Should email be unique across application users?
-
21-01-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian题
I am working on a medical application which will be implemented for USA patients and health providers.
I want that there should be only 1 record of a user without any duplication. And I believe that putting a unique constraint on email across the application solves this problem. Mobile number, address, and name are subjects to change, DOB is not unique, and I believe that email (verified) can uniquely and reliably identify a user. Am I right in this assumption? Or do you have any evidences that disprove this?
解决方案
If your goal is that ever person is unique accross your application, email is not a suitable constraint of uniqueness. Some people do not have an email address, some people share an email address (e.g. couples), and some people have multiple email addresses.
In the USA, the best unique constraint, and the one I most often see with banks, insurance, background checks, etc. is social security number (SSN) + birthdate. Social security numbers are assigned to US citizens, residents and temporary workers. They're recycled after a person dies, so it's not good enough on its own. You should be careful about how you store SSNs. You should treat them as protected information because they can be used to steal a person's identity. They should not be stored in plaintext in a database. Further, patients and health providers may be reluctant to share this information with your system.
It's possible, however, in the health system for patients to be undocumented or otherwise not have a social security number. You may want to support this case in your system.
其他提示
No, email is not unique across application users. I once signed up for a free email service the day it was announced. I got an email address that was just my first name and the domain name. Later, they decided to start charging for their service. Since I didn't want to pay, I stopped using it. My email address on the service was recycled and now belongs to another user with the same first name who was willing to pay for it. It's entirely possible that I could have signed up for your service, then lost the address and then the new owner could also have signed up for your service. You would have no way to handle this if you required emails to be unique. Or worse, you could potentially end up sending private information about one person to another person.
