So, what is to stop someone at a hospital somewhere clicking the 'patient has given consent' button to get free access to all of your medical records?
The problem with the security model you give is that there is no authentication of you, the patient, at any point. Short of everyone going around with a RFID chip in their arm, or carrying an ID card around with them 24/7, this is not technically possible.
The only alternative I can think of would be the use of biometrics, and this fails for a number of reasons, for example:
- people in hospital are likely to be injured or seriously ill in some way, is it a good idea to wheel them up to an 'ID terminal' to take their 'biometric signature' before actually treating them in any way?
- current biometrics such as iris scans, etc. have appreciable false positive and false negative rates. Scale these up to the entire population, and the proportionate risk of misidentification scales up.
- performing biometric scans are quite likely to be impossible in many situations. Using the example of the iris scan again, in an eye hospital the very conditions the patients are presenting with are going to prevent the biometric being taken.
Unfortunately, for any such medical database to provide the services being touted, there exists the necessity for a large number of users to have access to the system, in an equally large number of locations. Short of having military-style security (which is unlikely to work anyway) in all hospitals, GP surgeries, drop-in centres etc., etc. this is always going to have security holes.
So, you claim, "I would find it quite comforting to think that if I were on holiday in another part of the country, or even another part of Europe, or the world, a Doctor could bring up my details."
My counter-claim, is that I find it deeply disturbing that an another part of the country, or even another part of Europe, or the world, a doctor, a nurse, a hospital database administrator, a random member of the public passing an unsecured terminal, or even a politician or civil servant could bring up personal, private, potentially embarrassing details about me from an all-encompassing system without my consent.