Industry Insights

Forward to Basics: Smart Cards for Patient Identity

Today many, including the Obama Administration and high ranking government officials from both sides of the political spectrum, believe one such area is the healthcare system. The basics of tracking heath records on paper or using antiquated methods proving eligibility and securing payment for services need to be reformed by introducing efficiencies such as electronic health records, moving the United States to a modern medical information infrastructure. The new basic requirements must improve the quality of patient care, reduce costs, minimize provider workflow and address the concerns and efficiencies required to justify investment.

Identity sits at the very core of this reform effort. Specifically, a healthcare identity management system which would be able to validate a person's identity would immediately introduce real benefits to healthcare delivery and the ability to control cost and reduce fraud.

To protect patient privacy and security, the time has come for the US' public and private insurers to issue chip-based, smart card electronic patient identity credentials. 

Most likely the health insurance card within the wallets of U.S. citizens today is made of paper or plastic and displays personally identifiable information such as your name, date of birth and gender. It probably does not have your photo on it, yet the US healthcare system uses this card for identity verification at point of service. There may be a barcode or a magnetic stripe on the card; these are to streamline the transaction process, but do not offer any privacy or security protection. In addition the magnetic stripe can be easily copied, introducing a number of fraud concerns like inaccurate medical records, medical errors and the risk and disturbingly growing trend of Medical Identity Theft (MIT).

The U.S. Department of Health and Human Services defines MIT as "the misuse of another individual's personally identifiable information such as name, date of birth, Social Security number, or insurance policy number to obtain or bill for medical services or medical goods." Given it is easily copied, the health insurance card may be putting users at risk and opening the doors for medical errors and fraudulent use.

About 20 years ago, even before the first generation of smart phones hit the market, smart cards were beginning to gain adoption around the world as a secure, standards-based, multipurpose identity credential providing high assurance that the credential belongs to the card bearer. Historically and today, smart cards are used as travel documents, government-issued IDs, health insurance cards, transit cards and driver licenses. In numerous well documented studies, organizations that issue smart card based identity credentials see a significant reduction in fraud and have enjoyed increased operational efficiencies.

To protect patient privacy and security, the time has come for US public and private insurers to issue chip-based, smart card electronic patient identity credentials. With an embedded microcontroller, smart cards have the unique ability to store large amounts of data, carry out their own on-card functions (e.g., encryption and mutual authentication) and interact intelligently with a smart card reader.

Smart cards offer a secure method of storing basic health information on the card like immunizations, allergies, blood type, emergency contact info, etc. Unlike the card in your wallet, a smart health insurance card can be used for identity assurance and strong authentication both physically (at the doctor's office) and virtually (logging into the insurer's web-based portal to make appointments and access personal health records). These are among the multitude of benefits and opportunities that U.S. citizens, including patients and healthcare providers alike, will one day be taken for granted as the new "basic".

Michael Magrath, business development director for the security division of Gemalto North America, is responsible for the strategic marketing, business development and government affairs activities in the government and healthcare sectors. Mr. Magrath develops and drives consensus on legislation and policy within technology, information security, privacy, and additional security-related public policy issues. In addition to supporting Gemalto's business and policy initiatives, Mr. Magrath is committed to consumer education and advocacy through Gemalto's online resource www.JustAskGemalto.com, which provides answers to consumer questions about how to better enjoy the conveniences of the digital world. He serves as vice chairman of the Smart Card Alliance's Healthcare Council and represents Gemalto on TechAmerica's Health IT Committee, the Health Record Banking Alliance, The Secure ID Coalition and TechAmerica's Information Security Committee. Mr. Magrath is also a member of the Healthcare Information and Management Systems Society (HIMSS) and is a Certified Smart Card Industry Professional (CSCIP).


About the Author




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.