Rapid responses are electronic comments to the editor. They enable our users
to debate issues raised in articles published on bmj.com. A rapid response
is first posted online. If you need the URL (web address) of an individual
response, simply click on the response headline and copy the URL from the
browser window. A proportion of responses will, after editing, be published
online and in the print journal as letters, which are indexed in PubMed.
Rapid responses are not indexed in PubMed and they are not journal articles.
The BMJ reserves the right to remove responses which are being
wilfully misrepresented as published articles or when it is brought to our
attention that a response spreads misinformation.
From March 2022, the word limit for rapid responses will be 600 words not
including references and author details. We will no longer post responses
that exceed this limit.
The word limit for letters selected from posted responses remains 300 words.
This card seems to be close to the approach advocated by Mr. Frank Dobson,
the Health Secretary.
As an IT professional, I think that it is important for medical
practitioners, and for those who organize healthcare, to realize that:
The smart card as described falls well short of the requirements of
both patients and physicians.
This leaflet
explains briefly a simpler, cheaper, and better solution - a solution
which is open to interfacing with all suppliers of IT equipement and
solutions.
Adding a chip to the card may enhance security, but it ensures that
the card is useless in a real emergency.
The proposed system is fully functional even if a hospital, or
surgery, does not have a working smart card reader.
Adding a chip to the card ensures that the card is useless when it is
lost - the proposed concept may be used fully even when the card is
lost.
Who exactly would like to copy someone else's card? It can be worth
doing so in only very special circumstances. In any event, modern
high-security cards can be made just as difficult to falsify and the
owner's picture may be downloaded to confirm identity.
The procedure for handling situations where the card is unavailable ("break
in") is a far more likely way to illegally gain access to data than
hacking - I call this the human factor.
The idea that "patients should be encouraged to regularly back
up their cards" is preposterous - many patients are elderly or
incapacitated or don't know anything about computers. Since the proposed
card only stores data on distant computers, where it is professionally
protected and backed up, this problem does not arise.
In the article, I found no fewer than 4 references to the advantage
of having the computer "set up" of the user on the card. This
clearly is irrelevant to all patients or to a doctor who uses his own PC
or an installation that has IT standards (i.e. all large organizations).
With several healthcare workers possibly sharing the same PC, it is
essential that there should be no ambiguity regarding what programs are
installed and what each function-key denotes. There should be far more
patient-cards than health-professional cards in circulation, in any
event.
The idea of having different views of the data depending on the
status of the person accessing the data is easily implemented with the
proposed system. The simplest way of achieving this would be by having
different Internet Address (i.e. URL) for each type of access. There are
other ways of doing it that work as well.
Multipurpose cards may sound desirable until the implications are
understood. The loss of one card could prevent the owner not only from
getting proper health care, but from getting cash or crossing frontiers.
I don't think that I am the only person who keeps credit cards in more
than one pocket when I travel - with good reason.
Smart cards, where the chip is there to store data not just to
improve security, have not proved especially successful. The recent
failure of smart cards as cash-cards in Manhattan is a case-in-point.
This happened despite the cooperation of all the main credit-card
companies and the localized nature of the trial. I point out here that
you don't need a smart card reader to do your shopping over the
Internet. Similarly, smart cards are not needed to transfer the colossal
sums of foreign exchange that are traded each day internationally.
Smart cards have been powerfully aided by the active intervention of
the French State at all levels (national, European and international).
The examples quoted by Mr. Neame illustrate this. The reasons for this
support are based on the history of the technology.
Smart cards as used in Germany by over 70 million people for
accessing the health service are merely of administrative convenience
and offer clinicians and patients few, if any, advantages.
Smart cards are most useful when there is no dependable
telephone system - in the France of 30 years ago. They are least useful in
societies, such as the USA, where telephones are dependable and are
essentially free. The cost of using the Internet is falling dramatically
in the UK. Shortly, Internet-ready mobile telephony will lower the costs
even further - all devices will be permanently interconnected. It is
essential to look to the future when planning such a strategic application
for the NHS.
The essential ingredient of all these diverse applications is the
possibility to store remotely, anonymously and with almost complete
security, vast amounts of data - e.g. laboratory diagnostic data,
radiography, ECG, ultrasound imaging, MRI and morphologic slides. Handled
correctly, this data does not even need to be encrypted to maintain
confidentiality.
Smart cards can be improved on
This card seems to be close to the approach advocated by Mr. Frank Dobson,
the Health Secretary.
As an IT professional, I think that it is important for medical
practitioners, and for those who organize healthcare, to realize that:
both patients and physicians.
explains briefly a simpler, cheaper, and better solution - a solution
which is open to interfacing with all suppliers of IT equipement and
solutions.
the card is useless in a real emergency.
surgery, does not have a working smart card reader.
lost - the proposed concept may be used fully even when the card is
lost.
doing so in only very special circumstances. In any event, modern
high-security cards can be made just as difficult to falsify and the
owner's picture may be downloaded to confirm identity.
in") is a far more likely way to illegally gain access to data than
hacking - I call this the human factor.
up their cards" is preposterous - many patients are elderly or
incapacitated or don't know anything about computers. Since the proposed
card only stores data on distant computers, where it is professionally
protected and backed up, this problem does not arise.
of having the computer "set up" of the user on the card. This
clearly is irrelevant to all patients or to a doctor who uses his own PC
or an installation that has IT standards (i.e. all large organizations).
With several healthcare workers possibly sharing the same PC, it is
essential that there should be no ambiguity regarding what programs are
installed and what each function-key denotes. There should be far more
patient-cards than health-professional cards in circulation, in any
event.
status of the person accessing the data is easily implemented with the
proposed system. The simplest way of achieving this would be by having
different Internet Address (i.e. URL) for each type of access. There are
other ways of doing it that work as well.
understood. The loss of one card could prevent the owner not only from
getting proper health care, but from getting cash or crossing frontiers.
I don't think that I am the only person who keeps credit cards in more
than one pocket when I travel - with good reason.
improve security, have not proved especially successful. The recent
failure of smart cards as cash-cards in Manhattan is a case-in-point.
This happened despite the cooperation of all the main credit-card
companies and the localized nature of the trial. I point out here that
you don't need a smart card reader to do your shopping over the
Internet. Similarly, smart cards are not needed to transfer the colossal
sums of foreign exchange that are traded each day internationally.
the French State at all levels (national, European and international).
The examples quoted by Mr. Neame illustrate this. The reasons for this
support are based on the history of the technology.
accessing the health service are merely of administrative convenience
and offer clinicians and patients few, if any, advantages.
Smart cards are most useful when there is no dependable
telephone system - in the France of 30 years ago. They are least useful in
societies, such as the USA, where telephones are dependable and are
essentially free. The cost of using the Internet is falling dramatically
in the UK. Shortly, Internet-ready mobile telephony will lower the costs
even further - all devices will be permanently interconnected. It is
essential to look to the future when planning such a strategic application
for the NHS.
The essential ingredient of all these diverse applications is the
possibility to store remotely, anonymously and with almost complete
security, vast amounts of data - e.g. laboratory diagnostic data,
radiography, ECG, ultrasound imaging, MRI and morphologic slides. Handled
correctly, this data does not even need to be encrypted to maintain
confidentiality.
Telephone: (01483) 455348
Mobile: 077757 41211
Email: bibo@ndirect.co.uk
Competing interests:
The card, as described above, falls within the remit of my US
Patent
5,108,131.
Competing interests: EDITOR,