You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the NHS there has been discussion about ways to enable a patient photo to be obtained by legitimate care systems, to enable safer identification of the correct patient, and to help make healthcare more 'human-scale' when dealing with electronic patient records.
Gravatar does this already...
Gravatar (Globally Recognised Avatar) stores an image of the user, but it is only accessible if you know the MD5 hash of the user's email address. Because hashing is a one-way function, you must have access to the email address in the first place. MD5 is considered broken so I would suggest SHA-256 and the use of a 'salt' added to the hash to increase the difficulty of rainbow table or dictionary attacks.
Pavatar (Patient Avatar):
But instead of email address, we could link it to a patient's NHS number. A national central web service (an API) on HSCN would exist so that any EPR, PAS or other system could obtain a patient avatar photo.
Clearly, Gravatar is by design completely open, which is less secure (although the namespace for requesting random images is huge, so unlikely to be compromisable in a practical amount of time) but we could make it so that requesting systems needed to be registered and have an API key, this would make things much more secure.
Hosting on N3/HSCN - again this cuts down the access that 'bad actors' could get.
NHS Numbers bear no relationship to any other parameter of the patient - so that other factors such as patient name, DOB, address are of no help if trying to guess the NHS number.
The text was updated successfully, but these errors were encountered:
although the namespace for requesting random images is huge, so unlikely to be compromisable in a practical amount of time
The namespace of a SHA256 is huge but the namespace of all possible NHS numbers is only about 10^10, with approx 10^8 valid NHS numbers in existence one could expect the hash of a guessed NHS number to return a valid Pavatar endpoint 1 guess out of 10^2 - quite easy. It would take a modern GPU seconds to minutes to generate the SHA-256 hash of every possible NHS number. (10^10/3000 Mh/s)
I think it would make sense to add something to the NHS Number before hashing, as a 'salt' (although it wouldn't be a true salt as it would have to be known to the client) or otherwise. Maybe Date of Birth?
In the NHS there has been discussion about ways to enable a patient photo to be obtained by legitimate care systems, to enable safer identification of the correct patient, and to help make healthcare more 'human-scale' when dealing with electronic patient records.
Gravatar does this already...
Gravatar (Globally Recognised Avatar) stores an image of the user, but it is only accessible if you know the MD5 hash of the user's email address. Because hashing is a one-way function, you must have access to the email address in the first place. MD5 is considered broken so I would suggest SHA-256 and the use of a 'salt' added to the hash to increase the difficulty of rainbow table or dictionary attacks.
Pavatar (Patient Avatar):
But instead of email address, we could link it to a patient's NHS number. A national central web service (an API) on HSCN would exist so that any EPR, PAS or other system could obtain a patient avatar photo.
NHS number: 123 456 7890
NHS number
SHA256 Hashed NHS number: c775e7b757ede630cd0aa1113bd102661ab38829ca52a6422ab782862f268646
Web request:
GET
https://nww.patient-avatar.nhs.uk/c775e7b757ede630cd0aa1113bd102661ab38829ca52a6422ab782862f268646Response:
200 OK
and image fileAdditional security:
The text was updated successfully, but these errors were encountered: