“A novel application of PKI smartcards to anonymise Health Identifiers”
Stephen Wilson, 2005.
Default thinking about Electronic Health Records (EHRs) and Unique Health Identifiers (UHIDs) has settled on a national numbering scheme, despite the fact that patient privacy can be seriously jeopardised if identifiers ever become linked to individuals’ names. A range of generic risk mitigation strategies is envisaged, including strict provider access controls, conservative patient consent provisions, and limiting the amount of personal details recorded for each patient event. Yet none of these measures do anything to control the underlying linkages of identifiers and names, and so a serious gap persists in EHR strategy and architecture. This paper presents a new way to fundamentally anonymise UHIDs through a novel use of public key certificates and smartcards. The design presented here secretes each UHID within an anonymous digital certificate, and links one or more certificates to a smartcard. If an EHR entry is digitally signed via such a certificate, then that entry is directly linked to the UHID, but cannot be linked to the individual’s name without having access to the smartcard and the private key it contains. Unique benefits of this approach include strengthened consumer consent controls, efficient off-line identity resolution, reduced reliance on centralised, mission-critical identity servers, seamless support for multiple EHRs, and compatibility with a range of smartcard choices available to consumers in the near future.AusCERT2005 Novel PKC for Anon Id (1 2 1)