Chair of the Access Card Consumer and Privacy Taskforce, Professor Allan Fels AO, has released a discussion paper on Voluntary and Medical Emergency Information that can be considered for inclusion in
the consumer-controlled area of the access card.
The paper notes that:
"The key question which needs to be addressed is
what information is absolutely necessary to be available from the chip
[in the customer controlled area of the access card] to facilitate emergency medical treatment of a person in a crisis
situation. Furthermore, what information is merely convenient for a
cardholder to have available to them by way of storage in the
customer-controlled area of their access card...
The decision about what specific health and emergency data might be listed in the card is a considerably more complex matter than might have been anticipated. It is not simply a matter of storing anything or everything in an unselected fashion. This is because the data entered into the chip is data which is intended to be acted upon by other people. This is not data, such as the storage of a list or a telephone number or a birthday or a bank account number, where the action which flows from the storage of the data is action initiated by the cardholder themselves. This is data upon which other people act in good faith and where their actions may have significant (and potentially life-threatening) consequences for both parties concerned....
Because of this, there must, in the opinion of the Taskforce be a requirement, for the protection of the person who acts in good faith on the data provided by the cardholder, that a robust system of authentication and verification must be incorporated into the storage process. Without such a checking mechanism the storage of the data becomes less than useful, since third parties will either decline to act, or be restrained from acting, on the data, thus negating the whole purpose of its listing in the first instance."
The Taskforce has recommended that:
The customer controlled area of the access card should contain a two-tiered system of emergency and health information:
• in the first tier, which should be accessible to anyone with an approved reader, there should be listed only that data which is absolutely necessary to facilitate the provision of emergency health treatment in a crisis situation;
• in the second tier, which should be PIN protected (and thus accessible only with the express consent of the cardholder) other medical and health data could be listed in accordance with the Recommendations which appear below;
• the Access Card itself could contain, on the surface, some symbol (such as the caduceus) to indicate that emergency medical data is stored in the chip so that no time is wasted in an emergency situation looking for information which may not be there in the first instance.
Submissions on the discussion paper close on 16 March 2007.
Print This Post
Posted 22nd February 2007 by David Jacobson in Privacy, Uncategorized