[Care2002-developers] Re: Global PID and VISA type numbering system

[David Forslund]

> ------------Original Message------------
> From: Andrew Ho <[EMAIL PROTECTED]>
> To: "J. Antas" <[EMAIL PROTECTED]>
> Cc: David WForslund <[EMAIL PROTECTED]>, [EMAIL PROTECTED], [EMAIL PROTECTED]
> Date: Fri, Mar-12-2004 11:54 AM
> Subject: Re: Global PID and VISA type numbering system
> 
> On Fri, 12 Mar 2004, J. Antas wrote:
> 
> > David W Forslund wrote:
> >
> > > Universal Ids have fatal problems with them unless they are some form of
> > > robust biometric.
> >
> > DNA chip? It could be the solution.
> 
> David and J.,
>   Identification and Authentication are two different functions. For
> authentication, "robust biometric" may be helpful. For identification, an
> arbitrary symbol is preferred.

I think the topic was identification, not authentication.  At least it is the former
that I was addressing.  Arbitrary symbols are not necessary good for identification
if everyone uses difterent "symbols".   But if they are usual demographic related 
attributes
then you need a fair number to disambiguate.   A biometric could reduce that 
considerably. 
An identifier is not the same as identification.  Linking a real person to an 
identifier 
(or multiple identifiers) is part of the identification process and cannot be 
neglected.
> 
> > But then again, you would need some kind of probe to read it.
> > And if you use a probe (mechanical, electronic, biologic, or any
> > combination of these) you will have to deal with the classical
> > "key<-->lock" problem.
> 
>   If we embed patient information of any kind in the identifier (e.g. DNA
> data, gender, date of birth), then we will be disclosing potentially
> sensitive patient information whenever the identifier is used.
> Furthermore, as you already pointed out in your previous message, these
> patient information may have to change over time (e.g. gender).
> 

Of course.   It is unwise to use various properties of a person as the identifier. 
They should be used to link to an identifier.  Potentially a robust biometric would
be sufficient to "identify" a person, but carries this problem of sensitive information
which is why I don't think it will be accepted in the US, at least

> ...
> > > Arguing over things like the number of digits needed in a UID is a waste
> > > of time.
> 
> The issue is not really how many digits - but how should the UID be
> produced: Specifically,
>   1) who should produce the UID and
>   2) how should a directory be maintained.

Someone has to be the authority for issuing unique ids in a specified domain. The
authority is usually defined in the ID, itself.  This is what we mean when we talk
about a QualifiedID.   The Qualified ID contains information about the domain. (pretty
analogous to XML namespaces).   I think there are many ways that a directory can be 
maintained
and needed be specified, only how to ask questions of the "directory".  that is, the 
way
in which information goes into and comes out of the "directory" needs specification 
(such
as in the PIDS specification, e.g.).  

> 
> Regarding #2, David Forslund et al made a proposal in 2000:
>   http://www.amia.org/pubs/symposia/D200400.PDF
> 
> To my knowledge, it has not been implemented or tested in real-world
> settings.

Not to my knowledge, but we have tested the idea in small cases. No one has
asked us to do it on a large scale (yet). 

Dave
> 
> ...
> 
> Best regards,
> 
> Andrew
> ---
> Andrew P. Ho, M.D.
> OIO: Open Infrastructure for Outcomes
> www.TxOutcome.Org
> 


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
_______________________________________________
Care2002-developers mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/care2002-developers