The Secure Medical Data Challenge

  • Eric M Russell - Tuesday, February 28, 2017 7:03 AM

    In a world with 7 billion people, most of whom have (or soon will have) digitized records, we need some type of unique universal identifier, like a SSN. My only problem with SSN is that it can't be used universally. We simply can't rely on name + date of birth for bank transactions and such; that's so Mayberry 1962. The problem today is a lack of face-to-face transactions. When people open bank accounts, request large transfers, or request/submit documents from a the government, it should be done via a teleconferencing app like Skype. If someone doesn't have access to a device, then they can use a kiosk at the nearest post office or just go to the bank in person. Even if the account representative isn't personally familiar with the person making the request, a photo ID can be pulled up from the state database for use as reference, and if the requester turns out later to be a criminal, then the police have a convenient up close video/audio sample of the event for evidence.

    Sort of. But how practical maintaining photo ID for 7 billion spread over hundreds of national jurisdictions, with need for updates and authentication both initially and with each photo update ... Helpful but hardly a real solution.
    As has been noted, account numbers get stolen, information gets put in wrong, or updated wrong. People change in appearance (and there needs to be a way to update that) over the years, especially when they're sick and need medical care. Fingerprints might be a bit better but screw ups can and will happen.
    Frankly I'm doing less purchasing with electronics recently. SO much easier to walk into a store, plunk down cash and walk out (I've stopped using my debit card for most purchases as well). No worrying about if the transaction was charged correctly (if I got the right change, everything is ok). No need 'make an account' or 'choose a password' etc. which drives me crazy every time I want to order something online--even a one shot purchase.

    ...

    -- FORTRAN manual for Xerox Computers --

  • Gary Varga - Tuesday, February 28, 2017 7:52 AM

    Eric M Russell - Tuesday, February 28, 2017 7:03 AM

    In a world with 7 billion people, most of whom have (or soon will have) digitized records, we need some type of unique universal identifier, like a SSN...

    It just isn't practical. If solely in the US you lot couldn't manage to keeps SSNs unique do you think you'll do any better when the rest of us join in? Each of our countries probably have the same horror stories. Definitely here in the UK we have had the same, or at least similar, problems with our National Insurance numbers (a.k.a. NI Number or NIN).

    Eventually someone will invent an internet enabled table top DNA scanning device capable of generating a 12 alpha-numeric code which can then be used as a unique non-mutable identifier. A code generated using this method would not be dependent on regional coding standards, name changes, or any other user supplied information. You simply pass the scanner over a man's palm and it comes back with B7CEEC4C0EC4. Even he turns up dead with no personal belongings on the other side of the world, his identity could be immediately and positively identified.

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • Eric M Russell - Tuesday, February 28, 2017 8:42 AM

    Eventually someone will invent an internet enabled table top DNA scanning device capable of generating a 12 alpha-numeric code which can then be used as a unique non-mutable identifier. A code generated using this method would not be dependent on regional coding standards, name changes, or any other user supplied information. You simply pass the scanner over a man's palm and it comes back with B7CEEC4C0EC4. Even he turns up dead with no personal belongings on the other side of the world, his identity could be immediately and positively identified.

    The world comes full circle. Years ago some people believed that you could gain magical control over someone by a combination of witchcraft and a lock of hair. Here you only need a lock of hair to steal their identity....

    ...

    -- FORTRAN manual for Xerox Computers --

  • Eric M Russell - Tuesday, February 28, 2017 8:42 AM

    Gary Varga - Tuesday, February 28, 2017 7:52 AM

    Eric M Russell - Tuesday, February 28, 2017 7:03 AM

    In a world with 7 billion people, most of whom have (or soon will have) digitized records, we need some type of unique universal identifier, like a SSN...

    It just isn't practical. If solely in the US you lot couldn't manage to keeps SSNs unique do you think you'll do any better when the rest of us join in? Each of our countries probably have the same horror stories. Definitely here in the UK we have had the same, or at least similar, problems with our National Insurance numbers (a.k.a. NI Number or NIN).

    Eventually someone will invent an internet enabled table top DNA scanning device capable of generating a 12 alpha-numeric code which can then be used as a unique non-mutable identifier. A code generated using this method would not be dependent on regional coding standards, name changes, or any other user supplied information. You simply pass the scanner over a man's palm and it comes back with B7CEEC4C0EC4. Even he turns up dead with no personal belongings on the other side of the world, his identity could be immediately and positively identified.

    As someone who has a twin brother, I'm not so sure that a DNA scanning device will ever be able to distinguish between me and my brother.

    Drew

    J. Drew Allen
    Business Intelligence Analyst
    Philadelphia, PA

  • jay-h - Tuesday, February 28, 2017 8:47 AM

    Eric M Russell - Tuesday, February 28, 2017 8:42 AM

    Eventually someone will invent an internet enabled table top DNA scanning device capable of generating a 12 alpha-numeric code which can then be used as a unique non-mutable identifier. A code generated using this method would not be dependent on regional coding standards, name changes, or any other user supplied information. You simply pass the scanner over a man's palm and it comes back with B7CEEC4C0EC4. Even he turns up dead with no personal belongings on the other side of the world, his identity could be immediately and positively identified.

    The world comes full circle. Years ago some people believed that you could gain magical control over someone by a combination of witchcraft and a lock of hair. Here you only need a lock of hair to steal their identity....

    Well, that would actually be an improvement over what we have now. I have more control over my hair follicles than I do my name, SSN, and date of birth. The DNA sample can be taken from a person's perspiration or breath.

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • drew.allen - Tuesday, February 28, 2017 9:15 AM

    As someone who has a twin brother, I'm not so sure that a DNA scanning device will ever be able to distinguish between me and my brother.

    Drew

    This occurs already. I am aware of a paternity case (not my family, thankfully) involving this exact situation.

    ...

    -- FORTRAN manual for Xerox Computers --

  • drew.allen - Tuesday, February 28, 2017 9:15 AM

    Eric M Russell - Tuesday, February 28, 2017 8:42 AM

    Gary Varga - Tuesday, February 28, 2017 7:52 AM

    Eric M Russell - Tuesday, February 28, 2017 7:03 AM

    In a world with 7 billion people, most of whom have (or soon will have) digitized records, we need some type of unique universal identifier, like a SSN...

    It just isn't practical. If solely in the US you lot couldn't manage to keeps SSNs unique do you think you'll do any better when the rest of us join in? Each of our countries probably have the same horror stories. Definitely here in the UK we have had the same, or at least similar, problems with our National Insurance numbers (a.k.a. NI Number or NIN).

    Eventually someone will invent an internet enabled table top DNA scanning device capable of generating a 12 alpha-numeric code which can then be used as a unique non-mutable identifier. A code generated using this method would not be dependent on regional coding standards, name changes, or any other user supplied information. You simply pass the scanner over a man's palm and it comes back with B7CEEC4C0EC4. Even he turns up dead with no personal belongings on the other side of the world, his identity could be immediately and positively identified.

    As someone who has a twin brother, I'm not so sure that a DNA scanning device will ever be able to distinguish between me and my brother.

    Drew

    You and your brother share very similar DNA, but not identical. As it stands today, hospitals routinely co-mingle the medical records of same sex twins.

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • ZZartin - Monday, February 27, 2017 9:08 AM

    Eric M Russell - Monday, February 27, 2017 8:56 AM

    I've wondered for a long time why issues like like digital privacy and identity theft don't get talked about more often by politicians. It's something that 99% of the public care deeply and consistently about. But for whatever reason politicians even during an election season don't seem to want to go there; perhaps because certain segments of the corporate community actually profit from unregulated and friction-less digital transactions, even if it means increased incidences of fraud.

    People might care deeply about privacy and identity theft but most people outside of technology simply have no understanding of what the actual risks are enough to have any kind of meaningful discussion about it.

    I agree. People want their information protected, but we have no real idea what that means, nor how we provide protection or penalties.

  • Eric M Russell - Tuesday, February 28, 2017 8:42 AM

    Eventually someone will invent an internet enabled table top DNA scanning device capable of generating a 12 alpha-numeric code which can then be used as a unique non-mutable identifier. A code generated using this method would not be dependent on regional coding standards, name changes, or any other user supplied information. You simply pass the scanner over a man's palm and it comes back with B7CEEC4C0EC4. Even he turns up dead with no personal belongings on the other side of the world, his identity could be immediately and positively identified.

    Except you're still dealing with the other side of the data part. While you might be B7CEEC4C0EC4, that doesn't mean your information would be that number. We'd have plenty of issues where data quality failed and there might be records in different systems like this:
    System 1
    B7CEEC4C0EC4 - Eric Russell

    System 2
    B7CEEC4C0EC4 - Eric M. Russell

    System 3
    B7CEEC4C0EC4 - Steve Jones

    That would suck, and that's also the issue with many biometrics. What happens when the data mapping is compromised?

  • Steve Jones - SSC Editor - Tuesday, February 28, 2017 11:10 AM

    Eric M Russell - Tuesday, February 28, 2017 8:42 AM

    Eventually someone will invent an internet enabled table top DNA scanning device capable of generating a 12 alpha-numeric code which can then be used as a unique non-mutable identifier. A code generated using this method would not be dependent on regional coding standards, name changes, or any other user supplied information. You simply pass the scanner over a man's palm and it comes back with B7CEEC4C0EC4. Even he turns up dead with no personal belongings on the other side of the world, his identity could be immediately and positively identified.

    Except you're still dealing with the other side of the data part. While you might be B7CEEC4C0EC4, that doesn't mean your information would be that number. We'd have plenty of issues where data quality failed and there might be records in different systems like this:
    System 1
    B7CEEC4C0EC4 - Eric Russell

    System 2
    B7CEEC4C0EC4 - Eric M. Russell

    System 3
    B7CEEC4C0EC4 - Steve Jones

    That would suck, and that's also the issue with many biometrics. What happens when the data mapping is compromised?

    Interesting example happened to cartoonist Scott Adams. He would take his car

    into a shop for oil changes, the shop (more and more are doing this) would log the mileage and that would go to a data aggregator. That info goes to a number of places including insurance companies and reporting outfits like Carfax. Because of erroneous info, the vehicle has had mileage go up then down, and his luxury car is now permanently classified as 'suspect mileage' and as one dealer said, 'salvage title'. Another person had a damaged wheel replaced under insurance, but an error in the body shop coding reported it as a major collision, airbag deployed. After futile attempts to get it corrected, he would up taking a big loss.

    ...

    -- FORTRAN manual for Xerox Computers --

  • Steve Jones - SSC Editor - Tuesday, February 28, 2017 11:10 AM

    Eric M Russell - Tuesday, February 28, 2017 8:42 AM

    Eventually someone will invent an internet enabled table top DNA scanning device capable of generating a 12 alpha-numeric code which can then be used as a unique non-mutable identifier. A code generated using this method would not be dependent on regional coding standards, name changes, or any other user supplied information. You simply pass the scanner over a man's palm and it comes back with B7CEEC4C0EC4. Even he turns up dead with no personal belongings on the other side of the world, his identity could be immediately and positively identified.

    Except you're still dealing with the other side of the data part. While you might be B7CEEC4C0EC4, that doesn't mean your information would be that number. We'd have plenty of issues where data quality failed and there might be records in different systems like this:
    System 1
    B7CEEC4C0EC4 - Eric Russell

    System 2
    B7CEEC4C0EC4 - Eric M. Russell

    System 3
    B7CEEC4C0EC4 - Steve Jones

    That would suck, and that's also the issue with many biometrics. What happens when the data mapping is compromised?

    It's not perfect, because it addresses one aspect of a multifaceted problem. However, it would be an improvement. As it stands today, if I walk into the bank and request a cash withdrawal of everything in my saving account, the manager will ask me for:
    - my account number
    - my name
    - my date of birth
    - my drivers license or other photo id

    Any of this could be stolen and/or forged, and if my name recently changed due to marriage or my appearance changes due to a health condition, gender reassignment operation or whatever, then it gets confusing. However, a DNA scan with a hash match lookup against a central database eliminates any subjective criteria like the presentation of personal information or the authenticity of documents. You either do or don't have a genetic profile that matches the owner of the bank account.

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • jay-h - Tuesday, February 28, 2017 11:20 AM

    Steve Jones - SSC Editor - Tuesday, February 28, 2017 11:10 AM

    Eric M Russell - Tuesday, February 28, 2017 8:42 AM

    Eventually someone will invent an internet enabled table top DNA scanning device capable of generating a 12 alpha-numeric code which can then be used as a unique non-mutable identifier. A code generated using this method would not be dependent on regional coding standards, name changes, or any other user supplied information. You simply pass the scanner over a man's palm and it comes back with B7CEEC4C0EC4. Even he turns up dead with no personal belongings on the other side of the world, his identity could be immediately and positively identified.

    Except you're still dealing with the other side of the data part. While you might be B7CEEC4C0EC4, that doesn't mean your information would be that number. We'd have plenty of issues where data quality failed and there might be records in different systems like this:
    System 1
    B7CEEC4C0EC4 - Eric Russell

    System 2
    B7CEEC4C0EC4 - Eric M. Russell

    System 3
    B7CEEC4C0EC4 - Steve Jones

    That would suck, and that's also the issue with many biometrics. What happens when the data mapping is compromised?

    Interesting example happened to cartoonist Scott Adams. He would take his car

    into a shop for oil changes, the shop (more and more are doing this) would log the mileage and that would go to a data aggregator. That info goes to a number of places including insurance companies and reporting outfits like Carfax. Because of erroneous info, the vehicle has had mileage go up then down, and his luxury car is now permanently classified as 'suspect mileage' and as one dealer said, 'salvage title'. Another person had a damaged wheel replaced under insurance, but an error in the body shop coding reported it as a major collision, airbag deployed. After futile attempts to get it corrected, he would up taking a big loss.

    I was always suspicious when purchasing batteries from Radio Shack and they ask for my phone number. Why just batteries, and what would they do with this information?

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • Steve Jones - SSC Editor - Tuesday, February 28, 2017 11:05 AM

    ZZartin - Monday, February 27, 2017 9:08 AM

    Eric M Russell - Monday, February 27, 2017 8:56 AM

    I've wondered for a long time why issues like like digital privacy and identity theft don't get talked about more often by politicians. It's something that 99% of the public care deeply and consistently about. But for whatever reason politicians even during an election season don't seem to want to go there; perhaps because certain segments of the corporate community actually profit from unregulated and friction-less digital transactions, even if it means increased incidences of fraud.

    People might care deeply about privacy and identity theft but most people outside of technology simply have no understanding of what the actual risks are enough to have any kind of meaningful discussion about it.

    I agree. People want their information protected, but we have no real idea what that means, nor how we provide protection or penalties.

    I will say this - it's no quite so simple as "they're just irresponsible".  In healthcare I will say in many cases that I've seen (disclosure - I worked for a good long while in HealthCare IT), the weaknesses came out of trying to FIRST make sure that the patient got the care that they needed; any additional security that might slow down someone's access to data that might help you faster rally had to be questioned.  It often came down to Ethics 101 type questions:  do you put so many controls in place so that no one can even access your data without talking to you, or do you track data based on what someone might have in their pocket at the time of the accident (i.e. driver's license or other ID,s to include SSN)?  how much worse off would the outcome be if a patient with a lot of possible reactions can't be identified until AFTER a trauma event is over? How likely are you to pick up on the fact that they are allergic to <insert medication/treatment name here> before its' too late, if you can't get into their EMR?

    Now I know it has also turned into an easy cop-out as well, but you really do end up with a LOT of much harder questions than "encrypt and lock everything down 100%".  Pushing the pendulum too far really can have some permanent and very dire outcomes.

    ----------------------------------------------------------------------------------
    Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?

  • Eric M Russell - Tuesday, February 28, 2017 11:56 AM

    It's not perfect, because it addresses one aspect of a multifaceted problem. However, it would be an improvement. As it stands today, if I walk into the bank and request a cash withdrawal of everything in my saving account, the manager will ask me for:
    - my account number
    - my name
    - my date of birth
    - my drivers license or other photo id

    Any of this could be stolen and/or forged, and if my name recently changed due to marriage or my appearance changes due to a health condition, gender reassignment operation or whatever, then it gets confusing. However, a DNA scan with a hash match lookup against a central database eliminates any subjective criteria like the presentation of personal information or the authenticity of documents. You either do or don't have a genetic profile that matches the owner of the bank account.

    Eric, and please don't take this as criticism, I find it interesting that on the one hand, you seem to be arguing for a worldwide (or at least nationwide) "person registry" yet on the other (your next comment about Radio Shack and batteries) you're concerned about RS collecting that information.

    Not to be a tin foil hat, but personally I'd be extremely leery of any sort of nation \ world wide registry for people, both from the privacy aspect and from the security aspect.

  • Eric M Russell - Tuesday, February 28, 2017 9:40 AM

    drew.allen - Tuesday, February 28, 2017 9:15 AM

    Eric M Russell - Tuesday, February 28, 2017 8:42 AM

    Gary Varga - Tuesday, February 28, 2017 7:52 AM

    Eric M Russell - Tuesday, February 28, 2017 7:03 AM

    In a world with 7 billion people, most of whom have (or soon will have) digitized records, we need some type of unique universal identifier, like a SSN...

    It just isn't practical. If solely in the US you lot couldn't manage to keeps SSNs unique do you think you'll do any better when the rest of us join in? Each of our countries probably have the same horror stories. Definitely here in the UK we have had the same, or at least similar, problems with our National Insurance numbers (a.k.a. NI Number or NIN).

    Eventually someone will invent an internet enabled table top DNA scanning device capable of generating a 12 alpha-numeric code which can then be used as a unique non-mutable identifier. A code generated using this method would not be dependent on regional coding standards, name changes, or any other user supplied information. You simply pass the scanner over a man's palm and it comes back with B7CEEC4C0EC4. Even he turns up dead with no personal belongings on the other side of the world, his identity could be immediately and positively identified.

    As someone who has a twin brother, I'm not so sure that a DNA scanning device will ever be able to distinguish between me and my brother.

    Drew

    You and your brother share very similar DNA, but not identical. As it stands today, hospitals routinely co-mingle the medical records of same sex twins.

    I know that there are differences due to random mutations, DNA methylation, and mitochondrial DNA distribution during mitosis and possibly viral exposure, but I don't know exactly what the implications of that are as far as a DNA scanning device is concerned.  Specifically, I don't know how much variation there is within one individual, so I don't know if the range of variations is limited enough to conclusively exclude a sample from an identical twin.  Are there any other variations that I may have missed?

    Drew

    J. Drew Allen
    Business Intelligence Analyst
    Philadelphia, PA

Viewing 15 posts - 16 through 30 (of 62 total)

You must be logged in to reply to this topic. Login to reply