Health Smart Cards Looking Back and Looking Forward

1
Health Smart Cards Looking Back and Looking
Forward

• Daniel L. Maloney
• Director, Emerging Technologies
• Department of Veterans Affairs, VHA
• Silver Spring, MD., U.S.A.
• daniel.maloney_at_med.va.gov
• http//www.va.gov/
• http//www.va.gov/card/

2
Overview

• Overview of Health Cards
• Overview of Projects
• Major Influencing Events
• A VA Future Vision

3
The Department of Veterans Affairs

• 27 Million Veterans and 43 Million dependents
• Nearly one-third of the nations population are
  potentially eligible for VA benefits, includes
  dependents
• Second largest of the 14 Cabinet departments
• Facilities in all 50 states, Washington D.C.,
  Puerto Rico and the Philippines
• Nations largest medical system with 159
  hospitals, 129 nursing homes, 35 domiciliaries
  and 362 outpatient clinics
• 58 regional Benefit offices providing monetary,
  disability, pension, educational and vocational
  rehabilitation benefits
• 13 million home loans, and the nations largest
  insurance programs
• 114 national cemeteries

4
Roles for a Card

• Multiple roles including
• Visual Identification
• Secure and Portable Carrier for Keys, Data and/or
  Pointers to Data
• Enable Portability of credentials and data
  between systems or organizations
• Electronic Identification (Keys and certificates)
  for logical access, digital signature and
  physical access
• Electronic Payment - insurance or e-cash
• Two Keys /Cards Required model - patient and
  doctor cards to modify data located either on the
  card or on the network

5
Major Concepts

• Card functions as part of the System
• Works with the networked data
• As the Network improves, the location of the data
  can change
• Network means Local and World Wide Network
  (Internet)
• Continuum with Essential data on card
• Many applications can be supported
• What critical Business Problem do YOU need to
  solve?

6
Major Trends

• The Web Changes Everything
• Electronic Service Delivery and EDI save time,
  money for customer AND the corporation
• As more data is available on the network privacy
  and security become more important
• Major obstacle - User authentication, Security
  and Privacy
• Providers and Consumers interact from many
  locations Providers and Consumers need
  portability
• Focus on Customer Convenience /Humanize
  Interactions

7
(No Transcript)
8
Major Solutions

• Make information and services available through
  the Web
• Address User authentication, Security and Privacy
  with Keys, Public /Private Key Infrastructure,
  encryption and Digital Signature
• Make Keys Portable and Secure by carrying them in
  a Smart Card
• Carry Data on Card that is either Essential or
  will Result in Customer Convenience or
  Efficiencies
• Design Privacy, Security and User Opt In into
  they systems from the beginning
• Multiple use of Data through Standards
• Multi-application cards reduce the cost per
  program

9
Experience

• Data Base Card systems Medical Records,
  Emergency Cards, Specialty Data Bases (Maternity,
  Dialysis)
• Successful, but have not expanded
• Obstacles
• Standards
• Data Base Updates
• Large User Base
• Infrastructure
• Costs

10
EUROCARDS Framework

• The EUROCARDS Framework is a European Union (EU)
  Advanced Informatics in Medicine (AIM) Concerted
  Action on Data Card Applications in the
  Healthcare system
• Created in late 1993
• Final reports delivered in 1995
• Developed a technical, social and legal framework
  for data card applications
• European Union (EU) -Austria, Belgium, Britain,
  Denmark, Finland, France, Germany (originally
  West Germany), Greece, Ireland, Italy,
  Luxembourg, the Netherlands, Portugal, Spain, and
  Sweden

11
EUROCARDS Framework

• EUROCARDS priority for implementation
• Administrative Cards and the creation of the
  infrastructure (readers, workstations)
• Healthcare Professional Cards as a means of
  enhancing Security
• Emergency Cards for national and international
  purposes
• Patient Cards containing medical and
  pharmaceutical information, or pointers to the
  data

12
G-8 Healthcare Data Card Project

• G-8 Member Countries are Canada, France, Germany,
  Italy, Japan, Russia, United Kingdom, United
  States.
• Two pilot areas were initially identified for a
  global project approach
• an international emergency card with an
  international harmonized emergency and
  administrative data set
• an international professional card that will
  allow the secure identification of healthcare
  professionals when accessing medical data and
  network services

13
G-8 Healthcare Data Card Project

• the card is a carrier of data where the
  telematic infrastructure is not available, the
  patient, moving from one point of care to the
  other, and carrying in a card his/her own data
  and pointers to remote databases, actually makes
  a sort of "virtual" flexible infrastructure that
  can substitute and complement a more physical
  infrastructure (cabled or wireless).
• the card is a key to access the network both the
  patient's card, containing the pointers to
  federate remote data bases, and the doctor's
  professional card, containing the profile of the
  user and the associated rights to access the
  system and its services, constitute essential
  elements for the overall networked system.

14
G-8 Healthcare Data Card Project

• Plans for Technical Interoperability - The
  functional goal is to allow data to be exchanged
  between different projects in multiple countries
  using equipment and cards from multiple vendors
• Multiple levels of standardization are required -
  Standard in areas of Nomenclature, Data Sets for
  emergency data, data sets for administrative
  data, and Standards related to various aspects of
  security
• More information and links at http//www.va.gov/ca
  rd/ and http//www.sesam-vitale.fr/Projects/Netlin
  k-G7-En/

15
Germany

• Germany has completed a project distributing 80
  million cards to all citizens during 1994 and
  1995, along with the reader/printer
  infrastructure
• Memory chip cards used for insurance
  identification.
• Printing of Health Insurance forms
• Options for electronic submission to insurance
  fund, eliminating paper and reducing insurance
  processing costs

16
French Health Patient Card - Vitale

• Vitale 1 French Insurance Card
• 42 million family insurance cards were
  distributed in 1998 and 1999
• ID and Administrative data
• Vitale 2 - French patient data card
• patient card with medical data pilots in 1998
• plan for 60 million card distribution starting in
  the next few years
• Emergency Data Sets goal of compatible with G-8
  framework

17
The French Health Professional Card - Carte "CPS"

• 2 Pilots for CPS Health Professional Card
• CPS Health Professional Card with crypto chip to
  be distributed with a total of 300,000 cards
• Goals similar to patient card (simplicity,
  reliable information Confidentiality, limitation
  of frauds)
• Electronic Reimbursement
• Access key to the Healthcare Intranet
• Access key to the medical data set on the patient
  card

18
Netlink Project

• The NETLINK project aims at establishing
  recommendations and technical specifications for
  
• Health Professionals to access to Patient Data
  Cards (free and controlled access to data stored
  in Patient cards)
• Health Professionals to securely exchange
  documents (including digital signature and
  confidentiality services)
• Health Professionals secure access to on-line
  servers
• Involves smart cards (used by Health
  Professionals and Patients), computers (used by
  Health Professionals, Hospitals, Health Insurance
  Funds), large networks, and Security
  architectures including data encryption
• France, Germany, Italy and Quebec Canada

19
Western Governors Association Health Passport
Project

• Objectives Improve Delivery of Benefits
• Lower Administrative Barriers to Care, and
• Improve Data sharing Between Programs
• RFP for system with 25,000 cards awarded in June
  97
• Phased launch began in May 1999
• Locations - Nevada, North Dakota, Wyoming
• Preventative Health Care Programs
• Womens Infant and Children (WIC)
• Medicaid Eligibility (EPSDT)
• Immunizations
• Head Start
• Maternal and Child Health
• URL http//www.westgov.org/hpp

20
Secure Collaborative Telemedicine Over Public
Networks

• West Virginia University in Morgantown, West
  Virginia under NLM Grant
• Secure and private Telemedicine involves policy,
  administration, regulation and technology systems
• Building on standards including G-8 1996
• Health professional cards are required for use of
  secure Telemedicine applications
• Includes role-based information access to data on
  patient cards
• Emergency room physicians will have web based
  access to their patients electronic medical
  records
• Authentication based on Digital Certificates
  (PKI)
• URL http//www.cerc.wvu.edu/nlm/telemedicine.html

21
Department of Defense

• Navy lead agency for DoD deploying smart cards
• DoD decision to convert ID card to smart card to
  carry PKI keys and space for data (Nov 10 1999
  memo)
• Will distribute to 4 million active military by
  2002
• MARC
• Multifunction and Multi-technology card
• Testing in Hawaii and used for deployment
• 50,000 cards in use
• Smart Card, bar code, magnetic stripe, picture,
  signature block and embossed characters
• Non Medical Functions include manifesting and
  deployment, food services and security
• Medical Information includes Identification,
  Emergency Data, Blood Type, Immunizations,
  Allergies and Registration
• Highly successful program

22
The Veteran ID Card

• Photo Image
• SC Indicator
• Barcode
• Embossed Info
• Name
• SSN, DOB
• MAG Stripe
• 1-800 Number

23
Department of Veterans Affairs - Pilot of Secure
Access from Internet

• Strong Authentication with smart card to control
  access from Internet to selected VA networked
  Resources
• Levels of Control by person, by target resource
  (system, directory, file or URL), and by protocol
• Pilot began in May 1998
• 60 users for telnet, web access, FTP, Exchange
  mail, pcAnywhere, Citrix
• Some users from other government agencies and
  business partners
• Plans to migrate to system that uses PKI

24
Influencing Events

• Health Insurance Portability and Accountability
  Act of 1996 (PL 104-191) - HIPAA (URL
  http//aspe.os.dhhs.gov/admnsimp/)
• HHS responsible for identifying or developing
  EDI, privacy and security standards
• Standards Groups have accelerated activities
• Privacy Guidelines - HHS published new Heath
  Information Privacy Regulation as mandated by
  HIPAA.
• Health Care Financing Administration - HCFA
  Internet Policy (URL http//www.hcfa.gov/ )
• U.S. General Services Administration (GSA)
  Government wide contract for cards and card
  Services from the GSA Smart card technology
  program (URL http//smart.gov/ )
• National Research Council report For the Record
  Protecting Electronic Health Information - March
  5, 1997
• password or PIN in conjunction with a token

25
Influencing Events

• Digital Signature
• Government Paperwork Elimination Act (GPEA) (URL
  http//www.whitehouse.gov/OMB/fedreg/gpea.html )
• electronic business transactions
• electronic signature
• State digital signature legislation
• Other
• Microsoft support of smart cards
• American Express Blue Card - the first nationally
  available credit card with a computer chip
• Washington Metro rechargeable chip card

26
Influencing Events

• PKI
• Connecticut Hospital Association - CHIME (URL
  http//www.chime.org/ )
• Tunitas Groups Healthcare PKI Project - (URL
  http//www.tunitas.com/pages/PKI/pki.htm )
• Federal PKI Steering Committee (URL
  http//www.gits-sec.treas.gov/pkisteer.htm )
• GSA ACES contract (URL http//www.gsa.gov/aces/ )
  
• American Society for Testing and Materials (ASTM)
  E31.20 Healthcare PKI (URL http//www.astm.org/)
• E31.17 Privacy, Confidentiality and Access
• E31.20 Data and System Security for Health
  Information

27
Smart Health Cards and the Web

• MedicAlert
• Summer of 2000 will introduce an Internet based
  Emergency Medical Record.
• MedicAlert Foundation currently serves 2.7
  million members in the United States
• Emergency record will be on Web and on the
  members smart card
• Smart card will also connect and log on to Web
  record
• Humana, WebMD and Microsoft
• Lifestream
• University Of Illinois Medical Records and
  Prescription Ordering

28
Building a VA Future Vision

• The Veterans Card
• G-8 / Netlink demonstration systems
• Interoperability so that the appropriate data can
  be read everywhere
• The Veterans Electronic Passport /Keys
• VA PKI (http//www.va.gov/vapki.htm)
• To enable privacy, security, access and
  electronic service delivery
• The Veterans Private Web Record
• VA Health eVet and VA Health eVAult Project
  (http//www.health-evet.va.gov)
• To empower the veteran to better understand and
  control their health

29
(No Transcript)
30
(No Transcript)