Threat Models
The good (and sometimes bad) thing about being an Internet security guy is that you always wonder about threat models, even in the physical world.
I recently visited my local hospital for some medical tests. I was
told to bring a picture ID. Why, I wondered? Was it security
theater? Does the
Department of Homeland Security have
a "no treat" list? Was my visit to be reported to the
Immigration and Customs Enforcement
agency, to see if I was a legal resident?
The truth was more mundane, though at least as depressing. The person
checking me in first tried to brush off my question with "I just work
here", but she eventually explained it: they have a problem with
patients presenting other people’s health insurance cards. Yes, this
is a bad idea for all concerned: the medical records both the card owner
and the patient will be merged, causing great confusion and possible
serious consequences down the road. But there are
so
many uninsured
and health care in the US is so expensive that people are desparate.
The person I was talking with said she initially
didn’t believe there was a problem,
until she’d seen a fair number of examples herself. (I should note
that the hospital in question is not in a poor neighborhood. In fact,
the median family income in that town was about $117,000 in 2000; neighboring
towns are equally well off.)
So — if this is happening, is there a street price for health insurance
cards accompanied by picture IDs? If not, I’m sure that such a market will
develop soon, unless the underlying problem is solved.
