Executive Director's Letter

Dear members and friends of the Alliance,

This month the Department of Homeland Security released the long-awaited and much anticipated notice of proposed rulemaking for REAL ID, "Minimum Standards for Driver's Licenses and Identification Cards Acceptable by Federal Agencies for Official Purposes" (Docket No. DHS-2006-0030), available at http://www.regulations.gov.  The document is long, so unless you have a lot of time on your hands, good luck reading the whole thing in one sitting.  I went right to the important stuff – the MRT (machine readable technology). There on page 19, I found that the “proposed regulation would mandate the use of the PDF-417 2D bar code as the common MRT standard and DHS proposes to adopt most of the mandatory data elements described in the 2005 AAMVA Driver’s License/Identification Card Design Specifications, Annex D, as its MRT data elements model.  PDF417 is a two dimensional, open source (public domain) barcode that is used to store and transfer large amounts of data inexpensively." Inexpensively is the key word here.

This is where the document and DHS recommendation fall short.  The core reason for the REAL ID legislation in the first place was supposed to be improved security, not the least expensive solution for storage and transmission of data that states could agree on.  According to the opening summary, these new standards are intended to provide “physical security of the driver’s licenses and identification cards to prevent tampering, counterfeiting, and duplication of the documents for a fraudulent purpose.”   Since this goal is stated up front, one could expect that the subsequent sections in the document would explain how the new driver’s license standard would go about achieving that goal.  Instead DHS acknowledges that because 2D bar code readers are extremely common, there is a possibility that the data could be captured from the driver’s licenses and identification cards and accessed by third parties by reading the card’s 2D bar code.  DHS failed to acknowledge that the proposed rulemaking has done nothing to prevent tampering with or illegal production of fraudulent driver’s licenses, since there is no active security in 2D barcodes that would prevent someone from altering or replacing a 2D barcode with a fake one.

Member Profile

This month, Smart Card Talk spoke with Gordon Hannah, Managing Director, Public Sector Security and Identity Management Group, with BearingPoint.  Mr. Hannah is the Executive responsible for the strategy and direction of Identity Management solutions and services for the BearingPoint Public Sector Security Group.  He has over 17 years of Homeland Security, Federal, Intelligence, Health Care and Military sector experience and seven years of managing Enterprise Identity Management initiatives.

Within the Federal and Defense arena, Mr. Hannah has identity management operations and program management experience with the DoD (including DMDC, BMO, WHS, Navy, Army, Air Force, and Marine Corps), DHS (TSA), State Department, GSA, GAO, MoD UK, and DfEE UK.  As the Program Manager for the TSA Transportation Worker Identification Credential, he fielded an operational, nationwide end-to-end identity management and biometric credentialing system just 96 days after contract award.  As Project Manager for the Department of Defense Common Access Biometric Working Group, he performed a series of smart card, biometric, and cryptographic technology evaluations to evaluate how DoD might deploy biometric technologies in conjunction with their Common Access Card.   He also helped the Department of Defense Defense Manpower Data Center receive international recognition for their award winning Common Access Card program. Prior to joining BearingPoint (then KPMG LLP) in 1998, Mr. Hannah held a number of technology and management positions with Andrulis, Tyco International, and the Department of Defense (U.S. Navy).

Feature of the Month 

Smart Cards in Healthcare: Benefits for Patients, Providers and Payers

The healthcare market is poised to move from a paper world to an electronic one.  In an era of managed care, specialized medicine, thin financial margins, identity fraud, difficult insurance claims, and government demand for secure, portable, and confidential patient information, the competitiveness of healthcare providers may depend on effective use of information technology (IT).  However, increased computerization, reliance on databases, and movement of sensitive patient information require strict controls to safeguard the security and confidentiality of healthcare records. 

As the industry advances electronically, data protection is a key concern, fueled in part by legislation such as the Health Insurance Portability and Accountability Act (HIPAA).  Current healthcare requires immediate and secure information access without compromised privacy.  Smart card technology represents a unique opportunity to provide healthcare solutions that combine secure information access and management with data mobility and patient privacy.

Healthcare administrators are currently major consumers of paper and ink.  Keeping patient records, submitting medical claims, making referrals, writing prescriptions, and booking appointments are typically manual processes.  The few areas that are automated tend to operate independently of each other.  Only a minority of physician practices store patient data electronically.  Physicians and other healthcare professionals have a stubborn affinity for using paper-based media to collect and retain patient data. 

Smart Card Talk is the monthly electronic newsletter of the world's largest smart card industry organization, providing members with the latest news and information about what's happening within the Smart Card Alliance. If you have news you would like to share, please send it to info@smartcardalliance.org. If you know someone who does not receive this newsletter and would like to be added to the list, please send an email here.

Copyright 2006-2007· Smart Card Alliance · 191 Clarksville Rd. · Princeton Junction, NJ 08550
Phone: (800) 556-6828 info@smartcardalliance.org · www.smartcardalliance.org