In message <000901c56493$f23c85f0$0201a8c0@tower>, Simon Child
<[log in to unmask]> writes
>
>As I understand it, once you have a card (with an appropriate role e.g. GP)
>then you can access any data on the spine. The restrictions on access are
>not by blocking access but by auditing access, relying on notion that any
>illicit browsing that you do will be recorded and you will be punished. Of
>course that all falls apart once a card and matching pin number are lost,
>since then the audit trail will faithfully record what the finder of the
>card accessed but will not have stopped their accessing it, and will not
>tell you who they are so that you can go and tell them off.
Good point.
Has anyone seen any procedures for reporting (and blocking) lost or
stolen smartcards and PINs - including any means of checking that the
loss is genuine? I.e. that the person reporting a loss (and presumably
requesting a replacement) is the individual concerned, not an impostor?
After all, it would be very awkward if someone stole your NHS ID!
In the case above, presumably *you* would be told off for the illicit
use of your lost/stolen card...
MaryH
PS are *all* PCTs sticking the PIN on the back of the card?
>
--
Mary Hawking
|