Multiple Health ID Per Individual

shantidev.samantaray · September 27, 2020, 7:22am

Does the Health ID system allow creating multiple health IDs for an individual? If yes Are there any specific reason behind it, Will not this add more complexity to the system?
If Health Id can only be created using Aadhaar or Mobile Number Then system should restrict creating multiple health ids and when same mobile number has been used for multiple health id then use the fuzzy match to identify the Individual and keep the tagging of health id mandatory to identify easily .

Yes, Individual should be allowed to delete the Health ID and then create the new one.
or modify the health Id and If any individual comes with different mobile number or fuzzy match also failed in that case System can generate new health ID, but system should restrict as much as possible to create multiple health ids.
Moreover, since user has been given all the provision to link his health records available under different HIPs then User should have provision to unlink the health records too.

Still I hope, system should reply back with the same Health ID number, if it has already been created, Please clarify it.

bhaskar.dabhi · September 28, 2020, 5:49am

It allows for creating multiple health IDs for some reason as they said on the call. It will basically help user to share specific information they want to share.

shantidev.samantaray · September 28, 2020, 5:51am

Sorry, I missed to attend the health id call,
Is it possible to share the recording with us?

slamba · September 28, 2020, 8:47am

@shantidev.samantaray

As per the last webinar, NDHM team will put those recording one the site but might be take some times.

Venu_Gopal · October 4, 2020, 3:50am

So one of the reason mentioned on the call is that, multiple healthIDs help patient keep care contexts separated and maintain better privacy

shantidev.samantaray · October 4, 2020, 7:05am

Consent at granular level can solve this problem easily, Are there any specific problem which cannot be solved through consent management system? Moreover, there is provision of linking health record from a facility to health ID, Then again on top of that giving option of creating multiple health id looks like there is no health id, It is simply another id assigned by a health facility.
Still not clear what problem now health Id is going to solve? If I am not wrong, the Health ID we are discussing here is no different from National Health ID announced by Prime Minister of India on 15th Aug.
As per the media and information’s from public domain, it is interpreted as one to one relationship between a person and a health id, but technology is going to make it one to many. I think no one knows about it except who are involved in this domain.

Venu_Gopal · October 4, 2020, 8:36am

OTPs could be stolen. While PDP is still in works one can’t accurately predict how the control mechanism work at HIP/HIU/HRP/HLP. The controls could work as cure and not as prevention. This would mean theft of health id, is confiscation of all health records. Having multiple ids is not same as not having a HealthID. It is either better or much worse the way you see it, but not same as not having a HealthID

That said, I’m not a fan of the OTP based scheme or multiple HealthIDs and would add it would be very difficult to manage multiple HealthIDs and multiple consent managers, a probabilistic scenario.

But will accept to live with it. The dangers of not having them are far greater than having them !

prasannalimaye · October 7, 2020, 5:23am

we should not allow to create multiple health id for the same person, this can be misused…Uniqeness is important, giving multiple views to different health provider for the purpose of sharing can be the way to provide context based access to set of information… similar to RBAC of the target user

Venu_Gopal · October 7, 2020, 5:38am

Agree for that to happen, we need to live in a HTTP world, not HTTPS where every record of a user is locked by their own pair of keys, randomly generated by their ID service with proper user education. The user can generate a new id, if their’s is compromised. But if they choose to be complacent, then its their own fault

That system might take a long time, and quantum computing may break it ! Until then whatever we have is GOLD !

prasannalimaye · October 7, 2020, 6:39am

HTTPS is security for communication ( Client to server : Security in transit ), security at rest is totally different problem where long term key retention and key rotation is important. But this is nothing to do with the uniqness of ID. One person should have one uniq identification. ( PAN was multiple , Adhar, people could create multiple Adhar…and we know what problems it has created ), the problem can be solved by AAA: Authorization problem…

a encryption key generation and managing is totally a different problem which user should not be bothered, IT should take care of… Like what I get a Digital signature device. Not having any encryption is much bigger problem

Venu_Gopal · October 7, 2020, 1:18pm

The user would have the keys, and they don’t need to bother. It’s the ID/App implementer that has to take care of, with an easily consumable UI. Digital signature solutions we have today will only benefit CAs and are not scalable or manageable. Having TLS is fine, that alone is not going to solve. My comment about living in HTTP world means that. The recent change in TLS certs that they can’t be issued for over 2 years is a proof. I’m not a fan of multiple IDs and don’t confuse multiple PANs & Aadhaar with a healthID. Ideally I’d like a blockchain based identity that is controlled by the user alone. But that is long away, since we are not investing in it. If a hacker could break an encryption they can also break TLS. But even in http if they can’t decrypt the data packet, then what benefit do they have ?