Credit cards, medical records, and solving the wrong problem
One of the problems of working in tech is it can get annoying when you see lots of money being spent solving the wrong problems, or implementing completely ineffective solutions.
Take credit cards and RFID, for example. There’s a big push in the US to include RFID in every card. I’ve had a card with RFID for just over a year now. The benefit to me? Theoretically, I can hold the card against the card reader, instead of having to swipe it through the slot.
And I say “theoretically”, because in the half dozen times I’ve tried it at local stores that have the equipment, it has only worked once. In every other case, I’ve had to fall back to swiping the card through the slot instead.
This is dismal. Why the hell are companies like American Express spending millions of dollars on this RFID crap that doesn’t even work, when magnetic stripes are far more reliable and get the same job done?
If they wanted to spend money on an actual problem, they could implement two-factor authentication like PayPal are doing and wipe out fraud. I’ve seen credit cards with displays built in, it’s quite possible.
Instead, they started checking expiry dates. Then when all the merchants started recording the expiry dates in their databases and the criminals got lists of card numbers with expiry dates, they added 3 or 4 more digits to the the card and called it a Card Verification Number. Now vendors are recording those, and in another year or two the criminals will be passing around card number lists with expiry date and CVN, and we’ll be back to square one.
Another great case of solving the wrong problem was in the news today. Google is going to spend money allowing people to put all their medical records on the Internet. This is in response to an earlier announcement from Microsoft of a similar HealthVault service.
C|net says it’s a “laudable goal”. No, it’s not, it’s a stupid idea. Let’s go through some of the reasons why it’s stupid.
Firstly, as soon as you centralize your health records in this way, you have a single big target for criminals to attack. Right now, if some hospital screws up and exposes a bunch of medical records, the chances of my being affected are very remote; it’ll only be the few thousand people who used that hospital who are in trouble. If everyone’s medical records are stored on Microsoft’s servers and they screw up, tens of millions of people could be affected.
Secondly, you have a single point of failure. Microsoft’s service goes down, and suddenly nobody can check in to the ER. Yeah, great idea.
Thirdly, if you’re running a hospital, you don’t want to have your computers that are used for medical records connected to the Internet, for reasons that should be blindingly obvious to everyone. So in practice, hospitals will need extra Internet-connected computers to obtain the health records from these services, and they’ll then end up printing them out on paper like before. Either that, or they’ll take the risk and put their medical records processing systems on the Internet. So, ‘no benefit’ or ‘reduced security’, you choose.
Fourthly, a centralized record of all health information makes selective disclosure difficult or impossible. Right now, if I go to the drugstore, they have the medication I’m taking in a list and can flag possible drug interactions. That’s it, but that’s all they need. In the glorious future, they ask for my central database ID, and the guy at the counter can browse the results of my STD tests, see if I had therapy for alcoholism, and so on.
Now, it’s possible that Google are going to make an effort to allow compartmentalization of the information, with need-to-know disclosure. They’re smarter than Microsoft, they might have worked out why it’s a good idea. But it’s a hard thing to do. When I go to a drugstore for the first time, how is it going to be handled? Will I have had to log on to Google at home first and list the information that I want to allow the drugstore access to? Or will they have a web browser in the store so I can do that? (If not, what if I forgot something important?) If they have an in-store system that I log in to to allow them access to my info, how am I going to know I can trust it not to record my keystrokes?
This selective disclosure requirement is why a single national ID card for all government services is a bad idea. It’s why combining all the cards in your wallet into one universal card is a bad idea. And if we look at your wallet, we can see the obvious alternative: put the medical records on a card.
With the “medical records on a card” approach, there’s no central point of failure. There’s no way for criminals to get fifty million people’s medical records at once. There’s no need for hospital computers to be connected to the Internet. And selective disclosure can be done simply by having more than one card–a pharmacy card with my prescription drug list, perhaps a mental health card, and a full medical history card for my doctor. In fact, that’s pretty much what I already have, since several US pharmacies issue regular customers with pharmacy cards so they can check for drug interactions. All we really need to do is standardize the cards, put data chips on them to increase capacity, and get card readers in the hospitals.
Oh, sure, I can lose my card. I can also disclose my Google login, though, and I’m betting average mouth-breathers are far more likely to choose bad passwords or write them down or tell them to phishers than they are to lose a credit card.
But no, we’ll spend money on the dumb solution instead, perhaps because it’s really all about control. Solving the problem sensibly wouldn’t give any company control over fifty million people’s medical records, and that’s what this is really about.
Update: Via Slashdot, a WSJ story on the perils of a single centralized healthcare database : a woman’s insurer gets access to her mental health records because they’re stored in the same place as her regular healthcare information, and decide she’s probably malingering and deny her claim.