Discovery HealthID: kiss your medical history's privacy goodbye

I'm not seeing the problem here. You authorise access to your doctor. They login to a system to view these details. This login is secure. If the iPad is stolen, the new "owner" will still require the login details to view your details.

What is the big deal here?

Did you read and understand my blog article, or the Noseweek article? Discovery can't guarantee the parts in red.

There is no way for me to pre-emptively block access to my own data. There should be.

Therefore, anyone posing as me, or any fraudulent doctor (Discovery NEVER gets defrauded own doctors!) or doctor's assistant wanting to access my data, can gain access to it by the simple process of imitating my signature.

I have no guarantee that my signature is even checked, and Discovery relies entirely on the iPad user for its security. If an iPad is left on and logged in and is stolen, it can be used without the doctor's knowledge. These are portable devices. Passwords can be disclosed by computer newbies through social engineering.

All I want is the ability to stop iPads accessing my information.

Until now I have disclosed this information face-to-face with my doctor, and I have had the control and discretion. Now Discovery wants to blab all my data to anyone who asks, without my knowledge or consent. They keep trying to reassure me that my consent is required, when it is perfectly obvious to me that there are security holes you could drive a truck through, and that my consent can be easily bypassed.

Furthermore, when my optometrist asks me questions about my medical history, I provide her with relevant details; I don't talk about my mental health or my sex life. It's inappropriate. But if she signs on to my Discovery profile it's all there, appropriate or not.

I'm not telling Discovery to abandon their iPad app. All I want is the ability (on their web site) to block their iPad app from accessing my information. I want to be able to say that under NO circumstances may my information be disclosed to any third party. That's what they are required to do by law anyway.

If other Discovery members are too stupid or gullible to realise the privacy implications, they can unblock their information. That's their choice, until it bites them in the ass, by which time it's too late. If they're Noseweek readers they can't say they weren't warned.
 
Last edited:
Makes more sense, thanks. So what would you propose they do?
 
Donn's in the military IT space if memory serves correct. He has, in the past, had valid bitches and moans. Not too sure about this one though...

Military IT Space? and he looks after 300000 medical records?

Could be. But yeah, I think he's overreaching and being somewhat melodramatic about this issue.
 
I missed the part where he looks after 300000 medical records. Linkage?
 
Makes more sense, thanks. So what would you propose they do?

I propose a few obvious changes:

1. Every time I log in to Discovery.co.za I want an email notification of my login, exactly like FNB does.
2. I want to see a list of the date and time of the last 5 logins on the opening screen after login. Just like FNB does.
3. When I go to the HealthID Consent Manager on their web site, at present I can select "I agree to the terms and conditions". I want a further option that says
"I do NOT agree to the terms and conditions, and wish to keep my electronic medical history private"
4. I want this option enabled by default.
5. If I provide my Discovery user name and password to the iPad app, Discovery will send an SMS to my phone with an authorisation code. I then fill in the code into the app to allow that particular doctor access. FNB does something similar on their banking site with particular transactions.
6. On subsequent visits to the doctor, Discovery will SMS me an authorisation code that I then give to the doctor so he can view my profile for the rest of that day.

Like Dr Moodley at Stellenbosh University, I think the privacy issues and disclosure issues need to be addressed. But until the security concerns are addressed, there isn't much point.

I would also like Discovery to warn users not to use the same password that they use on other sites. This is responsible security practice. Right now they don't even warn you if you have a weak password. They allowed me to choose "passw0rd" as a password :wtf:

P.S. I think they get the message. I was just called to set up a meeting with their HealthID team.
 
Last edited:
I missed the part where he looks after 300000 medical records. Linkage?

I don't work for the military. My customers are FishwisePro, HFPA, Drive Report, AmaYeza and Men's Clinic International. The latter have over 300,000 patient records, which are encrypted. I'm sure if you have ever visited them or phoned their call centre you'll be glad to know your contact details, including your name and telephone number, is stored in encrypted form in their databases, both Access and SQL.

On the laptops that visit outlying clinics, the database is stored on a TrueCrypt volume. So far several laptops have been stolen, including 2 armed robberies, and the data has not leaked. There are additional security measures as well. It was part of my brief when I started on the project many years ago. Before then their Access97 databases were password protected. That's all. The passwords were easily cracked, so I don't rely on any of the built-in Access or SQL Server security.

Considering that Men's Clinic is South Africa's largest seller of Viagra, Cialis and Levitra, not to mention injectable medication, you can understand why we go to great lengths to keep that information private, especially since MY name is in there too.

FWIW, I'm meeting with Discovery on Tuesday 14th. I'll keep y'all posted.
 
Last edited:
Hi everyone
Please read my blog post
"Discovery Health's Electronic Health Record: not good"
http://donnedwards.openaccess.co.za/2012/08/discovery-healths-electronic-health.html

I spoke to the COO, CIO and various other executives today. The COO is a doctor with the bedside manner of earthmoving equipment. Either that or he was playing the "bad cop" role; I haven't decided. All I know for sure is that both the CEO and COO don't have a clue about internet security, and are convinced that their HealthID program is safe. It isn't.

To give you an idea about safety, consider that there are some well-known passwords that you simply should NEVER use: "password" is one of them. In spite of this, the Discovery web site allowed me to change my login password to "passw0rd" (with a zero) without even a beep. And they proudly told me that their web site passed a KPMG security audit 3 months ago.

And even though the HealthID program is being rolled out with much fanfare and is already being used by over 400 doctors, they are only going to have it audited next month. If there are any loopholes in the meantime, you can kiss your privacy goodbye.

The "consent" you sign if you agree to allow your doctor to use the HealthID program, basically indemnifies Discovery Health for any "data leakage" that may occur through ignorance or stupidity on behalf of your doctor, or his receptionist. i.e. if they screw up or misuse the data, you can't sue Discovery.

DO NOT sign a HealthID consent form. EVER. If you do, you are effectively allowing unspecified healthcare providers full access to the most private and gory details of your medical history.

At the meeting they agreed to remove my medical history from their web site. Best of luck getting the call centre to do the same for anyone else.
 
I don't know what to say. I am going to have to reserve my comments until I've had a go at the app and had a look-see at what functionality it can provide.

But I would guess that the amount of red tape to get proper access will be quite extensive. Would first need to get our optometrist registered on Discovery using his ID number, practice number and HPCSA number. Hopefully Discovery will get back to us with a username and password before next week. :(
 
Hi everyone
Please read my blog post
"Discovery Health's Electronic Health Record: not good"
http://donnedwards.openaccess.co.za/2012/08/discovery-healths-electronic-health.html

I spoke to the COO, CIO and various other executives today. The COO is a doctor with the bedside manner of earthmoving equipment. Either that or he was playing the "bad cop" role; I haven't decided. All I know for sure is that both the CEO and COO don't have a clue about internet security, and are convinced that their HealthID program is safe. It isn't.

To give you an idea about safety, consider that there are some well-known passwords that you simply should NEVER use: "password" is one of them. In spite of this, the Discovery web site allowed me to change my login password to "passw0rd" (with a zero) without even a beep. And they proudly told me that their web site passed a KPMG security audit 3 months ago.

And even though the HealthID program is being rolled out with much fanfare and is already being used by over 400 doctors, they are only going to have it audited next month. If there are any loopholes in the meantime, you can kiss your privacy goodbye.

The "consent" you sign if you agree to allow your doctor to use the HealthID program, basically indemnifies Discovery Health for any "data leakage" that may occur through ignorance or stupidity on behalf of your doctor, or his receptionist. i.e. if they screw up or misuse the data, you can't sue Discovery.

DO NOT sign a HealthID consent form. EVER. If you do, you are effectively allowing unspecified healthcare providers full access to the most private and gory details of your medical history.

At the meeting they agreed to remove my medical history from their web site. Best of luck getting the call centre to do the same for anyone else.

Might I suggest you take these matters up with their compliance officer and Key Individual as he/she is accountable and need to ensure that they are compliant. If trading and found not to be compliant mention the FSB and as sure as hell they sure will ensure they are asap.
 
What exactly are you worried about?

Both my wife and I suffer from potentially embarrassing medical conditions. Discovery wants to splab about these conditions to any healthcare provider who asks. I choose to be a little more discreet, and only tell those who actually need to know.

Given the potential for serious data leakage on this system (as compared to paper files) I think this is not only prudent but essential.

Might I suggest you take these matters up with their compliance officer and Key Individual as he/she is accountable and need to ensure that they are compliant. If trading and found not to be compliant mention the FSB and as sure as hell they sure will ensure they are asap.

I took it up with the CEO, Dr Bloomberg, and had a meeting with the COO Dr Ryan Noach and the Chief Information Officer. Who else would you suggest?

I don't know what to say. I am going to have to reserve my comments until I've had a go at the app and had a look-see at what functionality it can provide.

But I would guess that the amount of red tape to get proper access will be quite extensive. Would first need to get our optometrist registered on Discovery using his ID number, practice number and HPCSA number. Hopefully Discovery will get back to us with a username and password before next week. :(

Before you do so, read the "Consent and Waiver" statement (on my blog article) and decide if you want to subject your patients or your family to such legal irresponsibility. I refuse.

Why would your optometrist need to know what medication I'm on? I have no way of preventing him from finding out once HealthId is expanded to include optometrists and dentists.

While you are looking at the functionality, consider the security from a patient point of view: any signature will do, and Discovery will hold you responsible if someone hacks/steals/misuses your iPad. And since the system will allow you to have a password as insecure as the word "passw0rd", good luck to you claiming from your malpractice insurance when you get hacked or your iPad is lost or stolen.

Consider the case of technology journalist Mat Honan whose Macbook and iPhone was wiped and who lost a year's worth of baby photos in the process: "Mat Homan's Very Bad Weekend" (transcript).
 
At the meeting they agreed to remove my medical history from their web site. Best of luck getting the call centre to do the same for anyone else.

On Tuesday the Discovery Health COO confirmed that my health records would not be published:
Sent: 14 August 2012 20:58

Hi Donn

[snip]

I confirm that we will block all and any access to all health records associated with your policy.

Regards

Ryan

Dr Ryan Noach
COO
Discovery Health

T: +27 11 529 2062 (Cheryl Dex)
C: +27 82 820 4911
E: [email protected]
Web: www.discovery.co.za

Today I am told that they need more time. :wtf:

It seems they don't have to tools to do this, even though I was assured that it could be done. Why am I not surprised?

Update: Dr Ryan Noach assures me my EMR will be removed by Monday.

Best of luck to anyone else trying to get their EMR removed by phoning the call centre. :rolleyes:
 
Last edited:
I got the hard-sell spam from Discovery today.

I am uneasy about my dentist knowing about my haemorrhoids... (if I had either!)

Is there any further evidence that Discovery have tightened security on this thing?
 
Is there any further evidence that Discovery have tightened security on this thing?

None. They won't divulge the contact details of the audit team at KPMG. I called KPMG and asked them to call me back. That was two weeks ago.

The doctor's logon timeout is set to a 3 minutes (if memory serves me correctly). That means the doctor has to log in each time he sees a new patient. If he's doing it that often on an iPad, how simple do you suppose his password will be? How times have we seen that convenience is the enemy of security?

Don't allow your doctor to access your EMR until he can prove that there is two-factor authentication on the app. And since the app has not been updated since 12 June 2012, you can be sure it isn't there yet.
 
Top
Sign up to the MyBroadband newsletter