Another view: of cryptography and proving our identity
- 8 June 2018
Our GP columnist has had a long term fascination with cryptography, and wonders whether it could prove useful in the further expansion of digital health services.
Since my teen years I’ve been fascinated with cryptography. Maybe it’s a secret hankering to be a spy? I remember reading about public key crypto systems and how they could be used to create really hard-to-read messages, and how it was all based on prime number theory. I was doing Maths A-level at the time, and a real world application of the things we were studying sounded cool.
I remember that it could also be used to confirm identity, as only the person themselves knows their private key. I also remember that without public key cryptography, the internet revolution might not have happened – especially the commercial side of it.
When PGP Mail came out – which allows you to encrypt everything you send – I remember wanting to try it out. But I had neither any geeky friends who wanted to go through the hassle of generating a key, or anything particularly secret to say to them. Over the years, I’ve wondered why something like PGP isn’t built into e-mail as standard, or more easily added or used.
Encryption in NHSmail: who knew?
I guess the fact is the vast majority of email is banal and benign and that other ways of encrypting things in, say, zip files have stopped routine PGP email encryption happening. Of course it could be a Microsoft/government conspiracy to keep our comms readable in plain text in return for Microsoft Office dominance!
So I was quite amazed when I found out NHSmail had an encryption service built in for transmission of confidential data. Typing [secure] or [encrypt] in the subject line sends a message inviting the addressee to register and confirm their address before allowing them to download the message.
Normal email bounces in free text from internet node to internet node so it is “readable” along the way. The encryption available via NHSmail doesn’t stop someone hacking or otherwise accessing my email account – or indeed prove I am who I say I am; only that I have access to that email address.
But are you who you say you are?
The ability to prove who we say we are is important in the context of NHS digital services, I think. I recently put out on social media the idea of introducing a chatbot on my practice website. You know the sort of thing: when you go on a website, a box pops up saying we are online and you can ask us questions. I think it could be a good way of liaising with multiple people without them facing the dreaded engaged tone when they try to call us.
But, quite rightly, a few people asked how we would know quite who we were speaking to. Say someone asks for their results: do you give them? What if you inadvertently give out information to someone pretending to be a patient?
Well, to be fair – how do you know who someone is when they phone? OK, at least you can think about whether the voice fits the profile of the person. I can probably recognise quite a few of my patients over the phone. But we have 24,500 patients: I certainly can’t recognise them all.
Receptionists are trained to be wary and not to give over the phone information that is too specific. Of course this can be very frustrating for genuine users, and it often pushes people to come in when often they otherwise wouldn’t really need to.
I worry that adoption of truly new ways of working won’t happen until we can solve this issue.
I have a vision of a group of practices putting call handlers into a centralised room, leading to economies of scale and longer hours of working. But this won’t work if we can’t prove patients are who they say they are.
The role for authentication
Similarly there is a lot of fuss about online GP services at the moment. How do they know who they are treating? Perhaps it doesn’t matter if it’s about a sore throat; they take enough of the history in the enrolment. However it will matter if they start picking up chronic illness. Can they access the Spine or the patient’s practice records without being able to confirm ID? I’d be happy to give these online services access to GP records if I really knew it was the patient asking for them to have access.
I’ve long complained about the consent model used in things like the Cheshire Care Record. At the moment it’s a pop up box that the clinician fills in. There is no real proof the person was actually there.
But what if there was? I have things like Google Authenticator on my phone. What if I could fire up an app, type in the challenge code given out by the software, type in my secret code, and then it produces a code that verifies I am who I say I am? This would work for chatbots, for online records access, or for seeing a private GP.
Once a person was authenticated I could chat with them and know who they are. It could revolutionise online care.
We could hack it
Here is where my knowledge reaches its limit. As far as I understand, you would need a trusted identity service that acted as the master authority and held the private/public keys? You would need an authenticator type app? I’m not sure if the NHS registration authority would work, plus I’d prefer a soft card than a real one. Perhaps there is a role for blockchain?
I hear there are some NHS hack days coming up. Maybe this would be a valuable topic to add to the agenda.