Card Technology in Healthcare

1
Card Technology in Healthcare

• Daniel L. Maloney
• Director, Emerging Technologies
• Department of Veterans Affairs, VHA
• Silver Spring, MD., U.S.A.
• daniel.maloney_at_med.va.gov
• http//www.va.gov/
• http//www.va.gov/card/

2
Overview

• Major Issues
• Pressures in Health Care
• How Cards contribute to the solutions
• Technical Developments
• What is the VA doing?
• Overview of Healthcare Card Projects
• Summary

3
The Department of Veterans Affairs

• 27 Million Veterans and 43 Million dependents
• Nearly one-third of the nations population are
  potentially eligible for VA benefits, includes
  dependents
• Second largest of the 14 Cabinet departments
• Facilities in all 50 states, Washington D.C.,
  Puerto Rico and the Philippines
• Nations largest medical system with 159
  hospitals, 129 nursing homes, 35 domiciliaries
  and 362 outpatient clinics
• 58 regional Benefit offices providing monetary,
  disability, pension, educational and vocational
  rehabilitation benefits
• 13 million home loans, and the nations largest
  insurance programs
• 114 national cemeteries

4
Functions of VAs Public Domain Integrated
Hospital Information System (VISTA / DHCP)

• Clinical and Administrative Support
• Clinical Results Reporting
• Order Processing
• Patients Medical Record
• Accounting and National Reporting
• Medical Care Cost Recovery
• Integrated Medical Images at pilot sites
• 60 Applications
• National Electronic Network for inter facility
  Communication

5
Major Trends

• The Web Changes Everything
• Electronic Service Delivery and EDI - saves time,
  money for corporation, and the customer
• Major obstacle - Security, Privacy and User
  authentication
• Major solution - Keys - Public /Private Key
  Infrastructure and Digital Signature
• Carry keys on smart card
• Multi-application cards reduce the cost per
  program
• Customer Convenience /Humanize Interactions
• User Opt In

6
Major Concepts

• Card functions as part of the System
• Works with the networked data
• As the Network improves, the location of the data
  can change
• Network means Local and World Wide Network
  (Internet)
• Continuum with Essential data on card
• Many applications can be supported
• What critical Business Problem do YOU need to
  solve?

7
(No Transcript)
8
Roles for a Card

• Multiple roles including
• Visual Identification
• Electronic identification (Keys and certificates)
• Portable Data Carrier or Pointers to Data
• Electronic Payment - insurance or e-cash
• Two Card Present model - patient and doctor cards
  at the same time to access data located either on
  the card or on the network

9
(No Transcript)
10
Pressures in Health Care

• Profitability of the healthcare organization
• Insurance and government organizations are
  concentrating on cutting health care costs and
  fraud
• Citizen Choice
• Different Information Systems are often
  fragmented and do not communicate
• The patients difficulty accessing their own
  record
• The patients fear of uncontrolled access to
  their medical records
• The providers inability to access accurate and
  appropriate /complete information about the
  patients treatment

11
Why Use Cards In Healthcare?

• Cards are a part of local or networked system
• Deliver Better Service and Benefits Faster
• Decrease Paper Work and Administrative Costs
• Decrease Date Entry Error
• Quicker and easier retrieval of Data (from a
  portable card or using card as key to data
  lookup)
• Increased Patient Convenience
• Decrease Fraud
• Secure Access to On-line Data
• Enable secure and private communications
• Digital Signatures
• Support Financial Transactions

12
Influencing Events

• Health Insurance Portability and Accountability
  Act of 1996 (PL 104-191)
• HHS responsible for identifying or developing
  EDI, privacy and security standards
• Original Feb 1998 report deadline, reports being
  written
• Standards Groups have accelerated activities
• National Research Council report For the Record
  Protecting Electronic Health Information - March
  5, 1997
• password or PIN in conjunction with a token
• GSA Government wide procurement for Cards and for
  PKI Services in 1998

13
Applications on a Healthcare Data Card

• Patient Medical Identifier, visual ID
• Insurance Identifier and Data
• Administrative Data, Demographics for
  registration
• Specialty Medical Data Bases, Medication,
  Dialysis, Pregnancy History, Portions of Medical
  Record
• Emergency Data, Immunization History, Allergies,
  Primary Physician, Locations of Treatment
• Information carrier Prescriptions
• Preventative Health Care, i.e. WIC
• Electronic ID Keys to access data on the
  network, Secure Authentication / Digital
  Signature
• Financial Transactions Credit/debit Cards for
  Payments, EBT

14
Public Awareness

• Smart card articles are appearing in the popular
  press, not just professional journals
• Many articles about electronic cash and smart
  cards
• Articles about Internet and the need for better
  electronic identification
• Discussions about Public /Private Key
  Infrastructure in many different industries
• People immediately understand the need for
  confidentiality in Healthcare

15
Card Technology Unit Cost () Major
Benefits Options

• Paper, bar code option .01-.04 Inexpensive,
  bar code
• Plastic, embossed .10-.15 familiar, paper
  transfer
• Serial Memory card 1.50-4.00 additional
  storage
• Computer chip card 3.50-15.00 additional data
  security,
• difficult to copy
• Optical card 6.00- 8.00 much more storage
• IC Optical Card 10.00-15.00 large
  storage and data security
• PC Card 60.00 - 100.00 more storage and
  computational capability

16
Card Technology Unit Cost () Major
Benefits Options

• Plastic, embossed .10-.15 familiar, paper
  transfer
• add Magnetic stripe .02-.10 electronic
  readable
• add Bar Code .00-.10 electronic readable
• add signature panel .02-.05 visual
  authentication
• add photograph, BW .00-.15 visual
  authentication
• add photograph, color .20-.25 visual
  authentication
• add hologram laminate .06-.07 deter fraud
• add hologram stamp .05-.06 deter fraud

17
Technology

• Cards with cryptographic capabilities
• 32 bit computer chips on cards
• Decreasing costs of biometrics fingerprint
  readers
• Combination cards with contact and contactless
  communications
• Reader Inrastructure
• Large software vendors like Microsoft are
  delivering software, APIs and now a card
  operating system to support smart cards

18
Interoperability

• Interoperability will make it easier to deliver
  smart card solutions
• G-8 technical interoperability specification is
  being used in Healthcare (CardLink)
• Application - EMV, GSM, SET
• On the Workstation - PC/SC Specification and the
  OpenCard Framework
• On card - Java Card, MULTOS and Microsoft Card
  Operating System (6/99)
• Hardware level - ISO 7816

19
What is the VA doing?
20
Department of Veterans Affairs - Patient Card
Upgrade

• Rollout began in Dec 1996, finished in April
  1997, Planning began in Dec 1993
• Upgrade cards from simple plastic embossed card
• New cards have printed and embossed
  information, magnetic stripe, bar code, black and
  white picture
• Function as identifier and carrier of small
  amount of information
• Speeds patient look-up on medical information
  system, allows mini registration
• Personalized at facility, 2.5 million cards first
  year
• magnetic stripe - date of birth, period of
  service and service related disabilities
• Enhancements are planned

21
The Veteran ID Card

• Photo Image
• SC Indicator
• Barcode
• Embossed Info
• Name
• SSN, DOB
• MAG Stripe
• 1-800 Number

22
VA Electronic Purse

• Department of Veterans Affairs,
• U.S. Treasury, Nations Bank and Visa began an
  electronic purse pilot with smart cards
• Announced Phase 1 on Oct 20, 1997 at the Bronx
  Veterans Affairs Medical Center located in New
  York City
• Announced Phase 2 on Nov 24, 1997 at the Tampa
  Florida Veterans Affairs Medical Center
• 25,000 cards will be issued at Bronx and 23,000
  in Tampa
• Used by staff and patients

23
VA Electronic Purse

• Visa Cash in the hands of patients,
• physicians, visitors, volunteers and employees
• test numerous applications including
• combining identification badge and electronic
  purse
• vending machine acceptance
• integrated cash registers and terminals
• reloadable cards and
• cashless ATMs that transfer cash value onto
  reloadable cards, rather than distribute currency

24
VA Electronic Purse

• At the Bronx site,
• up to 4,000 reloadable cards used as
  identification badges.
• Approximately 10,000 cards issued for meal
  tickets, and
• 1,000 for personal patient checking accounts.
• The Tampa pilot also has a special purpose card
  to be distributed by Veterans organizations for
  special events hosted at the medical center
  throughout the year

25
Department of Veterans Affairs - Pilot of Secure
Access from Internet

• Strong Authentication with smart card to control
  access from Internet to selected VA networked
  Resources
• Levels of Control by person, by target resource
  (system, directory, file or URL), and by protocol
• Pilot began in May 1998
• 40 users for telnet and web access
• FTP and Exchange delayed
• Plans to migrate to system that uses PKI
• Support and coordination problems

26
Department of Veterans Affairs - Home Health
Care Initiative- Design Stage

• Store commonly needed data on card to improve
  communications between different home health care
  providers
• Always available to home health care provider
• Also to be used at Emergency rooms and health
  care providers offices
• Use of portable devices to read and update
  patient card
• Begin Summer of 1999

27
Department of Veterans Affairs - VA / DoD
Initiative- Planning Stage

• Reviewing Technical Interoperability Standards
• Reviewing Medical Emergency Data Standards
• Campus style multi-application card
• Healthcare Functions - Identification of patient,
  data sharing and possibly electronic cash
• Select potential applications (registration,
  emergency, contract provider, access, finance)
• Select data fields (ID, Administration,
  Emergency, provider, treatment locations, keys
  and cash)
• Select Site
• Initiate Pilot in Summer of 1999

28
Department of Veterans Affairs - Lab Test of New
Technology

• Microsoft Windows Card Operating System (Beta
  now, projected release in June 1999)
• Workstation Development Tools
• ActiveX for Healthcare to transfer data
  bi-directionally between chip and VA VistA
  Medical Information System
• Shown in DataCard booth at HIMSS in February 1999

29
Overview of Healthcare Card Projects
30
Western Governors Association Health Passport
Project

• Objectives Improve Delivery of Benefits
• Lower Administrative Barriers to Care, and
• Improve Data sharing Between Programs
• RFP for system with 30,000 cards awarded in June
  97
• Phased launch to begin in May 1999
• Locations - Nevada, North Dakota, Wyoming
• Preventative Health Care Programs
• Womens Infant and Children (WIC)
• Medicaid Eligibility (EPSDT)
• Immunizations
• Head Start
• Maternal and Child Health

31
Secure Collaborative Telemedicine Over Public
Networks

• West Virginia University in Morgantown, West
  Virginia under NLM Grant
• Secure and private Telemedicine involves policy,
  administration, regulation and technology systems
• Building on standards
• Health professional cards are required for use of
  secure Telemedicine applications
• Includes role-based information access to data on
  patient cards
• Emergency room physicians will have web based
  access to their patients electronic medical
  records
• Authentication based on Digital Certificates (PKI)

32
Department of Defense MARC

• Multifunction and Multitechnology card
• Testing in Hawaii and used for deployment
• 50,000 cards in use
• Smart Card, bar code, magnetic stripe, picture,
  signature block and embossed characters
• Non Medical Functions include manifesting and
  deployment, food services and security
• Medical Information includes Identification,
  Emergency Data, Blood Type, Immunizations,
  Allergies and Registration
• DoD defining applications and planning the next
  generation of MARC
• Highly successful program

33
Southern Oklahoma Physician Hospital Organization
(SOPHO)

• Share Patient Data throughout the healthcare
  community
• Smart Card to be used as the first step to
  integrated health card delivery network
• Includes pharmacists and ambulance workers
• Begun in September 1997
• Insurance, demographics, allergies, medications,
  treatment history, notes, emergency contact
  information

34
EUROCARDS Framework

• EUROCARDS is a European Union (EU) Advanced
  Informatics in Medicine (AIM) Concerted Action on
  Data Card Applications in the Healthcare system
• Created in late 1993
• Final reports delivered in 1995
• Developed a technical, social and legal framework
  for data card applications
• European Union (EU) -Austria, Belgium, Britain,
  Denmark, Finland, France, Germany (originally
  West Germany), Greece, Ireland, Italy,
  Luxembourg, the Netherlands, Portugal, Spain, and
  Sweden

35
EUROCARDS

• Healthcare Professional Cards uses
• Identification in machine readable form
• Access control to information systems, local and
  remote
• Keys for Electronic signatures of stored and
  transmitted electronic documents
• Access control to patient data based on the
  possession of cryptographic class keys indicating
  certain professional status

36
EUROCARDS

• EUROCARDS priority for implementation
• Administrative Cards and the creation of the
  infrastructure (readers, workstations)
• Healthcare Professional Cards as a means of
  enhancing Security
• Emergency Cards for national and international
  purposes
• Patient Cards containing medical and
  pharmaceutical information, or pointers to the
  data

37
EUROCARDS - Outcomes

• Book - Healthcare Card Systems, EUROCARDS
  Concerted Action Results and Recommendations, A.
  Pernice, H. Doare and O. Rienhoff, IOS Press, 218
  pages
• Detailed material from EUROCARDS WG1-WG4 From
  DGXIII of EU
• G7 Healthcare Data Cards - An initiative extended
  to US, Canada and Japan

38
TrustHealth Project Framework

• Demonstrate trustworthy telematic systems using
  modern security techniques in an open systems
  connectivity environment with trans-European
  interoperability
• Using smart cards and RSA asymmetric encryption
  for health care information security
• User authentication, digital signatures and
  exchange of session keys for confidentiality
  protection, proof of professional registration
  and as access control devices
• European Commission sponsored and started in 1995
  
• National Trusted Third Parties to issue key cards
  and maintain link between the user and the public
  key
• Spri in Sweden

39
G-8 Healthcare Data Card Project

• Members are Canada, France, Germany, Italy,
  Japan, United Kingdom, United States, Russia.
• Two pilot areas were initially identified for a
  global project approach
• an international emergency card with an
  international harmonized emergency and
  administrative data set (CardLink Project)
• an international professional card that will
  allow the secure identification of healthcare
  professionals when accessing medical data and
  network services (NetLink Project, PKI)
• http//www.sesam-vitale.fr/Projects/Netlink-G7-En/
  

40
G-8 Healthcare Data Card Project

• the card is a carrier of data where the
  telematic infrastructure is not available, the
  patient, moving from one point of care to the
  other, and carrying in a card his/her own data
  and pointers to remote databases, actually makes
  a sort of "virtual" flexible infrastructure that
  can substitute and complement a more physical
  infrastructure (cabled or wireless).
• the card is a key to access the network both the
  patient's card, containing the pointers to
  federate remote data bases, and the doctor's
  professional card, containing the profile of the
  user and the associated rights to access the
  system and its services, constitute essential
  elements for the overall networked system.

41
G-8 Healthcare Data Card Project

• Plans for Technical Interoperability - The
  functional goal is to allow data to be exchanged
  between different projects in multiple countries
  using equipment and cards from multiple vendors
• Multiple levels of standardization are required -
  Standard in areas of Nomenclature, Data Sets for
  emergency data, data sets for administrative
  data, and Standards related to various aspects of
  security
• More information and links at http//www.va.gov/ca
  rd/ and http//www.sesam-vitale.fr/Projects/Netlin
  k-G7-En/

42
CARDLINK Project

• Portable Administrative, Emergency, Medical and
  Prescription Data
• User driven, supported by European Commission
• Interoperable European data set with language
  translation
• 10 sites in 9 countries include France Dublin,
  Ireland Germany Holland Spain Greece
  Portugal Italy Finland
• Demonstrate standards based card and reader
  interoperability with multiple manufacturers
• Measure usefulness in emergency situations
• Begun in 9/1994, pilot to be completed in 1999
• Use of card is voluntary

43
NetLink Project

• The NETLINK project aims at establishing
  recommendations and technical specifications for
  
• Health Professionals to access to Patient Data
  Cards (free or controlled access to data stored
  in Patient cards)
• Health Professionals to securely exchange
  documents (including digital signature and
  confidentiality services)
• Health Professionals secure access to on-line
  servers
• Involves smart cards (used by Health
  Professionals and Patients), computers (used by
  Health Professionals, Hospitals, Health Insurance
  Funds), large networks, and Security
  architectures including data encryption
• France, Germany, Italy and the Province of Québec

44
Germany

• Germany has completed a project distributing 80
  million cards to all citizens during 1994 and
  1995, along with the reader/printer
  infrastructure
• Memory chip cards used for insurance
  identification.
• Printing of Health Insurance forms
• Options for electronic submission to insurance
  fund, eliminating paper and reducing insurance
  processing costs

45
French Health Patient Card - Vitale

• 4 Pilots for Administrative Data Card
• Santal Card - Medical Card converging with Vitale
• Vitale 1 - family insurance cards being
  distributed 1999
• Vitale 2 - French patient data card
• patient card with medical data pilots in 1998
• plan for 50 million card distribution starting in
  2000
• Emergency Data Sets Compatible with G-8 framework

46
French Health Patient Card - Vitale (contd)

• Vitale 1 being distribute now
• 26 million patient cards distributed as of
  2/1999
• ID and Administrative data
• Smart card with M9 operating system similar to
  French Bank card
• 5 million cards distributed per month from 4
  suppliers
• target of 42 million cards by May 1999

47
The French Health Professional Card - Carte "CPS"

• 2 Pilots for CPS Health Professional Card
• CPS Health Professional Card with crypto chip to
  be distributed with a total of 300,000 cards
• Goals similar to patient card (simplicity,
  reliable information Confidentiality, limitation
  of frauds)
• Access key to the Healthcare Intranet
• Access key to the medical data set on the patient
  card

48
The French Health Professional Card - Carte "CPS
(contd)

• 35,000 Health professional cards distributed as
  of 2/1999
• 10,000 distributed each month
• currently being distributed to physicians.
• identification of healthcare provider, RSA public
  /private keys, PIN protected
• distribution to nurses, pharmacists, and
  hospitals next
• negotiations ongoing with health professional
  organizations

49
The French Health Care Network

• Network for health communications
• Available nation wide since November 1998
• IP based
• provides e-mail and directory services
• access control by CPS - need CPS card to enter
• 2000 physicians connected
• 1000 physicians being added per month
• traffic doubling each month
• current use is secure administrative transactions

50
Quasi Niere Renal Dialysis

• Quality Assurance and Renal Dialysis Treatment
• Medical Association in Berlin, Ministry of Health
  in Germany
• Operational with 35,000 cards as of March 1997
• 50,000 patients, 3,000 doctors
• Secure collection of confidential medical
  information over the Internet
• Includes TrustHealth concepts for authentication,
  digital signature and communication over Internet
• providers and patients

51
Canada

• Rimouski Project 1993 to 1995
• Québec is building on the experiences of European
  and Canadian projects
• Administrative and Clinical purposes
  (Identification, data transport, security and
  privacy)
• Large Scale Smart Card Distribution for providers
  and patients - budget request
• Patient and Professional Smart Card project at
  Unité de Médecine Familiale de lEnfant-Jésus in
  Quebec starting in 1999 emphasizing patient
  access to their data
• NetLink participant

52
Summary

• Opportunities in administrative simplification,
  data transfer, improved security/ privacy,
  decreased fraud
• Widespread Implementations of non-chip cards
• Many Health Cards are not electronically readable
• Multiple Chip Cards pilots in US HPP, Secure
  Telemedicine
• National projects in Europe Germany, France,
  Spain with plans in Italy and Quebec
• The use of chip cards are gradually becoming more
  common in North America
• Secure access to medical data on the network
• Patient uses keys of smart card to control access
  to their record

53
Roles for a Card

• Multiple roles including
• Visual Identification
• Electronic identification (Keys and certificates)
• Portable Data Carrier or Pointers to Data
• Electronic Payment - insurance or e-cash
• Two Card Present model - patient and doctor cards
  at the same time to access data located either on
  the card or on the network

54
Major Concepts

• Card functions as part of the System
• Works with the networked data
• As the Network improves, the location of the data
  can change
• Local network and world wide network (Internet)
• Many applications can be supported
• Will the future be gradual or explosive?
• What critical Business Problem do YOU need to
  solve?

55
(No Transcript)