taking my name from the appointment system. There is no crying need for ID on the way through the door of reception.

Of course as soon as you have ID you have integrated billing, and that makes the doctors' job easier and leaves them more time for doctoring.

If only it were that simple.

 

Cheers,

Stephen Wilson, Lockstep.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Dean Procter
Dean Procter - Transinteract - Sydney | 10 November, 2008, 05:39

 

Stephen you ask some interesting questions, I'll leave out the exact details of how I propose to for now. We'll keep it general.

To whom am I am identifying myself?  Which doctor, and for which of my records? 

You are identifying yourself to all the stakeholders. In one process. It's more efficient.

If I am booked in to see a doctor, then they already have permission to read my records;

*Your records or one of the other million Stephen Wilsons? I am perhaps more lucky in that I have fewer namesakes. Occasionally we have to see a doctor in our travels overseas and that really complicates the issue.

if it's an emergency then permission is moot and other consent protocols kick in. 

They still might want to make sure it is you they are treating with penicillin and not the Stephen Wilson who is allergic to penicillin.

So, do you have any real workflows in mind? 

I certainly do.

Electronic health records and consent management are not trifling problems.

Which is of course why I have given it considerable thought after discussions with experts and our own board adviser who was a pioneer in US health care management.

Of course there is a backup plan for the technologically challenged ...it would be good to know exactly what the up-front plan is, before turning to the promise of a backup plan.

I assume you mean the technical details? It's on a need to know basis for the moment. Suffice to say it is easy enough for even the most technologically challenged and it provides benefits to everyone without absolutley everyone doing it.

Imagine if 95% of the Stephen Wilsons authenticate, then if you don't you must be one of the others. This might reduce medical and funding errors by 95% for instance. That equals better care for even the technologically challenged 5% of Stephen Wilsons, they won't be mistaken for you.

It is generally better for the doctor to review your medical history before you enter his examination room so identifying yourself at reception is a good idea.

Stephen suggests: They do this now, taking my name from the appointment system. There is no crying need for ID on the way through the door of reception.

See *. Not all stakeholders are at reception, or in the doctor's office.

There are other issues with record storage, back-up and sharing which just give doctors headaches, my prescrition doesn't require pharmaceuticals to cure that headache.

In the case where your doctor wants to use the power of networks to get a second opinion from a specialist located elsewhere for instance, the transmission and sharing of medical information presents another cause for headache, and I'd like to fix that too.

Of course as soon as you have ID you have integrated billing, and that makes the doctors' job easier and leaves them more time for doctoring.

Stephen suggests: If only it were that simple.

It's a start and at the right place - on the ground. Fix the foundations and build better health care business processes from the ground up. At present the foundations of health care are on very shaky ground and it's a very wobbly structure.

Every dollar you save in the business processes means another dollar you can spend on the treatment. I'm estimating there are billions of those dollars.

I never said it was simple, I merely say there is a way to make it much simpler, safer and cost-effective.

Regards, as always I appreciate constructive inquiry.

 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 12 November, 2008, 15:56

Is the problem not about the security of the data access rather than confirming individuals' identities when they go to the doctor? (I appreciate the validity of making sure it's the Stephen Wilson who is not allergic to pennicillin, but that is a health and safety, not a security issue.)

As long as people can access a database of information, then that information is subject to theft. Encryption and security levels can minimize unauthorized access, but how is it possible to prevent authorized access being used in unauthorized ways?

 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Dean Procter
Dean Procter - Transinteract - Sydney | 13 November, 2008, 22:08

As long as people can access a database.. if access is restricted to 'authorised' users, and for authorised use the problem is minimised.

For a start, the doctor's receptionist probably doesn't need to know the intricacies of your health problems. The pharmacist might, perhaps without knowing your name? Unless of course a shout from behind the counter of 'Mr Smith your herpes medication is ready!' is your ideal of a visit to the pharmacy.

The doctor, even if he (or she) was the only one with access to your records, could of course share a detail over dinner with friends. I suspect most have too much to lose think it might be entertaining, a receptionist on the other hand...

I don't suggest our records be plonked up onto the internet for 'zed221' to peruse at will. There is even a way to do that safely, but it isn't the core of the issue.

ID is.

 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Latest posts from Dean

I've been on a sabbatical

13 March 2017  |  4200 views  |  0 comments | recomends Recommends 0 TagsMobile & onlineStart upsGroupWhere are they now?

Financials Named As Customers of Child Porn Planting Hacking Team

06 July 2015  |  2427 views  |  0 comments | recomends Recommends 0 TagsSecurityRisk & regulationGroupWhatever...

In case you wondered...

02 March 2015  |  1013 views  |  0 comments | recomends Recommends 0 TagsInnovationGroupWhatever...

Coal is a dirty business.

02 March 2015  |  1405 views  |  0 comments | recomends Recommends 0 TagsRisk & regulationGroupGoing green

It makes perfect sense of course, to have a Plan

03 October 2013  |  3172 views  |  0 comments | recomends Recommends 0 TagsMobile & onlinePaymentsGroupInnovation in Financial Services

Dean's profile

job title CEO
location Sydney
member since 2008
Summary profile See full profile »
Ubiquitous mobile phone based payments, ID, transaction authentication, mobile wallet and transport ticketing.

Dean's expertise

Member since 2008
329 posts471 comments

Who's commenting on Dean's posts