How biometric, smart cards can help health care
10 August, 2009
category: Biometrics, Corporate, Digital ID, Health
By Pamela D. Mitroff, Director of Public Relations and Communications, Secure Services Corp.
Smart cards, available since the 1970s, contain a computer chip embedded on the card, making them a mini-computer. Because of this computing power, they are considered the “gold standard” for secure data exchange. Smart cards can be programmed with a multitude of applications including storing and processing data, accessing data and other functions.
Smart cards are also being used in the rapidly developing arena of identity management. Identity management’s goal is to uniquely identify an individual. It becomes most important when one is identifying an individual within a system as a means to control their access to resources or establishing their rights or limitations within the system.
Here are eight ways smart cards – especially biometric smart cards – can restore trust, reduce costs and increase quality in healthcare.
-
Keeps the Genie in the bottle.
As more and more medical information is digitized and available electronically, the risk for data breaches increases. Intentional or accidental breaches of electronic medical data can cross the globe within seconds. Unlike banking and credit records where losses are generally capped by law or contract, once medical information is breached it can’t be undone. In short, since you can’t put the genie back in the bottle, smart cards provide a more secure method to store or access data. -
With medical data increasingly becoming digitized, robust security is needed to keep it from unintentionally flying across the Internet.
Once medical information is “out there” it can’t be undone, as a number of celebrities have discovered. Smart cards lock down these data bases providing encryption and secure transmission. The encryption and enhanced security, especially with biometric authentication, allows access only to identified and approved users.
Moreover, as information is organized through electronic health records and other systems, more information is more easily accessed. So, if a breach occurs, it’s likely that a lot of information is exposed. Smart cards can be used to ensure that data is accessed only by authorized persons. The card also allows for pre-defined and assigned roles so sensitive data can be seen or acted upon on a “need to” basis.
- Smart cards can provide speedy access to data when confronted with hurricanes like hurricane Katrina as well as other disasters.
Disasters have shown that medical information needs to be accessible. In the case of hurricane Katrina, medical records stored at hospitals and doctors’ offices were lost. People who escaped the disaster area had little or no means to access prescription drug or other medical information.
A smart card tied to a person’s health information allows access to medical information anywhere there’s a computer with a smart card slot. By using the smart card, with a password and user name or a biometric identifier, the medical records can be securely linked to the identification of the person seeking the information.
-
Provides access to data based on roles and responsibilities.
One of the problems identified in disaster relief efforts was that there was no sure way to verify that someone arriving to help was the expert or professional they professed to be. But, a smart card can either store a person’s credentials and permissions or be used to access a data base with this information. -
Overcomes the vulnerability of passwords and the shortcuts people use to deal with passwords.
Most access to data, software, financial and other information relies on user names and passwords. Secure passwords should be at least eight characters with upper and lower case and symbols. Most people use passwords that are much simpler and then they keep a list or put them on “sticky notes.” Smart cards provide at least another factor of authentication by requiring that someone have the card and the password or the card and the biometric identifier for more security.
Reissuing passwords and technical support related to passwords is costly for every business. Resetting passwords costs between $10 and $40. A Siemens study estimated that a password related call averages $25 and an enterprise of 2,000 will see costs of as much as $152,620 per year for this purpose alone.
- Ability to readily distinguish among every Nancy Smith.
When matching up records, the most common identifier is name. Since names are not unique, records can be easily misfiled. Even when additional identifiers are used, such as date of birth, social security number and the like, filing errors are commonplace. One study found that the cost of correcting a medical record averages $20 to $100 per duplicate. Hospitals spend thousands of dollars each year cleaning out duplicate records.
The registration process is a critical component in correctly identifying records. Of the errors leading to pending and denied claims up to 70% are attributable to the registration process. A biometric identification card at registration uniquely identifies a patient and eliminates this initial problem leading to fewer administrative headaches.
- Prevent fraud caused by sharing of health insurance cards and access to health benefits.
A health insurance card is like a blank check worth millions of dollars. The incidence of people stealing someone’s identity to access either public or private health coverage is growing. Apart from the financial cost to the system, once someone has obtained services using someone else’s identity, future medical care can be compromised. If the thief had a medical condition, such as diabetes, the actual person’s records would indicate a diagnosis of diabetes. This could affect future care, to the patient’s detriment.
Current efforts to combat this medical identity theft are limited. Oftentimes, medical providers ask for a photo-id to further verify identity. However, these methods have proved to be inadequate. A biometric identity card ensures that the person presenting for services is who they say they are.
- Eases compliance with HIPAA and other government mandates.
The need for security in medical record storage is a priority for the Obama administration, Congress, state legislatures and the health care industry. Smart cards provide enhanced security necessary to comply with HIPAA, the “Red Flags” Rules and other privacy and identity laws and rules. Moreover, steps to protect and secure medical information restore the trust and confidence of patients of the overall integrity of the health care system.
As health care providers reach outside of their own closed networks, the need to identify and authenticate individuals and assign roles and responsibilities that lead to authorized actions becomes even more important. As systems become interoperable, the need for smart cards to provide secure and private access to data, coupled with certainty of identity of users and their roles will take center stage. As importantly, smart cards are a technology that can reduce costs while also enhancing quality and safety. There are not many technologies applied to health care that can make these claims.
Pamela D. Mitroff is the director of public relations and communications for Secure Services Corporation in Downers Grove, IL. SSC is a leader in identity management solutions, including a line of health care technology solutions built around their SHAPE environment – Secure Health And Privacy Environment. Their product line includes the SHAPE Card, identity management through a biometric match-on-card, providing secure identification and authentication as well as the recently launched direct-to-consumer personal health record. More information is available at http://www.secureservicescorp.com, http://www.SHAPEPHR.com. You may contact Pamela at pmitroff@secureservicescorp.com.