Applying new thinking from the linked and emerging fields of digital identity and privacy to information governance in health informatics

John Harrison, Nick Booth


Recent work in the emerging field of network or digital identity suggests a new approach to the design of informatics systems, in which the individual becomes the guardian of their own personal data, and is assisted in controlling access to it by an infrastructure that is aware of roles, such as 'doctor', and relationships, such as 'doctor_patient'. For these purposes, an 'identity' is defined as the history of a relationship between two entities, and thus encompasses not only name and address but also data that would usually be regarded as part of an electronic patient or health record. This paper presents a description of how such a true person-centric architecture might work, and shows how it can be seen as an evolution of current plans in the NHS for a national patient data spine. One application, the electronic transmission of prescriptions, is described in detail. Other applications, both within and without the healthcare field, are described in outline. The implementation of such a person-centric system requires a modest degree of technical innovation, but significant change in organisational and business models. It is suggested that there is a need for one or more not-for-profit trusts, each with a remit to act as host for an individual's digital identity, and as the individual's true agent. Service providers - such as healthcare organisations - will pay the trust for provision of authentication, and for the storage and transmission of a patient's data; the trust in turn will pay implementation partners, such as smart card issuers and providers of communication channels, acting on behalf of the individual.


digital identity; network identity; person-centric

Full Text:




  • There are currently no refbacks.

This is an open access journal, which means that all content is freely available without charge to the user or their institution. Users are allowed to read, download, copy, distribute, print, search, or link to the full texts of the articles in this journal starting from Volume 21 without asking prior permission from the publisher or the author. This is in accordance with the BOAI definition of open accessFor permission regarding papers published in previous volumes, please contact us.

Privacy statement: The names and email addresses entered in this journal site will be used exclusively for the stated purposes of this journal and will not be made available for any other purpose or to any other party.

Online ISSN 2058-4563 - Print ISSN 2058-4555. Published by BCS, The Chartered Institute for IT