Alliance Activities : Publications : Smart Card Technology in Healthcare : Series : Smart Cards and the Healthcare Ecosystem FAQ

Smart Cards in Healthcare FAQ Series – Smart Cards and the Healthcare Ecosystem

In this FAQ

  1. What is a smart card?
  2. Who benefits from smart cards?
  3. How many smart cards are currently deployed in the healthcare market?
  4. Have any stakeholders in the healthcare ecosystem deployed smart cards?
  5. What are the major barriers to implementation?
  6. How much time is required to roll smart healthcare cards out to cardholders?
  7. Is a unique patient ID needed to use smart healthcare cards?
  8. Can smart cards integrate with current healthcare applications and workflow?
  9. Can smart healthcare cards help prevent identity theft?
  10. How are cardholders prevented from “sharing” a card?
  11. How is information on a card updated when cardholder information changes?
  12. Can card data be accessed in emergencies?
  13. Who maintains demographic data on the smart card?
  14. Which stakeholders typically pay for or issue smart cards?
  15. Can the return on investment for smart cards in healthcare be demonstrated?
  16. Can smart cards contribute to effective health information exchange without national positive patient identification?
  17. What happens if cardholders forget their cards?
  18. Can smart healthcare cards facilitate HIPAA compliance?
  19. Can smart healthcare cards facilitate American Recovery and Reinvestment Act compliance?
  20. What is “meaningful use” and can smart healthcare cards facilitate compliance?

1. What is a smart card?

A smart card is a small card or similar device with an embedded integrated circuit chip. What makes the card smart is the embedded chip. The chip is a powerful minicomputer that can be programmed for different applications.

The chip enables a smart card to store and access data and applications securely and exchange data securely with readers and other systems. Smart card technology can provide high levels of security and privacy protection, making smart cards ideal for handling sensitive information such as identity and personal health information.

For additional information on smart card technology, see the “About Smart Cards FAQ.”

2. Who benefits from smart cards?

Three entities can benefit from the use of smart cards as healthcare cards: providers, patients and payers.

How Providers Benefit

Healthcare providers are the professionals or institutions that provide healthcare services to individuals, families, or communities. Individuals who provide these services include practitioners (physicians, nurses, dentists, pharmacists) and other healthcare professionals. First responders, such as Emergency Medical Services, are also included in this category. Institutions considered to be providers include privately and publically operated hospitals, clinics, and primary and urgent care centers. As the healthcare system evolves, new types of providers are emerging, such as accountable care organizations, which bring physicians and hospitals together in a provider network that shares responsibility for a patient’s care.

Providers can realize the following benefits from implementing smart cards:

  • Cost minimization
  • Positive patient identification
  • Administrative efficiency
  • Regulatory compliance
  • Enhanced patient satisfaction
  • Better patient outcomes
  • New revenue streams
  • Competitive differentiation

Cost minimization. The use of a smart card can minimize costs by reducing identity errors during the registration process, eliminating the denial of claims due to incomplete demographic or insurance information, and automating and streamlining the registration process, allowing personnel responsible for registration to be more efficient and focus on higher value tasks.

Positive patient identification. When identification is authenticated by a smart card, the link between the card and the cardholder is validated, thereby mitigating the risks arising from mistaken or fraudulent claims of identity. Mistaken identity can lead to unnecessary or potentially harmful medical procedures and an inaccurate medical history record that can jeopardize future care for the patient to whom the record belongs.

Administrative efficiency. Smart cards can contribute to administrative efficiency by eliminating the repetitive task of manually creating and checking paper registration forms, freeing administrative personnel to focus on higher value tasks. Getting registration information right the first time eliminates the cost of using staff to resolve issues that delay the claims process.

Smart cards issued to health care providers as employee IDs can enable convenient, secure multi-factor authentication capabilities to access health information systems in facilities (e.g., hospitals, clinics), via authorized portable devices or to provide VPN access.

Regulatory compliance. Smart cards can also facilitate compliance with government regulations and industry rules. The use of a smart card can help covered entities and American Recovery and Reinvestment Act (ARRA)-stipulated entities comply with both the HIPAA Privacy Rule and the security and privacy mandates under ARRA.

Patient satisfaction and outcomes. Patient satisfaction should increase when the patient carries a smart healthcare card. Because smart cards expedite the registration process and make timely and accurate information about the patient’s health status available to the provider, they minimize patient inconvenience and maximize the quality of the patient’s interaction with the provider. By enabling positive patient identification and delivering relevant and accurate health data to the provider, smart cards play an important role in ensuring that the right treatment is given to the right individual on a timely basis.

New revenue streams. The convenience and quality of service to which smart cards contribute can build patient loyalty, resulting in return visits and increased use of provider services and thereby encourage new revenue streams. And because smart cards can support payment functions (debit and credit), they can be issued to facilitate incremental purchases of goods and services.

Competitive differentiation. Smart cards can deliver real and perceived benefits that can distinguish an issuer from that issuer’s peers. The enhanced quality of service associated with smart cards can increase patient retention rates and attract new patients who are interested in a better healthcare experience. A sophisticated healthcare credential based on a smart card reflects well on the institution that issues it and gives the cardholder a sense of being a valued member of a prestigious organization. Furthermore, smart cards can interoperate with a wide range of mobile devices, providing health care providers with a secure way to access their patients’ health information via a myriad of platforms and mobile devices. This supports the Bring Your Own Device (BYOD) strategies that many institutions are looking to adopt while giving providers innovative technologies to make them more productive.1

How Patients Benefit

Patients are the recipients of medical care, and with the advent of patient-centered care, these individuals play an increasingly important role in how healthcare is delivered. Patients derive the following benefits from using smart cards:

  • Empowerment
  • Convenience
  • Better medical outcomes

Smart healthcare cards can give patients personal ownership and control over their medical records, enabling them to receive well-informed treatment more quickly. Smart cards can expedite the registration process, resulting in care delivery that is distinguished by greater speed and efficacy.
Because smart cards deliver a positive identification along with the patient’s medical information, they can support expeditious delivery of the most appropriate treatment. In emergencies, a smart healthcare card can enable immediate access to potentially lifesaving information. For example, emergency responders can read information about a cardholder’s medication allergies from a smart card and treat the person with appropriate medication.

Smart healthcare cards can also provide patients with secure access to their health information via emerging online patient portals and mobile applications, which are becoming increasingly important as health care treatment efforts shift to non-traditional settings such as the home.

How Payers Benefit

Payers are the parties outside of the physician-patient relationship that finance patient care. Included in this category are government agencies, such as Medicare, Medicaid, and the Veterans Administration, and private insurance companies. Private insurance companies can be divided into for-profit businesses, such as Aetna, CIGNA, and Oxford, and not-for-profit businesses. Certain insurance companies fuse public and private insurance, supplementing government insurance (such as Medicare) with private insurance coverage. Included as payers are the health maintenance organizations (HMOs) that offer both basic Medicare coverage and private insurance paid for by patient-paid premiums and flexible spending accounts (FSAs).

Smart cards can help payers save money. They can fit into a payer’s enterprise IT automation strategies to improve administrative savings by streamlining business processes and providing better patient care. In addition, authentication of the cardholder as the insured reduces medical fraud by eliminating card swapping, tampering, and cloning. Smart cards can support verification of benefits eligibility at the point of service, ensuring that treatment is restricted to covered services and prescriptions. The availability of a patient’s up-to-date healthcare record at the point of service reduces the incidence of duplicate tests and procedures that are typically a significant cause of wasteful spending.
Smart healthcare cards can also address provider fraud by providing strong authentication of the healthcare provider identity when submitting a claim and by linking treatments with verified patient encounters.

3. How many smart cards are currently deployed in the healthcare market?

Smart cards are not a new technology. Over 5 billion smart cards are issued annually worldwide; over 140 million have been distributed in healthcare alone. For examples of smart healthcare card implementations, see the “Smart Cards and Healthcare Providers FAQ.”

4. Have any stakeholders in the healthcare ecosystem deployed smart cards?

Healthcare providers (hospitals, physicians, and clinics) are currently using smart cards. The healthcare market has accepted the technology and is implementing patient identity solutions using smart cards in combination with identity software solutions. For examples of smart healthcare card implementations, see the “Smart Cards and Healthcare Providers FAQ.”

5. What are the major barriers to implementation?

The major obstacles to smart healthcare card deployment are overburdened IT departments and budgetary constraints. The urgency of deploying priority projects, such as electronic medical records, has completely absorbed most IT resources. Major government health insurance programs like Medicare and Medicaid are being cut or are facing significant reductions.

In actuality, smart healthcare card implementation may not require significant IT resources. Today’s technology provides an opportunity for healthcare providers to interface smart card software with their current patient admissions software. Integration can be accomplished without involving teams of provider IT personnel; more important, integration does not disrupt the provider’s current workflow at patient registration or admissions, since the current registration systems are used. In fact, the registration process becomes easier, since use of the smart card can assist in automating registration.
Providers implementing smart healthcare cards can counter budget constraints by pointing to potential savings. Cost savings can be calculated using time and cost data for current registration procedures. Providers can measure savings in areas such as data entry time, registration time, key stroke entry errors, billing errors and delays, and duplicate and overlaid record errors and repairs. The savings realized annually can pay for a typical smart card deployment, as illustrated by a case study at Memorial Hospital (Conway, N.H.), which verified an ROI within 8 months (Question 15).2

The Medical Group Management Association (MGMA) has taken a leadership role in promoting the use of readable patient healthcare cards compliant with the standards promulgated by the Workgroup for Electronic Data Interchange. The MGMA estimates that the total cost savings attributable to implementation of an electronically readable patient healthcare card are over $2.2 billion per year in the United States.3 This number was calculated using conservative estimates of the amount of time and money attributable to resubmitting claims, making copies, and manually entering patient data. A healthcare provider can use the same matrix to determine annual cost savings for a facility, using either the conservative MGMA estimates or entering the provider’s own numbers, if available.

Figure 1 illustrates how to calculate the estimated annual cost savings for a provider using automated smart card registration technology. The example shown is a 160-bed hospital that registers 590 visits per day, provides 14,000 emergency room visits and 200,000 outpatient visits, and admits 1,800 patients per year.

Figure 1. Annual Savings Calculator Example4

Note: This model does not include other benefits of electronic registration.

6. How much time is required to roll smart healthcare cards out to cardholders?

The amount of time required to roll out a smart healthcare card depends on the scope and complexity of the solution that is being implemented. Smart card technology is available that can interface to a provider’s system in a matter of days, using healthcare messaging standard (HL7) and hosted cloud solutions. Smart cards require minimal amounts of hardware, and the hardware is “plug and play,” so impact on registration workflow is typically minimal. Other considerations are the scope of the solution and the number of system interfaces involved.

Providers typically roll a system out to either a segment of their patient base or every patient who enters a facility. Timing depends on what specific solution the provider wants to achieve. For example, an encrypted, branded card with a photo, name, and required demographic and medical information can be provided to each patient at registration. Or cards can be distributed in mass to a target patient base; as patients return to the facility with their cards, provider personnel can verify their identity, take pictures of the patients, and activate the cards.

7. Is a unique patient ID needed to use smart healthcare cards?

Ensuring that a person’s medical record information is complete, safe, and accurate is a challenge, given the involvement of multiple pharmacies, physician’s offices, hospitals, urgent care centers and other medical providers. The task is complicated by the fact that individuals change employers, insurance carriers, insurance plans within a carrier, and names.

Some countries have chosen to address this complexity by issuing national health ID cards, with each citizen having a unique identifier. However, smart cards can support healthcare applications with or without a unique patient identifier. Smart cards can serve as a secure way to correlate multiple identifiers across different systems and organizations, linking them all on the card.

8. Can smart cards integrate with current healthcare applications and workflow?

Smart cards allow for electronic interfacing with healthcare identity software solutions. Healthcare identity software integrates with current healthcare applications, including admissions discharge transfer applications, electronic medical records, electronic healthcare records, and health information exchange applications.

9. Can smart healthcare cards help prevent identity theft?

A recent study estimates that nearly 1.5 million Americans are victims of medical identity theft.5 The average cost to resolve a single case of medical identity theft is $20,663. The same study found that in 63 percent of the cases, the victim’s name was used to obtain medical treatment or service, and in 43 percent, the victim’s name was used to obtain government benefits, such as Medicare and Medicaid. The Secure ID Coalition estimates that the use of smart cards could eliminate $30 billion a year in Medicare fraud alone.6

Information on smart cards can be encrypted and smart cards can carry encoded identification verifiers, preventing electronic identify theft. In addition, smart cards can carry a photo (on the card, in the chip, or both) for physical identity verification. These measures, coupled with other authentication mechanisms such as the requirement for a PIN or biometric data (a fingerprint or iris scan, for example), can prevent would-be thieves from claiming and using a card. More important, smart healthcare cards can carry a universal identifier and be linked to a patient’s medical record number or master patient index number. The card’s use can then be tracked or date-stamped to log and verify activity.

10. How are cardholders prevented from “sharing” a card?

Unlike insurance cards and government beneficiary cards (such as Medicare and Medicaid cards), smart cards can carry encoded authentication verifiers, including a photograph, PIN, and biometric data. When a smart healthcare card is issued, the patient’s identity should be verified. When the patient presents the card, these authentication verifiers can be used to verify the patient’s identity at the point of service.

In addition, the card can carry a universal identifier that identifies the patient’s medical record or master patient index number. It would be difficult for a different person to use the card, even if that person resembled the patient, because the card can retrieve the correct cardholder’s medical record automatically at registration.

11. How is information on a card updated when cardholder information changes?

When a patient uses a smart healthcare card, whether at a registration desk or at a kiosk, the patient should be prompted for any information changes, such as change of address or insurance. After any new information is recorded in the provider’s system, the updates can automatically be stored on the card.

Healthcare identity software is available that can correlate patient visits across different locations. That is, if a patient updates information at one location and then uses the card at another location, the card can electronically alert staff that information has been changed, allowing them to verify with the patient that the changes are correct. In addition, the new data on the card can update the information on the provider’s system with a click of the mouse. This approach both automates manual data entry and closes the information gap between different providers using software systems that do not communicate. Such information gaps can be costly to providers and inconvenient for patients. Perhaps more important, the most current information can be available to a healthcare provider when a patient is unresponsive or cannot communicate.

12. Can card data be accessed in emergencies?

Solutions can allow first responders to access the demographic, medical, and insurance information on a smart card during an emergency. The critical medical information on the card can be read by emergency personnel using current communication hardware, such as a tablet computer with a card reader or a mobile phone. In the event of a disaster, the information on the card can be accessed without requiring an internet connection or electricity. (These capabilities are why the American Medical Association endorses smart cards as the solution for populations in areas at risk of natural disaster.)

13. Who maintains the demographic data on smart cards?

The cardholder is responsible for ensuring that demographic data is current. When a cardholder enters a provider location and the card is read for that visit or for registration, the card can be updated with the most current data. Current card technology can interface the card with the provider’s system to mirror the data on the card. Any information that changes at registration or after a medical visit can automatically be updated on the card by inserting the card into a reader at discharge.

14. Which stakeholders typically pay for or issue smart cards?

There is no requirement that a particular stakeholder purchase the card. Any authorized organization can purchase and issue the card.

15. Can the return on investment for smart cards in healthcare be demonstrated?

A case study demonstrating both the use of smart healthcare cards and the return on investment (ROI) was conducted at Memorial Hospital, North Conway, N.H. in 2009.7 The hospital is a 35-bed facility with 100,000 annual patient visits. The case study was conducted over an 8-month period, with the following results:

  • Annual administrative savings of $300,000 (not including marketing advantages).
  • Increase in Press Ganey patient satisfaction scores by 10 percent in the first 60 days. Scores are now in the top 5 percent for all providers nationwide.
  • Decrease in billing errors from 6.8 percent to less than1 percent.
  • Decrease in duplication of medical records from 7 percent to less than 1 percent, resulting in annual savings of $574,000 (scrubbing records), with unreported cost savings that include the costs of billing losses, medical procedure losses, and medical errors.
  • Decrease in payment times for receivables from 55+ days to less than 42 days.
  • Decrease in average admission time from 22 min. to less than 3 min., allowing Memorial to redirect staff to other tasks.
  • Elimination of clipboards and paper at registration. A cover sheet given to the patient at registration is no longer required, saving 156 cases of paper and toner, and eliminating the requirements for storage and shredding of cover sheets.
  • Reduction in full-time staff requirements from 22 to 15 (annual savings equates to $226,000).
  • Decrease in admissions error rates from 6 percent to less than 1 percent (average 1,500 registrations a week).

16. Can smart cards contribute to effective health information exchange without national positive patient identification?

A smart healthcare card can carry a single unique identifier that authenticates the cardholder and connects all medical record numbers to one card identity. However, the card alone will not meet the requirements for nationwide positive patient identification. What is needed is a cloud-based unified identifier that can connect to disparate identity software solutions and an open-source, universally adopted card-acceptance solution. The current smart card identity software solution providers provide the foundation required to attain these goals.

17. What happens if cardholders forget their cards?

If a card is forgotten, the registration process can proceed as if the patient forgot an insurance card. If an identity solution is in place at the provider’s location, a photo of the person is displayed on all registration screens to help authenticate the patient’s identity. If a card is lost, a new card is issued that automatically connects to any current medical record numbers that were connected to the old card, and the old card is permanently terminated, rendering it useless.

18. Can smart healthcare cards facilitate HIPAA compliance?

Smart healthcare cards offer an effective tool for facilitating compliance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. One of the key provisions of the HIPAA Privacy Rule is to assure that an individual’s health information is properly protected and that individuals can control how their health information is accessed and used.

The HIPAA Privacy Rule applies to specific entities such as health care providers (doctors, dentists, pharmacies, nursing homes), health plans (HMOs, health insurance companies, company health plans), and health clearinghouses. Providing both employees of covered entities and patients with smart cards can ensure that health information is accessed only by those with the appropriate credentials.

Breaches of protected health information occur when data is kept on unsecured, unencrypted devices such as CDs and USB flash drives or when employees at covered entities access medical records without authorization.8 Smart card credentials can minimize or eliminate such breaches by allowing only authorized personnel to access patients’ medical records.

With the issuance of smart healthcare cards for patients, personal medical information on file with multiple institutions and care providers can be linked, securely and accurately. Patients can have better control of their personal health information, a key privacy principle. Accurate patient identification, a critical issue in healthcare today, supports the safety and confidentiality of protected health information.

19. Can smart healthcare cards facilitate American Recovery and Reinvestment Act compliance?

The American Recovery and Reinvestment Act of 2009 (ARRA) creates enhanced privacy standards. Smart healthcare cards address a key ARRA concern regarding access to health information. ARRA establishes a committee to examine methods that facilitate secure access by an individual to that individual’s protected health information, as well as methods, guidelines, and safeguards to facilitate secure access by caregivers, family members, or a guardian.

The HIPAA Privacy Rule protects all individually identifiable health information held or transmitted by a covered entity. ARRA expands those protections beyond the HIPAA rule to include additional entities, such as vendors of personal health records. Smart cards can help covered entities and ARRA-stipulated entities comply with both the HIPAA Privacy Rule and the ARRA security and privacy mandates.

20. What is “meaningful use” and can smart healthcare cards facilitate compliance?

Meaningful use of health information technology is an umbrella term for rules and regulations with which hospitals and physicians must comply to qualify for federal incentive funding under the American Recovery and Reinvestment Act of 2009 (ARRA).9 ARRA authorizes the Centers for Medicare & Medicaid Services (CMS) to provide reimbursement incentives for eligible professionals and hospitals that meet meaningful use criteria on the way to becoming “meaningful users” of certified electronic health record (EHR) technology. Meaningful use includes using EHR technology for functions that both demonstrate and improve quality of care, such as e-prescribing, electronic exchange of health information, and submission of quality measures to CMS.

Meaningful use sets healthcare goals, rather than goals for information technology. The overall goals are to use EHR technology for the following:

  1. Improve quality, safety, and efficiency of patient care
  2. Engage patients and families
  3. Improve care coordination
  4. Ensure adequate privacy and security for personal health information
  5. Improve population and public health

Implementation of meaningful use is occurring in multiple stages.

Stage 1 implementation requirements and measures are documented in the Department of Health and Human Services Final Rule of July 28, 2010.

The Department of Health and Human Services’ Office of the National Coordinator (ONC) states that EHRs provide the following benefits for providers and their patients:10

  • Complete and accurate health information.
  • Better access to health information.
    EHRs facilitate access to the information that providers need to diagnose health problems earlier and improve the health outcomes of their patients. EHRs also allow information to be shared more easily among doctors’ offices and hospitals and across health care systems, leading to better coordination of care.
  • Patient empowerment.
    EHRs empower patients to take a more active role in their health and in the health of their families. Patients can receive electronic copies of their medical records and share their health information securely over the internet with their families.

The Stage 211 rules document includes:

  1. Minor changes to Stage 1 criteria and measures
  2. Additional requirements and measures for achieving Stage 2
  3. Additional clinical quality measures
  4. Additional reporting requirements and mechanisms

Implementation of meaningful use and incentive payment opportunities extends until at least 2020, with incentives decreasing over time to encourage early adoption of EHR technology.

Smart cards can make critical information readily available to healthcare providers and facilities, which positively affects the quality, accuracy, and cost of care. Current technology supports smart card solutions that can integrate with current provider systems using the cloud and HL7 messaging. Health information can be exchanged among providers and across systems, making key health information mobile and facilitating coordination of care. This same technology also allows healthcare information to be transformed into a standardized electronic format that can be accessed by patients and their families through secure patient portals.

Smart card and patient identity technologies can provide a modular EHR solution and meet Health Information Technology for Economic and Clinical Health (HITECH) and meaningful use requirements in eight areas:

  1. Streamline patient registration and discharge
  2. Fulfill government requirements for confirming identity verification
  3. Increase patient privacy and security
  4. Prevent record duplication
  5. Provide consistent branding across an organization and beyond
  6. Serve as a real-time, portable mini-EHR
  7. Provide first responders with potentially life-saving information
  8. Satisfy HIPAA compliance requirements

Streamline registration and discharge. Use of a smart healthcare card for registration or admission allows healthcare organizations to decrease patient wait times, improve the quality of care, and heighten efficiency by confirming a patient’s identity, registering or checking the patient in, and verifying insurance instantly. Because the process does not rely on human data entry or transcription, errors can be virtually eliminated. Use of a smart healthcare card at discharge allows the system to recognize a patient’s identity, match it to the visit, update the card with demographic and medical information, update a patient data portal with required discharge information (e.g., follow up appointments, medication information, education, instructions, activity requirements, dietary care), and trigger transmission of any required educational materials to the patient’s e-mail address.

Meet government identity verification requirements. Smart card technology is currently used for the Department of Defense Common Access Card (CAC), the Federal Information Processing Standard (FIPS) 201 Personal Identity Verification (PIV) card (issued to all Federal employees and subcontractors), the Transportation Worker Identification Credential (TWIC), and the U.S. electronic passport. Using standards such as FIPS 201, smart cards can provide single sign-on solutions to EHRs for government-employed medical personnel, such as physicians and nurses.

Increase patient privacy and security. Smart card solutions can meet or exceed all mandates and requirements for patient privacy, safety, records, system security, and confidentiality. All smart card data can be encrypted, and all data transmitted can comply with applicable standards (e.g., HL7, SnoMed, and ISO). Medicare and Medicaid data and statistics can be maintained per federal requirements.12 Smart cards integrated with an identity software solution can also support automated time-based reporting and review of patient data, protecting healthcare information with encryption algorithms that allow access only by authorized readers. Smart cards can support multifactor authentication, which satisfies requirements such as those for ePrescribing, and can provide strong authentication, digital signatures, and security through encryption.

Prevent record duplication. Smart cards can significantly decrease the incidence of duplicate records and the associated expense. Linking a patient to that patient’s health records seems a simple process, but human error, such as transcription of the wrong medical record number, can retrieve an incorrect record or cause creation of a duplicate record because the correct record has not been located. Using authenticated identifiers on a card can match a patient to that patient’s individual medical record, improving administrative functions such as billing and registration and enhancing continuity of care.

Provide consistent branding. While smart cards can provide a single tool for patient identity management, they also provide healthcare organizations and affiliations with the opportunity to build stronger community alliances between healthcare organizations, integrated delivery networks, hospital systems, provider networks, and auxiliary services. Coupled with identity software, smart cards can replace multiple cards (e.g., insurance IDs, allergy cards, registration cards) that a patient or consumer would otherwise have to carry to be known throughout the organization. In addition, there are smart card solutions that make the patient’s healthcare provider of record immediately known and recognized to other members of the healthcare community, such as pharmacies, durable equipment providers, and others.

Serve as a real-time EHR. Smart cards can contain encrypted patient demographic information, such as name, date of birth, height, weight, and body mass index (BMI), as well as other key information. In addition, a smart card can store key health data components such as current medications, allergies, immunizations, a conditions or problem list, smoking status, surgeries, and hospitalizations. Smart cards can also be configured to store patient information such as implanted devices, artificial valves, defibrillators, advance directives, and organ donation status. Unlike standard EHRs, a smart card is mobile and goes with the patient.

Provide first responders with critical information. In an emergency, smart cards can enable first responders using a simple portable reader to identify a patient immediately and access the patient’s medical record, regardless of whether the patient is conscious, is emotionally or physically able to convey the entire medical picture accurately, or has language barriers that impede effective communication.

Satisfy HIPAA compliance requirements. Smart healthcare cards offer entities covered under HIPAA an effective tool to facilitate compliance with the HIPAA Privacy Rule. One of the key provisions of the HIPAA Privacy Rule is to assure that an individual’s health information is properly protected and that individuals can control how their health information is accessed and used. Providing healthcare organization employees as well as patients with smart healthcare cards can help ensure that health information is accessed only by those with the appropriate credentials. Many recent high-profile breaches of protected health information occur because data is kept on unsecured, unencrypted devices such as CDs and USB flash drives, or because entities have been able to access medical records without proper authorization. A smart healthcare card can minimize or eliminate such breaches using embedded secure chip technology, encryption, and other cryptography measures that make it extremely difficult for unauthorized users to access or use information on the smart card or to create duplicate cards. These capabilities help protect patients from identity theft, protect healthcare institutions from medical fraud, and help healthcare providers meet HIPAA privacy and security requirements.

In summary, smart healthcare cards can better position healthcare organizations and providers for meaningful use of EHRs, while addressing many of the security and privacy challenges that come with EHRs and health data exchanges.



1 Additional information on the use of smart card technology and mobile devices for identity authentication can be found in the Smart Card Alliance white paper, “Mobile Devices and Identity Applications.”
2 Lawrence Carbonaro, “Memorial Hospital: A Case Study,” 2009, http://www.lifemedid.com.
3 MGMA Project SwipeIt, “Model Assumptions and Raw Input,” 2009, http://www.mgma.com/swipeitwaste.
4 This model was provided courtesy of LifeMed ID.
5 Ponemon Institute© Research Report, “Second Annual Survey on Medical Identity Theft,” March 2011, http://www.protectmyid.com/images/education_center/pdf/050TypesofFraud/1_types%20of%20fraud_medical%20study.PDF.
6 Secure ID Coalition, http://upgradethecard.com/
7 Lawrence Carbonaro, op cit.
8 “New Ponemon Institute Study Finds Data Breaches Cost Hospitals $6 Billion; Patient Privacy in Jeopardy,” FierceHealthcare, November 9, 2010, http://www.fiercehealthcare.com/press-releases/new-ponemon-institute-study-finds-data-breaches-cost-hospitals-6-billion-pa.
9 Meaningful use is a broad topic. For more information, follow the links to “EHR Incentives” at The Centers for Medicare and Medicaid Services Web site: https://www.cms.gov. Dr. John Hamalka’s blog (http://geekdoctor.blogspot.com/2011/01/bookmarked-final-rules.html) contains bookmarked versions of the CMS final rules. Additional resources are the Healthcare Information and Management Society (HIMMS), “Meaningful Use One Source, ”http://www.himss.org/ASP/topics_meaningfuluse.asp, and “Ten Ways in Which LifeMed™ Smart Card Solutions Meet HITECH Act Initiatives: Helping Healthcare Providers and Organizations Improve Care Delivery, Reduce Costs, and Achieve Meaningful Use,” .
10 http://healthit.hhs.gov/portal/server.pt/community/healthit_hhs_gov__meaningful_use_announcement/2996
11 The document proposing Stage Two criteria for eligible professionals, hospitals, and critical access hospitals to qualify for Medicare and/or Medicaid EHR incentive payments was posted for comment from March 6–May 7, 2012. A final date for publication has not been released, although January 2014 is generally regarded as the implementation date for Stage 2.
12 https://www.cms.gov/informationsecurity/downloads/ssl.pdf. CMS has defined 11 information types processed by CMS information systems. For each information type, CMS used FIPS 199 to determine an associated security category. CMS also used OMB M-04-04 to determine each information type’s e-Authentication assurance level.


About the Health and Human Services Council

The Smart Card Alliance Health & Human Services Council brings together human services organizations, payers, healthcare providers, and technologists to promote the adoption of smart cards in U.S. health and human services organizations and within the national health IT infrastructure. The Health & Human Services Council provides a forum where all stakeholders can collaborate to educate the market on the how smart cards can be used and to work on issues inhibiting the industry.

About the Smart Card Alliance

The Smart Card Alliance is a not-for-profit, multi-industry association working to stimulate the understanding, adoption, use and widespread application of smart card technology.

Through specific projects such as education programs, market research, advocacy, industry relations and open forums, the Alliance keeps its members connected to industry leaders and innovative thought. The Alliance is the single industry voice for smart cards, leading industry discussion on the impact and value of smart cards in the U.S. and Latin America. For more information please visit https://www.securetechalliance.org.