Useful Links

Recent Posts

Archive:

Threat Models

29 March 2008

The good (and sometimes bad) thing about being an Internet security guy is that you always wonder about threat models, even in the physical world.

I recently visited my local hospital for some medical tests. I was told to bring a picture ID. Why, I wondered? Was it security theater? Does the Department of Homeland Security have a "no treat" list? Was my visit to be reported to the Immigration and Customs Enforcement agency, to see if I was a legal resident?

The truth was more mundane, though at least as depressing. The person checking me in first tried to brush off my question with "I just work here", but she eventually explained it: they have a problem with patients presenting other people's health insurance cards. Yes, this is a bad idea for all concerned: the medical records both the card owner and the patient will be merged, causing great confusion and possible serious consequences down the road. But there are so many uninsured and health care in the US is so expensive that people are desparate. The person I was talking with said she initially didn't believe there was a problem, until she'd seen a fair number of examples herself. (I should note that the hospital in question is not in a poor neighborhood. In fact, the median family income in that town was about $117,000 in 2000; neighboring towns are equally well off.)

So — if this is happening, is there a street price for health insurance cards accompanied by picture IDs? If not, I'm sure that such a market will develop soon, unless the underlying problem is solved.

Permalink