[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MED_vac

On Thu, 16 Nov 1995, Adam Shostack wrote:

> 	If you have some personal data that includes your patient
> number, why not have a card that instead lists your important data?
> "This patient is diabetic, alergic to amoxicillin, and has Gold Cross
> insurance." 

I'm confused.  Are you saying that the answer is hardware??  Why I think
someone already thought of that. It's called a MEDIC-ALERT bracelet. 

As someone who's blood type is rare, I can appreciate this.

> 	At Defcon, Bruce Schneier was talking about the value stored
> in casino chips.  Its sttaggering.  Its an alternate cash system, with
> a huge float, astounding velocity, and very little fraud.  Transaction
> costs are low, clearing is instantaneous.  The comparison is fairly
> clear.

I don't see the comparison.

High value "chips" have additional security precautions engineered into
them, over and above low-value chips, hopefully Schneier realizes this.  
There are also regular "counts", in fact perpetual "counts" in all casinos. 

I mean pit bosses and managers have to do something to earn their keep.
(other than handing out comps, I mean.)

There's also an "eye in the sky" lording over you in a casino, and the
"chips" aren't actually "cleared" until you cashout.  I'm not sure how
Schneier got the idea that it was instantaneous clearing, but it isn't by
any stretch of the imagination. 
But then what do I know ... I don't even sign my posts with PGP.

> |      So, what if my records were available on the net, but encrypted with a
> | an key known to my physician and an escrow agency? (Equivalently, they
> | could be on that smartcard, but encrypted.) If an emergency occurs, the
> | hospital fetches my encrypted records from my physician's server, then
> | sends a message (signed with the hospital's key) to Keys R Us, the escrow
> | agent, saying "This is Dr. McCoy at Frobnitz Memorial Hospital, we need the
> | key for FooBar Medix, Inc., patient number 147258369." (My FooBar Medix,
> | Inc., insurance card lists my physician's server, the escrow agency, and my

Why bother with having records on the "Net".  What if the net goes down, 
then what??  Where are you left then?  Relying on technology, simply 
because something CAN be done is very bad practice, when its not needed. 

When I travelled in the States, I simply kept a copy of my travel 
documents in my wallet.  I never had any problem.  And I had a copy of my 
pertinent medical data, attached via a MEDIC-ALERT bracelet to my body.

Then again, the amount of information that you want a doctor reading over
when you do have an emergency is minimal.  You really want the doctor to
act, not to get to know all of the details which aren't relevant to your

There's no need to overload someone, you simply have to give someone the
resources they need in order to get the job done. And that is the 
critical point, isn't it??  Getting the job done, and giving someone 
what's needed to do so.

> -- 
> "It is seldom that liberty of any kind is lost all at once."
> 					               -Hume

Alice de 'nonymous ...

                                  ...just another one of those...

P.S.  This post is in the public domain.
                  C.  S.  U.  M.  O.  C.  L.  U.  N.  E.