The state of healthcare is often compared with banking. For 20 years we've had Internet banking; for ten years mobile banking. Why can't we access our health records and prescriptions just as seamlessly using digital technology? It's a great question but as we embrace mobile and electronic health, let's not forget the basics.
If I go to an Australian general practitioner, I might like her to upload a copy of my medical event summary to the national My Health Record (MyHR). To make this happen, the practice needs to know my Individual Health Identifier (IHI), the national index number for MyHR. But I don't carry my IHI; it's an administrative number alloacted to all Australians, and is made available from a Dept of Health server. The way MyHR works is that I need to provide proof of identity to the GP's front desk so they can retrieve the IHI. They will typically need my full name with middle name, my Medicare card number, and date of birth, which are transmitted to an identity matching server in Canberra, which tries to find my IHI. Matching accuracy is a bone of contention with the government and reports vary, but some claim it's only around fifty percent. Sometimes it's possible to disambiguate multiple matches with additional data like postal code or residential address.
Suppose I visit a department store to buy a three thousand dollar TV set. I'll dip my credit card into the merchant terminal and enter my PIN. That unlocks the chip, which then mutually authenticates itself with the terminal, and subsequently digitally signs the trasaction details, to prove it's really me in possession of the account, and that the card is genuine. It all happens in a second. Secure, accurate, private, fast and universally familiar.
Heaven forbid retail payments was like healthcare. I wouldn't have a clue what my account number was, it wouldn't be written down anywhere, but instead the merchant would ask me for my full name, date of birth and so on, and would try to run these against a database to locate my account. The matching wouldn't always work so the clerk might ask me if I have other proof of ID. I'd probably find myself taking my passport with me whenever I go shopping. Every transaction would involve extraneous and invasive personal information. The system would be open to rampant fraud.
If we really want to bring ehealth up to contemporary digital UX standards, then let's start with identity and privacy. Let's put healthcare IDs and entitlements into chip cards and mobile phone secure elements, with the same technical care as we apply to payment card numbers. Let's empower patients to hold their IHI and Medicare details safely in personal cards and mobiles, so they can present them directly and privately, peer-to-peer at healthcare services.
Australian readers might notice that we are half way there already in this country, with the "HICAPS" point of sale system. Private health insurance details are presented by swiping one's membership card at the POS terminal at most private hospitals, dentists and allied health facilities, and rebates are applied automatically on the spot. Why aren't we reading the Medicare card in the same way, and presenting the IHI automatically, along with all the other human services IDs and entitlements?
My thanks to Dr Tony Sara, Medical Adviser in the South East Sydney Local Health District (NSW Health) for a deep conversation about health sector identification at the HIMSS Asia Pacific networking event, Aug 29, and to Sukhjit Singh, HIMSS Community Engagement Manager for making the introductions.