Recently received a mail from one of my Friends Senthil asking more about smart cards and their implementation in Indian Health care Scenario. Here I am describing the use of smart cards with the technology that is usually deployed for the same.
Components of Smart card System
- SMART CARDS
SERVERS WITH HARDWARE SECURITY
ADMINISTRATOR PORTAL WEBSITE
PATIENT PORTAL WEBSITE
CAREGIVER PORTAL WEBSITE
- PDA & LAPTOP SOFTWARE .
- VISUAL BASIC & .NET TOOLS
HL7 MESSAGING SERVER
What all these components do?
What all these components do?
SMART CARDS - Securely hold patient information.
CARD READERS- Work with any PC and are branded with your logo.
CLIENT SOFTWARE -Upgrades the web browser on the PC so it works with smart cards and card readers
SERVERS WITH HARDWARE SECURITY- Host and protect private information.
ADMINISTRATOR PORTAL WEBSITE- A web application that lets administrators issue and manage cards.
PATIENT PORTAL WEBSITE- A web application where patients view and update their information.
CAREGIVER PORTAL WEBSITE- A web application that lets caregivers work with information on the smart cards.
PDA & LAPTOP SOFTWARE -For working with cards in mobile and off-line environments
VISUAL BASIC & .NET TOOLS -For customizing and extending the system.
HL7 MESSAGING SERVER -For integrating with other systems.
What are the possible benefits you are passing on to your customers in case you deploy a smart card facility?
- Enhance patient loyalty and improve patient relationships.
Speed up registration with less paperwork.
Improve communication and information sharing between points of care.
Let patients view and update their medical information online.
- Convert paper records to digital format.
Reduce erroneous and fraudulent registration information.
Track and log with all changes to the patient’s information.
Comply with rules about information portability and privacy.
Maintain patient confidentiality using the best information security technologies on the market.
- Patients can access their health care information online and are better informed.
- Gives patients control of their medical information.
- Patients have added assurance that their personal information is released on a “need-to-know” basis.
- Reduced waiting and duplicate paperwork during registration.
Provide secure, re-writeable storage with more space than a magnetic stripe
• Storage is protected with multiple access levels
• On-card software can be updated “post-issuance” with new features as often as necessary
• Optional magnetic stripe for backwards compatibility with existing systems
• Manufacturing services to support mass mailings, telephone user activation and bulk-personalization
• Military grade security and cryptography.
What all You should/can store in a smart card?
• Employer information
• Emergency contacts
• Medicines/Prescription information
• Medical History
• Primary & Referring physician information
• Guarantor information
• Advanced Directives
• Special requests/ pastoral care requests
• Organ donor information
• Caregiver notes
• Audit trail information tracking all changes
• Custom fields
What is the best technology to deploy them in the healthcare field?
• Multi-tier server architecture based on Microsoft .NET and SQL Server
• Server applications can customized with C#, VB.NET or ASP.NET)
• Server side scripts control interactions with the smart card so no specialized smart card programming is required
• The client software is an ActiveX control that uses the PC/SC standard to communicate with smart cards.
• Dedicated security hardware on the server protects private information.
What are the Security Features while passing on critical health Info?
The cards should store certificates and keys for PKI interoperability and include hardware based cryptography features.
• The card should store a complete audit trail.
• The storage on the cards should be tamper resistant.
• The cards should support multiple PINs for patients and caregivers, with lockout features that prevent PIN/password guessing.
• Smart cards should also provide multi-factor authentication when users log-in to the portal applications.
• In addition to the smart card security features, network traffic should be encrypted using SSL.