 |
 |
 |
 |
February 2006 • Volume 11 Number 2
|
 |
|
Feature of the Month Smart Card Applications in the U.S. Healthcare Industry The healthcare market is on the cusp of a move from physical paper to an electronic world. In the era of managed care, specialized medicine, thin financial margins, identity fraud, insurance claims submission hassles, and government demand for secure, portable and confidential patient information, the competitiveness of healthcare providers depends on the proper use of information technology. Increased computerization, database use, and movement of sensitive patient information require focused controls on maintaining the security and confidentiality of those records. As the industry advances electronically, it must provide heightened records security and ensure confidentiality of individually identifiable patient information. Data protection is the key concern, fueled by legislation such as HIPAA to increase security of patient health data storage and access. The mobile nature of today's healthcare administration requires immediate and secure information access without compromising privacy. This presents smart card technology with a unique opportunity to provide solutions that encompass secure information access and management, while supporting data mobility and maintaining privacy. Healthcare administrators are major consumers of paper and ink. Patient records, medical claim forms, clinic referrals, prescriptions, and appointment booking systems remain manual processes at most healthcare enterprises. Those few areas that are automated tend to operate as independent silos. Industry sources point out that only a minority of physician practices have patient data stored in an electronic format. Physicians and other healthcare professionals have developed a stubborn affinity for file folders and other paper-based mediums for collecting and retaining patient data. In driving healthcare professionals to expend more time and effort with patients and less with paper files, the healthcare industry will require substantial employee re-training efforts as well as a significant technology investment. Smart cards help reduce healthcare paperwork and secure access to patient records and health insurance status. The smart card is an ideal medium for holding encrypted patient information, and for computing a digital signature or a biometric template to reduce ambiguity about the cardholder's identity. Fraud reduction in health benefits also favors smart card implementation, and it remains a significant issue for government. HIPAA is technology-independent and does not specify the use of smart cards or any other technology. However, it is likely many healthcare enterprises will choose smart card technology due to its suitability for secure data handling and fraud reduction. There also exist many opportunities with healthcare insurance. Paper-based eligibility verification and claims processing are too often characterized by redundant information collection, lengthy waits, and multiple forms needed for reimbursement. The manual processes used increase the risk of transposition errors. The inefficiencies of traditional eligibility verification and claims processing cost insurers, national health agencies, and healthcare providers significant amounts of time, resources, and money. Too often, they result in significant delays for referrals, treatment and reimbursement for the insured patients. Smart cards can provide clean data for eligibility verification and claims processing. They not only prevent administrative errors and streamline payments, but they also prevent medical errors that can arise when one practitioner doesn't know what the other has been doing. Test results conducted by one clinic could be available to all practitioners. Before prescribing a drug, the physician would know the patient's recent diagnoses, allergies, prescription history, and any over-the-counter drugs that may conflict with the proposed course of treatment. In the long run, the data carried by smart health cards can not only prevent illness and save lives, but can also save the healthcare industry billions of dollars. Today, many patients lack control over their health records maintained at clinics, pharmacies and hospitals. However, with smart card technology, no one can read what is contained on the smart card's microchip, or have access to computerized records without one's personal identification number (PIN) and authorized hardware and software. Smart cards are among the few electronic devices that are privacy-enhancing. Further, they interact reliably with a wide range of systems. They can operate over the Internet to verify information in a carrier's database, and they can be read and updated offline at a physician's office, as medical clerks prepare electronic claims for submission to the insurer. Moreover, the ability of smart cards to disaggregate data and to encrypt information protects an individual's right to privacy while creating a more efficient method to share patient information from one healthcare facility to another. Smart cards transfer important health information, and participate in the health information system's billing and collection functions. Thus, smart cards can play a key role in areas such as clinical research. With provisions for confidentiality, patients seem less reluctant to reveal, and physicians and researchers are more eager to record, accurate information for research. Whether the smart card carries critical medical data and clinical information, or evolves as a secure key to distributed repositories of patient information, or a combination of both, it is a technology whose time has come. Smart cards are a practical enabling technology to enhance the privacy and confidentiality of patient information. Further, they are intuitively easy to use; indeed, they can even be rendered "dummy proof." The following are several examples of successful smart health card implementations in the U.S. Queens Health Network
QHN began as a means to offer something better to patients. QHN was already paperless, with emergency medical records (EMRs) implemented at the two acute-care facilities, so adopting smart card technology was the next logical step. "We're trying to change our focus to improving health outcomes by moving information better," states Al Marino, QHN's CIO. "We want to be able to share information not just within our own health system, but within the community, and so patients have access to their information. We're excited about patients being able to provide their information in emergency situations." The smart card facilitates delivery of care by providing access to patient summary information in an emergency setting, which is especially helpful for patients whose primary language is not English. Elmhurst Health Connection cards will be issued to about 14,000 patients of the Adult Primary Care service at Elmhurst Hospital. Card issuance is the first step in trying to share more patient information with physicians in the NYC Health and Hospitals Corp., of which QHN is a member, so that smart cards become part of the organization's information infrastructure. Each card carries the patient's photo ID and contains a 64 KByte chip that contains data such as the patient's name, address, emergency contact, allergies, current medications, and recent lab results. The cards are updated automatically at each patient visit. The health network has provided free, read-only software and card readers to the emergency rooms at 10 other New York City hospitals. Currently, QHN is collaborating with the other providers in the borough to implement and further develop applications to improve patient safety and the health outcomes of the communities that QHN serves. University of Pittsburgh Medical Center
UPMC looked at the smart card as an emerging technology with the potential to enhance administrative processes and system communications. An initiative was undertaken to find a solution that would then be evaluated to determine whether it enhanced the integration of UPMC's many systems and practices. The objectives for this system were to solve the challenges of complying with data privacy and confidentiality legislation (i.e., HIPAA), enable patients to access and participate in updating their information, and provide a portable solution supporting immediate access and consistent data flow. UPMC determined that smart cards could play a role in this new system. Following a successful 2-year pilot project, the UPMC smart card, dubbed the Healthcare Passport, has been distributed to 2,000 UPMC patients. For the patient, the immediate benefits include speeding through the check-in process during office visits. With the smart card, patients no longer need to supply their personal information each time they visit the doctor, since the cards contain critical information such as medications, allergies, and chronic conditions. By inserting a patient's card into a computer in the exam room, the physician has instant access to accurate and up-to-date information about the patient. The UPMC smart card uses sophisticated security measures that make it nearly impossible for strangers or unauthorized personnel to retrieve a patient's medical information. To access information, each patient and physician must have a card and a PIN (two-factor authentication). The cards also may decrease the likelihood of inaccurate billing. About 90 percent of services denied by insurance companies are due to clerical errors made at the time of registration for a clinical service. Emergency departments equipped with card readers can rapidly access potentially lifesaving information about a patient, such as allergies to medications and chronic medical conditions. The initial rollout included smart card readers at the UPMC Presbyterian Hospital emergency department, the Department of Orthopedic Surgery, the Center for Sports Medicine, and Dr. Solano's practice. St. Luke's Episcopal Health System St. Luke's Hospital was founded by the Episcopal Diocese of Texas in 1954. Located in the heart of the Texas Medical Center in Houston, St. Luke's delivers primary and tertiary healthcare to patients from all over the world. St. Luke's has been recognized as one of the top 10 cardiovascular centers in the United Stated by U.S. News & World Report, as well as a magnet hospital for excellence in patient care. At St. Luke's, medical personnel use networked computers to view patient records stored in a central database. In 2001, St. Luke's instituted a smart card-based system for logging on to the network to resolve various issues associated with password-based data access. Physicians who worked at different hospitals could not remember their multiple passwords. At St. Luke's, physicians had different logon procedures than nurses. Security was compromised when physicians, in desperation, wrote down their passwords or shared them with staff or residents. These problems also resulted in a flood of calls to the hospital help desk because of forgotten passwords. In addition, doctors needed to access patients' charts and clinical lab results more easily and securely. The smart card technology, provided by BNX Systems, was implemented for convenience and security. The cards are used simply to provide secure access. Each card is protected by a four-digit PIN. Providing the correct PIN authenticates the doctor to the card; the card then authenticates itself to the hospital's data network, providing two-factor authentication. The card carries only the cardholder's name and a 128-bit key. To log on to the system, a physician simply inserts the card in a reader and types in the PIN. Initially, 55 out of 250 physician computer stations were equipped to accept the smart cards. St. Luke's installed wall-mounted PCs (at an interval of one per every four rooms) and about 15 desktop PCs and laptops on each floor. All computer stations have smart card readers built into their keyboards. The two-factor authentication provided by the smart cards improved user access and reinforced data security. Originally, St. Luke's issued smart cards to about 100 of its 1,800 doctors. The program rapidly expanded to include more than 900 physicians. About 450 PCs are now equipped with smart card readers. St. Luke's continues to look for ways in which to connect doctors with data and streamline procedures. The hospital is moving rapidly toward a Web-based portal and single-sign-on capabilities and is considering a variety of other changes. Smart cards led the way in improving physician convenience with regard to patient data access. Florida eLife-Card
The eLife-Card smart card was conceived of in 2002, partially in response to emergency healthcare needs resulting from the effects of Florida's hurricanes. People requiring emergency medical care as a result of a hurricane encountered difficulties receiving appropriate care in a timely fashion. Hospitals were not able to locate health records quickly (if the records had even survived); obtaining authority for treatment often involved lengthy delays; and patients often were unable to provide required information. In 2003, Florida's fire marshals requested assistance in ensuring that marshals injured while helping with hurricane disaster relief would receive emergency care quickly. The marshals then encouraged adoption of the card by the firefighters' union, which in turn suggested that the card be adopted by members of the teachers' union. The card is now also offered by certain hospitals in lieu of (or in addition to) medical alert systems. The card is not free; unions and most other organizations sell it for $60. One hospital charges $85 per year for the card, but cardholders also receive free parking at the hospital (parking otherwise costs $5 per hour). The eLife-Card smart card can hold up to 4 Mbytes of data, which includes the following information: personal identification, with or without picture; allergies; medications; medical history; emergency contacts; advanced directives (living will or Five Wishes); preexisting medical conditions; will and probate; insurance provider; religious preferences; doctor visits; pharmacy integration, to track prescriptions; organ donor status The eLife-Card carries both an RFID tag and a smart card chip. Cardholders receive stickers advertising the presence of the card that they place on the back windows of their vehicles and in their glove compartments. Cardholders also receive a plastic key-ring card indicating that they have eLife-Card smart cards. Emergency responders use an antenna to determine whether a card is present in the area of an accident or other emergency. When a card is detected, responders can see how far away the card is and the direction in which to look for it. Once the card is located, responders use a handheld personal data assistant (PDA) to read the smart card chip, obtaining information about a cardholder's allergies, medications, next of kin, and primary care physician. This information is typically available within 5 seconds and can then be transmitted to the facility to which the cardholder is being transported. When the cardholder arrives at a healthcare facility, staff can use the card to access a complete health record for the person over the Internet. The card can also interface with over 300 different hospital medical information systems. The card is HIPAA compliant, and cardholder privacy is protected at all times. The information on the card is encrypted. The PDA used by emergency responders includes a biometric scanner, and responders must provide a fingerprint to authenticate their right to access the information on the card. Healthcare facilities insert the card into a dual-slot card reader. Card information is only accessible after physicians or other authorized personnel have inserted a card in the second slot of the reader. Cardholders can update personal information over the Internet, using their membership number and a PIN. Healthcare information is updated automatically using health record servers when the card is read at any participating healthcare facility that has Internet access. Summary Daunting challenges face the U.S. healthcare industry today and there are clear opportunities for smart card technology to be employed to address and resolve these issues. In recent years, there has been a pronounced effort to establish and refine standards for maintaining and moving healthcare data. With continued advances in smart card technology and the increased awareness of its practical solutions, healthcare organization use of the technology is gathering momentum. There are a plethora of new healthcare applications waiting for discovery and for smart card implementations. About this Article This article is an extract from the Smart Card Alliance Healthcare Council white paper, "Smart Card Applications in the U.S. Healthcare Industry," researched and written by the Healthcare Council and published in February 2006. The white paper reviews key challenges that the U.S. healthcare provider industry faces and examines the key drivers for implementing smart card-based systems to address these challenges. The paper also includes profiles of successful smart card healthcare implementations that illustrate the diversity of applications that are enabled by smart card technology and the business benefits that the technology delivers to healthcare organizations. Individuals from 24 organizations in the Smart Card Alliance Healthcare Council collaborated on this white paper. Lead contributors included representatives from: ACI Worldwide, Axalto, Competech Smart Card Solutions, EMIDASI, Healthmeans, Hitachi America Ltd., Lockheed Martin, Oberthur Card Systems, OTI America, PrivaMed, Inc., Sharp, TecSec, Uniliance Health, U.S. Dept. of Defense, VeriFone, and Visa USA. The full white paper and additional information about smart cards and the role that they play in healthcare, secure identification and other applications can be found on the Smart Card Alliance web site at www.smartcardalliance.org. About the Healthcare Council The Healthcare Council is one of several Smart Card Alliance technology and industry councils that were created to foster increased industry collaboration within a specified industry or market segment. The Smart Card Alliance Healthcare Council brings together payers, providers, and technologists to promote the adoption of smart cards in U.S. healthcare organizations. The Healthcare Council provides a forum where all stakeholders can collaborate to educate the market on the how smart cards can be used and to work on issues inhibiting the industry. Healthcare Council participation is open to any Smart Card Alliance member who wishes to contribute to the Council projects. Additional information about the Healthcare Council can be found at http://www.smartcardalliance.org/about_alliance/councils_hc.cfm.
|
|
The Queens Health Network (QHN) provides over 1 million ambulatory care visits annually to the 2 million residents of Queens, New York. QHN includes two leading acute-care facilities, Elmhurst and Queens Hospital Centers, 15 community-based medical centers and practices, and 6 school-based health centers. The network provides preventive and healthcare services throughout the borough. 
The University of Pittsburgh Medical Center (UPMC) includes 19 hospitals and over 5,000 doctors in over 400 offices. In the face of dramatic growth, UPMC faced a challenge: how to ensure that its technology infrastructure kept pace with its business requirements. Processes such as verifying the eligibility of individuals while maintaining the confidentiality of sensitive patient information were critical to the continued success of the organization. 
About 1 million Florida residents carry an eLife-Card smart card issued by EMIDASI for use by emergency personnel: emergency medical technicians, firefighters, police, and personnel in emergency rooms, intensive care units, and trauma centers. The card stores the lifesaving information required for immediate emergency treatment. In addition to Florida fire departments, emergency medical services, and paramedics, over 15 healthcare organizations in Florida are participating in the program, including hospitals, medical centers, fire and rescue organizations, and life-flight services. 