Security experts say answers to the identity verification questions are so widely known it would allow a person to set up an e-health record for someone else by telephone if they wanted to access that individual's health details, such as medication or medical procedures.
"My advice is not to join until the security issues have been resolved," said Graham Ingram, general manager of AUSCERT, Australia's emergency response team for computer security incidents.
Emma Hossack, chief executive of Extensia, which operates a private e-health record system, recommended a 100-point check that would require a combination of a passport, birth certificate, driver's licence and other identifying documents before an e-health record was established by a doctor for an unfamiliar patient.
When The Australian registered over the phone for an e-health record yesterday, identification was checked by asking for a Medicare card number, the client's middle name, the middle name of their children and their birth dates, and the name and birth date of the client's husband.
The questions were not secure enough, Ms Hossack said, and could easily be answered by friends or acquaintances.
Opposition primary healthcare spokesman Andrew Southcott said a Medicare card was worth only 25 points in the 100 points required to open a bank account in Australia and an e-health record deserved better security. "It does seem to leave open the possibility of identity theft and leave the whole e-health system open to identity fraud," he said.
---
Autor(en)/Author(s): Sue Dunlevy
Quelle/Source: The Australian National Affairs, 03.07.2012
Bitte besuchen Sie/Please visit:
