How are smart cards used in health care?
|
Smart cards provide a convenient and secure medium for storing medical information. Medical applications of smart cards can be divided into six broad categories based on the type and amount of information being stored:
|
 |
Where are medical smart cards being used today?
There is nothing new about the idea of medical smart cards. This is the basic healthcare information technology strategy of several European countries. In Europe, smart card technology is a $2-3 billion industry. Smart cards are core components in European cellular phone networks, they are used in banking, for stored value in pay phones, for public transportation, and even for concessions at sporting events. In healthcare, the technology has been extremely successful, accounting for around 10% of total annual sales, or roughly 50 million cards per year.
Smart card technology is central to the national health programs of France, Germany, Austria, Belgium, the Czech Republic, and Ireland.
How do these national smart card programs work?
Most national smart card programs are currently focused on payment, but approaches vary from country to country. Take France and Germany for example. Even though they share a common goal, the two countries have very different systems. France has devoted their resources to create a sophisticated insurance payment system that assures data confidentiality, integrity, authentication, and security. It includes features that are only provided by smart card technology, such as built in encryption and electronic signature abilities. They are currently piloting this microprocessor-chip smart card system in four French cities.
Germany chose to develop a more basic system than France's. It uses very inexpensive 256-byte memory cards. Since theirs took less time to develop, the German system is now fully implemented, and the entire population of nearly 80 million Germans is carrying the cards.
The main concerns addressed by the German system are patient identification and the elimination of duplicate records. The data being stored on the German Health Insurance Card consists of the ID of the insurance and the insured person, his/her name and address, date of birth, and the status and date of expiration. This could have easily been done with magnetic stripe technology. Instead, Germany found that chip cards were less expensive when they considered how quickly the magnetic stripe card infrastructure would have to be replaced or supplemented with the equipment necessary to communicate with smart cards. (See Dr. O. Shaefer, "Introduction of Chip Technology to Health Administration & Medicine in Germany." World Card Technology Magazine, Vol. 1, Issue 3, June 1995, pp. 16-17.)
If insurers and healthcare providers in the United States were as informed as Germany, every healthcare transaction automation system sold would be based on smart card technology.
Doesn't putting medical information on smart cards create privacy concerns? What about HIPAA?
Any time you store medical information electronically there is concern about patient privacy. While a security breach of a clinic using paper records might involve hundreds of records (i.e. all the information that a person might carry out), a security breach of electronic medical records might involve hundreds of thousands of records, and go unnoticed. However, Microprocessor chip smart cards offer unparalleled security features. This is the main reason that the banking industry has invested so much in smart cards over the last few years.
The fundamental idea behind HIPAA's (The Health Insurance Portability and Accountability Act of 1996) privacy rules is increasing patient control of the dissemination of their healthcare information. Smart card technology affords the opportunity to give patients actual physical possession of the keys that unlock their private healthcare information. Smart card systems have the potential to exceed HIPAA privacy rules to the ultimate extent possible.
In addition, Health Card Technologies, Inc. makes the following pledge:
- Health Card Technologies will allow patients discretion in limiting access to portions of their most sensitive medical information, particularly where there is no compelling reason to allow access.
- Patients may obtain their medical records and will be notified how the health and medical information in it is used.
- Health Card Technologies will not engage in the marketing of personal health or medical data and supports legislative efforts to prohibit this practice.
What happens when a patient loses their card?
Card backups assure that the smart card system offers the same level of convenience as any other. If cards are lost or stolen, they can quickly be replaced. (And if a card is stolen, the thief can't use it or read any sensitive information from it because it is password protected.)
If data stored on the cards is also stored on line as a backup, why do you need smart cards at all?
There is an enormous difference between relying on smart cards as the primary source for data, and relying on a remote on-line source. Since smart card backup information is only accessed when cards require replacement, very high security measures can be put in place without affecting the flow of information in the system. There are many other benefits that come from the fact that backups in a smart card system can be batch transmitted, minimizing system telecommunication costs.