Discovery knows far too much about me already: where I live, how often I go to the gym, what foods I eat, which doctors I see, and what pills I'm taking. Now through their hair-brained scheme called "HealthId" they want to make this available to anyone in the health care industry who has an iPad and can forge my signature or convince Discovery that I gave my consent.
So my dentist can find out whether I've seen a marriage counsellor and whether I take Viagra or not. My heart doctor can find out how often I get my eyes tested. My GP can see how many times I've been tested for HIV. What's to stop my life insurance company from getting this information, either legally or illegally? Once it's available in a neatly collated form on an iPad, who says a snooper can't just "borrow" an iPad and look up all the details on file and sell it to any number of interested parties, like life insurance companies, say.
There is no facility on the Discovery web site that allows me to pre-emptively block access to this data. There should be. And I'm pretty sure that the iPad software can't be disabled if an iPad is lost or stolen. Discovery can't even tell me what information they are going to tell the doctors, or whether doctors, dentists, optometrists and so on get the same information or different information. I don't think they have given it any thought at all, quite frankly. Which is more alarming than the fact of them even thinking of making this information available.
Another point is what Discovery plans to do with the Doctor's notes and other information captured on the iPad software. Are they going to read the notes to try to second-guess a recommendation for Chronic medication benefits? Are they going to bump up my premiums based on what my GP has written in his files?
What's to stop a hacker reverse-engineering the iPad app and figuring out how to send the "consent" permission to the Discovery servers to get the records of hundreds, if not thousands, of patients? Since there is nothing on the Discovery servers to pre-emptively block them from doing so, Discovery is effectively trusting every iPad out there, without knowing who is using it or what their intentions are. Since iPads can't do biometric identification (thumb prints or retina scans), they have no way of knowing who is using it. Bad move.
I was first alerted to this problem by an article in Noseweek (pdf) and today I read the July 2012 "Discovery" magazine article on page 38. They do a great job of trying to sell the concept, but they completely ignore the privacy and security implications. Meanwhile, despite all the questions being asked, they have gone ahead and launched the scheme. So if the hackers find a way of subverting it before they put proper security in place, we're all screwed. And their record of keeping my contact details private is not exactly exemplary, and their dealings with doctors are not exactly ethical. The problem is that if they get sued for this then my premiums will go up. Not that they've ever gone down, but still ...
Update: Tuesday 7th August: I managed to get Dr Jonathan Broomberg, CEO of Discovery Health, to read this post. This is what he wrote:
I will call. But it's important to know that your data is blocked by default. No doctor can access your data unless you personally and explicitly give permission. This permission can be given for named doctors or for all doctors you see. It can be withdrawn at any time. If you choose not to give the consent, your data remains entirely private. Does this address your concern?This is very worrying. I have explained to him that not having a pre-emptive blocking option is different from what the system does now. Hopefully he will get it, because he doesn't seem to understand the difference yet.
Update: Wed 8th August: After some discussion on the MyBroadband forum, I propose a few obvious changes:
- Every time I log in to Discovery.co.za I want an email notification of my login, exactly like FNB does.
- I want to see a list of the date and time of the last 5 logins on the opening screen after login. Just like FNB does.
- When I go to the HealthID Consent Manager on their web site, at present I can select "I agree to the terms and conditions". I want a further option that says "I do NOT agree to the terms and conditions, and wish to keep my electronic medical history private"
- I want this option enabled by default.
- In order for the doctor to obtain my consent, I type my Discovery user name and password to the iPad app. Then Discovery sends an SMS to my phone with an authorisation code. I then fill in the code into the app to allow that particular doctor access. FNB does something similar on their banking site with particular transactions.
- On subsequent visits to the doctor, Discovery will SMS me an authorisation code that I then give to the doctor so he can view my profile for the rest of that day.
I would also like Discovery to warn users not to use the same password that they use on other sites. This is responsible security practice. Right now they don't even warn you if you have a weak password. They allowed me to choose "passw0rd" for their site. What were they thinking?
"P.S. Discovery HealthID was awarded best iOS app for enterprise at MTN’s first ever app of the year awards." They obviously didn't do a security audit of the app. Neither has Discovery Health.