If you have some personal data that includes your patient number, why not have a card that instead lists your important data? "This patient is diabetic, alergic to amoxicillin, and has Gold Cross insurance." The amount of important data that an ER needs is small. There is small benefit to building a huge infrastructure to get that data carted around. Also, in ERs, the computers are often authorized the same way everything else is: a nurse will tell you to leave if you don't belong there. At Defcon, Bruce Schneier was talking about the value stored in casino chips. Its sttaggering. Its an alternate cash system, with a huge float, astounding velocity, and very little fraud. Transaction costs are low, clearing is instantaneous. The comparison is fairly clear. Adam Thomas M. Swiss wrote: | I very much want hospitals to have fast access to my medical data if | my broken and bleeding body should come through their door, even if I am | unconscious and my personal physician cannot be reached. On the other hand, | I don't want anyone to be snooping through them right now. | So, what if my records were available on the net, but encrypted with a | an key known to my physician and an escrow agency? (Equivalently, they | could be on that smartcard, but encrypted.) If an emergency occurs, the | hospital fetches my encrypted records from my physician's server, then | sends a message (signed with the hospital's key) to Keys R Us, the escrow | agent, saying "This is Dr. McCoy at Frobnitz Memorial Hospital, we need the | key for FooBar Medix, Inc., patient number 147258369." (My FooBar Medix, | Inc., insurance card lists my physician's server, the escrow agency, and my -- "It is seldom that liberty of any kind is lost all at once." -Hume