Alliance: Smart cards should secure health records
03 June, 2013
category: Digital ID, Health, Smart Cards
The Smart Card Alliance Health Care Council submitted comments calling for smart card to be used to secure electronic health records. The comments were in response to a report from Republican Senators that examined health care IT adoption and some of the issues surrounding the systems.
“REBOOT: Re-examining the Strategies Needed to Successfully Adopt Health IT,” was released in April by Senators John Thune (R-S.D.), Lamar Alexander (R-Tenn.), Pat Roberts (R-Kan.), Richard Burr (R-N.C.), Tom Coburn (R-Okla.), and Mike Enzi (R-Wyo.). The paper details concerns with current health IT policy, including increased health care costs, lack of momentum toward interoperability, potential waste and abuse, patient privacy and long-term sustainability.
The Health Care Council submitted comments on the “Long-Term Questions on Data Security and Patient Safety Remain” section. The council points to problems with identity management and authentication as the major issues undermining the secure use of electronic records.
“There is a fundamental identity management and authentication problem in health care. We have no way to properly and securely identify patients and health care providers, match health care records and identify those that have authorized access to them,” said Michael Magrath, Gemalto, and chair of the Health care Council. “If we are going to do it right and architect a safe, secure, and interoperable health IT infrastructure, it is critically important to address both provider authentication and patient authentication concurrently.”
To solve the identity management problem, the council recommends the health care industry use existing federal initiatives and standards and move to smart card-based identity management and authentication. For healthcare providers, this can be accomplished in the form of PIV and PIV-I cards, smart card-based electronic identity credentials already used in several other government identity programs. For patients, identity management with smart health ID cards can improve patient quality of care, administrative efficiency, revenue collection and legislative compliance.
The council states that a patient’s health care record has different security challenges unlike financial or other personal data. “Protecting an individual’s medical information and their privacy is the most important and fundamental element of an electronic health record system. If those protections are omitted then the entire system is undermined. Personal health information is highly sensitive information and warrants the need for very high confidence in the accuracy of the asserted identity of those who attempt to access it.
“Once an electronic health record is compromised and in the wrong hands, the damage to the individual’s privacy is irreversible and the consequences can affect the victim for his or her lifetime. The security of personal health information is far different when compared to other types of personal information including financial. Unlike financial information, there are no policies and procedures in place to restore one’s health information once it is compromised. Additionally, organizations and professionals have a fiduciary obligation to ensure transmission of information is properly authenticated between respective parties.”
Smart cards can also help prevent medical identity theft, according to a report from Booz Allen Hamilton for the U.S. Department of Health and Human Services. “Few providers require any strong evidence of patient identity at the point of service. Patients are often asked to provide only verbal assertions of identity and coverage. However, technology solutions such as biometrics, smart cards or electronic patient records may be able to assist providers in verifying patients’ identities based on past histories, demographics, or facial photographs.
“Smart card technology is the only mature solution supporting capabilities that can help address medical identity theft and fraud. Patient identification information can be securely stored on the smart card chip which has built-in tamper-resistance features that make it extremely difficult to duplicate, hack or forge.”