Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.3 alpha 4/15/85; site spectrix.UUCP Path: utzoo!mnetor!yetti!spectrix!clewis From: clewis@spectrix.UUCP (Chris Lewis) Newsgroups: can.general Subject: Re: SIN's (was borrowed records) Message-ID: <202@spectrix.UUCP> Date: Thu, 27-Nov-86 11:53:31 EST Article-I.D.: spectrix.202 Posted: Thu Nov 27 11:53:31 1986 Date-Received: Thu, 27-Nov-86 17:48:56 EST References: <623@water.UUCP> <192@spectrix.UUCP> <497@ubc-cs.UUCP> <12211@watnot.UUCP> <504@ubc-cs.UUCP> <637@water.UUCP> Reply-To: clewis@spectrix.UUCP (Chris Lewis) Distribution: can Organization: Spectrix Microsystems Inc., Toronto, Ontario, Canada Lines: 67 In article <637@water.UUCP> jmlang@water.UUCP (Jerome M Lang) writes: >In article <504@ubc-cs.UUCP> manis@ubc-cs.UUCP (Vincent Manis) writes: >>... The mapping from SIN to identity is supposed to be greatly >>controlled (and that's why the theft of Revenue Canada records is so >>serious). > >I am not sure of the validity of the next sentence but I heard that >it was true. There are more SIN in use than there are people in the country. Yes, mapping from SIN to identity (and vice-versa) is supposed to be very tightly controlled. But, the accuracy of the mapping is relatively poor - many people have more than one, many people don't have any etc. To give an indication of how bad - Medical research and other health organizations have been pushing for a universal health identifier (at least in Ontario). At one point they were pushing for the use of the SIN number because it is already in existence. However, the general consensus is now that the SIN number was too laxly regulated, and is now fairly useless for use in the health system - even for research, but especially for treatment. Not to mention the confidentiality issues (linking of health and non-health info). OHIP numbers are *MUCH* worse - one woman in Ontario was found to have 13 numbers! One family had over a hundred members! (crashed the OHIP computer a couple of times) Sweden has introduced a universal health identifier so that all health records can be linked together to provide the best possible health care along with very accurate research (mostly statistical - they don't care about the individual's ID per-se, only so that they can track data "elements" thru the system). Before Sweden introduced this, however, they had to put in place some pretty strong controls: 1) There is a Data Control Dept. who issues licenses to organizations allowing them to use the health id. Any organization or individual asking for the id without this license (which had to be producable on demand) is subject to penalty. 2) Each database using this id *must* be approved by the Dept. Considered are: use of data, data security, security clearances of personnel etc. 3) Each linkage between databases *must* be approved by the Dept. 4) All rulings made by the Dept are public knowledge (except rulings on individual's records, which are done in camera), and can be appealed. 5) All databases containing information are contained in registrys which also include the database "schemas". 6) Each individual has the right to demand at no cost to themselves a copy of their own record in any of these databases. If the individual has a quarrel with any item in the database, the database maintainer is obligated to reevaluate the data and modify or delete the item as necessary. The maintainer's actions can be appealed to the Data Control Dept. 7) There is even an established plan for the destruction of the primary databases (mapping databases, main hospital and govt. agency) in the event of foreign takeover! Generally speaking, the Health Records Commission approved of the implementation of a universal ID, provided that: 1) controls were set in place similar to Sweden to control the growth, usage and security of the id within the health sector 2) Legislation enacting this id must absolutely deny the use of this id for purposes other than health care and research. 3) The SIN number was *not* used. -- Chris Lewis Spectrix Microsystems Inc, UUCP: {utzoo|utcs|yetti|genat|seismo}!mnetor!spectrix!clewis ARPA: mnetor!spectrix!clewis@seismo.css.gov Phone: (416)-474-1955