Title: Health Smart Cards Looking Back and Looking Forward
1Health Smart Cards Looking Back and Looking
Forward
- Daniel L. Maloney
- Director, Emerging Technologies
- Department of Veterans Affairs, VHA
- Silver Spring, MD., U.S.A.
- daniel.maloney_at_med.va.gov
- http//www.va.gov/
- http//www.va.gov/card/
2Overview
- Overview of Health Cards
- Overview of Projects
- Major Influencing Events
- A VA Future Vision
3The Department of Veterans Affairs
- 27 Million Veterans and 43 Million dependents
- Nearly one-third of the nations population are
potentially eligible for VA benefits, includes
dependents - Second largest of the 14 Cabinet departments
- Facilities in all 50 states, Washington D.C.,
Puerto Rico and the Philippines - Nations largest medical system with 159
hospitals, 129 nursing homes, 35 domiciliaries
and 362 outpatient clinics - 58 regional Benefit offices providing monetary,
disability, pension, educational and vocational
rehabilitation benefits - 13 million home loans, and the nations largest
insurance programs - 114 national cemeteries
4Roles for a Card
- Multiple roles including
- Visual Identification
- Secure and Portable Carrier for Keys, Data and/or
Pointers to Data - Enable Portability of credentials and data
between systems or organizations - Electronic Identification (Keys and certificates)
for logical access, digital signature and
physical access - Electronic Payment - insurance or e-cash
- Two Keys /Cards Required model - patient and
doctor cards to modify data located either on the
card or on the network
5Major Concepts
- Card functions as part of the System
- Works with the networked data
- As the Network improves, the location of the data
can change - Network means Local and World Wide Network
(Internet) - Continuum with Essential data on card
- Many applications can be supported
- What critical Business Problem do YOU need to
solve?
6Major Trends
- The Web Changes Everything
- Electronic Service Delivery and EDI save time,
money for customer AND the corporation - As more data is available on the network privacy
and security become more important - Major obstacle - User authentication, Security
and Privacy - Providers and Consumers interact from many
locations Providers and Consumers need
portability - Focus on Customer Convenience /Humanize
Interactions
7(No Transcript)
8Major Solutions
- Make information and services available through
the Web - Address User authentication, Security and Privacy
with Keys, Public /Private Key Infrastructure,
encryption and Digital Signature - Make Keys Portable and Secure by carrying them in
a Smart Card - Carry Data on Card that is either Essential or
will Result in Customer Convenience or
Efficiencies - Design Privacy, Security and User Opt In into
they systems from the beginning - Multiple use of Data through Standards
- Multi-application cards reduce the cost per
program
9Experience
- Data Base Card systems Medical Records,
Emergency Cards, Specialty Data Bases (Maternity,
Dialysis) - Successful, but have not expanded
- Obstacles
- Standards
- Data Base Updates
- Large User Base
- Infrastructure
- Costs
10EUROCARDS Framework
- The EUROCARDS Framework is a European Union (EU)
Advanced Informatics in Medicine (AIM) Concerted
Action on Data Card Applications in the
Healthcare system - Created in late 1993
- Final reports delivered in 1995
- Developed a technical, social and legal framework
for data card applications - European Union (EU) -Austria, Belgium, Britain,
Denmark, Finland, France, Germany (originally
West Germany), Greece, Ireland, Italy,
Luxembourg, the Netherlands, Portugal, Spain, and
Sweden
11EUROCARDS Framework
- EUROCARDS priority for implementation
- Administrative Cards and the creation of the
infrastructure (readers, workstations) - Healthcare Professional Cards as a means of
enhancing Security - Emergency Cards for national and international
purposes - Patient Cards containing medical and
pharmaceutical information, or pointers to the
data
12G-8 Healthcare Data Card Project
- G-8 Member Countries are Canada, France, Germany,
Italy, Japan, Russia, United Kingdom, United
States. - Two pilot areas were initially identified for a
global project approach - an international emergency card with an
international harmonized emergency and
administrative data set - an international professional card that will
allow the secure identification of healthcare
professionals when accessing medical data and
network services
13G-8 Healthcare Data Card Project
- the card is a carrier of data where the
telematic infrastructure is not available, the
patient, moving from one point of care to the
other, and carrying in a card his/her own data
and pointers to remote databases, actually makes
a sort of "virtual" flexible infrastructure that
can substitute and complement a more physical
infrastructure (cabled or wireless). - the card is a key to access the network both the
patient's card, containing the pointers to
federate remote data bases, and the doctor's
professional card, containing the profile of the
user and the associated rights to access the
system and its services, constitute essential
elements for the overall networked system.
14G-8 Healthcare Data Card Project
- Plans for Technical Interoperability - The
functional goal is to allow data to be exchanged
between different projects in multiple countries
using equipment and cards from multiple vendors - Multiple levels of standardization are required -
Standard in areas of Nomenclature, Data Sets for
emergency data, data sets for administrative
data, and Standards related to various aspects of
security - More information and links at http//www.va.gov/ca
rd/ and http//www.sesam-vitale.fr/Projects/Netlin
k-G7-En/
15Germany
- Germany has completed a project distributing 80
million cards to all citizens during 1994 and
1995, along with the reader/printer
infrastructure - Memory chip cards used for insurance
identification. - Printing of Health Insurance forms
- Options for electronic submission to insurance
fund, eliminating paper and reducing insurance
processing costs
16French Health Patient Card - Vitale
- Vitale 1 French Insurance Card
- 42 million family insurance cards were
distributed in 1998 and 1999 - ID and Administrative data
- Vitale 2 - French patient data card
- patient card with medical data pilots in 1998
- plan for 60 million card distribution starting in
the next few years - Emergency Data Sets goal of compatible with G-8
framework
17The French Health Professional Card - Carte "CPS"
- 2 Pilots for CPS Health Professional Card
- CPS Health Professional Card with crypto chip to
be distributed with a total of 300,000 cards - Goals similar to patient card (simplicity,
reliable information Confidentiality, limitation
of frauds) - Electronic Reimbursement
- Access key to the Healthcare Intranet
- Access key to the medical data set on the patient
card
18Netlink Project
- The NETLINK project aims at establishing
recommendations and technical specifications for
- Health Professionals to access to Patient Data
Cards (free and controlled access to data stored
in Patient cards) - Health Professionals to securely exchange
documents (including digital signature and
confidentiality services) - Health Professionals secure access to on-line
servers - Involves smart cards (used by Health
Professionals and Patients), computers (used by
Health Professionals, Hospitals, Health Insurance
Funds), large networks, and Security
architectures including data encryption - France, Germany, Italy and Quebec Canada
19Western Governors Association Health Passport
Project
- Objectives Improve Delivery of Benefits
- Lower Administrative Barriers to Care, and
- Improve Data sharing Between Programs
- RFP for system with 25,000 cards awarded in June
97 - Phased launch began in May 1999
- Locations - Nevada, North Dakota, Wyoming
- Preventative Health Care Programs
- Womens Infant and Children (WIC)
- Medicaid Eligibility (EPSDT)
- Immunizations
- Head Start
- Maternal and Child Health
- URL http//www.westgov.org/hpp
20Secure Collaborative Telemedicine Over Public
Networks
- West Virginia University in Morgantown, West
Virginia under NLM Grant - Secure and private Telemedicine involves policy,
administration, regulation and technology systems - Building on standards including G-8 1996
- Health professional cards are required for use of
secure Telemedicine applications - Includes role-based information access to data on
patient cards - Emergency room physicians will have web based
access to their patients electronic medical
records - Authentication based on Digital Certificates
(PKI) - URL http//www.cerc.wvu.edu/nlm/telemedicine.html
21Department of Defense
- Navy lead agency for DoD deploying smart cards
- DoD decision to convert ID card to smart card to
carry PKI keys and space for data (Nov 10 1999
memo) - Will distribute to 4 million active military by
2002 - MARC
- Multifunction and Multi-technology card
- Testing in Hawaii and used for deployment
- 50,000 cards in use
- Smart Card, bar code, magnetic stripe, picture,
signature block and embossed characters - Non Medical Functions include manifesting and
deployment, food services and security - Medical Information includes Identification,
Emergency Data, Blood Type, Immunizations,
Allergies and Registration - Highly successful program
22The Veteran ID Card
- Photo Image
- SC Indicator
- Barcode
- Embossed Info
- Name
- SSN, DOB
- MAG Stripe
- 1-800 Number
23Department of Veterans Affairs - Pilot of Secure
Access from Internet
- Strong Authentication with smart card to control
access from Internet to selected VA networked
Resources - Levels of Control by person, by target resource
(system, directory, file or URL), and by protocol - Pilot began in May 1998
- 60 users for telnet, web access, FTP, Exchange
mail, pcAnywhere, Citrix - Some users from other government agencies and
business partners - Plans to migrate to system that uses PKI
24Influencing Events
- Health Insurance Portability and Accountability
Act of 1996 (PL 104-191) - HIPAA (URL
http//aspe.os.dhhs.gov/admnsimp/) - HHS responsible for identifying or developing
EDI, privacy and security standards - Standards Groups have accelerated activities
- Privacy Guidelines - HHS published new Heath
Information Privacy Regulation as mandated by
HIPAA. - Health Care Financing Administration - HCFA
Internet Policy (URL http//www.hcfa.gov/ ) - U.S. General Services Administration (GSA)
Government wide contract for cards and card
Services from the GSA Smart card technology
program (URL http//smart.gov/ ) - National Research Council report For the Record
Protecting Electronic Health Information - March
5, 1997 - password or PIN in conjunction with a token
25Influencing Events
- Digital Signature
- Government Paperwork Elimination Act (GPEA) (URL
http//www.whitehouse.gov/OMB/fedreg/gpea.html ) - electronic business transactions
- electronic signature
- State digital signature legislation
- Other
- Microsoft support of smart cards
- American Express Blue Card - the first nationally
available credit card with a computer chip - Washington Metro rechargeable chip card
26Influencing Events
- PKI
- Connecticut Hospital Association - CHIME (URL
http//www.chime.org/ ) - Tunitas Groups Healthcare PKI Project - (URL
http//www.tunitas.com/pages/PKI/pki.htm ) - Federal PKI Steering Committee (URL
http//www.gits-sec.treas.gov/pkisteer.htm ) - GSA ACES contract (URL http//www.gsa.gov/aces/ )
- American Society for Testing and Materials (ASTM)
E31.20 Healthcare PKI (URL http//www.astm.org/) - E31.17 Privacy, Confidentiality and Access
- E31.20 Data and System Security for Health
Information
27Smart Health Cards and the Web
- MedicAlert
- Summer of 2000 will introduce an Internet based
Emergency Medical Record. - MedicAlert Foundation currently serves 2.7
million members in the United States - Emergency record will be on Web and on the
members smart card - Smart card will also connect and log on to Web
record - Humana, WebMD and Microsoft
- Lifestream
- University Of Illinois Medical Records and
Prescription Ordering
28Building a VA Future Vision
- The Veterans Card
- G-8 / Netlink demonstration systems
- Interoperability so that the appropriate data can
be read everywhere - The Veterans Electronic Passport /Keys
- VA PKI (http//www.va.gov/vapki.htm)
- To enable privacy, security, access and
electronic service delivery - The Veterans Private Web Record
- VA Health eVet and VA Health eVAult Project
(http//www.health-evet.va.gov) - To empower the veteran to better understand and
control their health
29(No Transcript)
30(No Transcript)