Question 1

Is contactless smart card technology the same as RFID?

Accepted Answer

Contactless smart card technology is not the same as RFID. Discussions of RF-enabled applications can be confusing, and contactless smart card technology is often incorrectly referred to as RFID. Currently, a wide range of RF technologies are used for a variety of applications, each with different operational parameters, frequencies, read ranges, and security and privacy features. For example, the RFID technologies that are used to track inventory operate over long ranges (e.g., 25 ft.) and have minimal built-in support for security and privacy. Contactless smart cards use RF technology but, by design, operate at short ranges (less than 4 in.) and are very secure. Contactless smart card technology is currently being used for secure identity applications worldwide.

Question 2

Do all smart cards look the same?

Accepted Answer

Smart card technology conforms to international standards ISO/IEC 7816 and ISO/IEC 14443, which enable smart cards to be interoperable. Smart card technology is available in a wide variety of form factors , including plastic cards, key fobs, the subscriber identification modules used in GSM mobile phones, and USB-based tokens. Different applications may use different form factors depending on the application and end user requirements.

Question 3

Can smart cards store a patient's complete medical record?

Accepted Answer

Some smart health card implementations will provide secure access to cloud-based health information systems as a way of ensuring a patient’s health information is protected and accurate. However, smart cards are also available with a variety of features and memory capacity. A card equipped with 128 Kbytes of memory, for example, can store more than 120 pages of data. Large data files that cannot be stored on the card, such as lab reports or diagnostic images, can be stored on a central server and be accessed by the card. For example, EMT responders or an “outside” provider could use the card to access patients’ health records stored on a server in the cloud. Since the card authenticates the patient’s identity and carries additional medical and demographic data, it can be used as a key for authorized healthcare providers to unlock and access additional data.

Question 4

Who can access the information on a smart card?

Accepted Answer

Smart cards are very secure. Access to the information on a card can be controlled and granted only to authorized personnel. A patient can control who accesses information, and access can be granted only with patient consent and given only to individuals identified by the patient or specified by policy. Access requirements can be defined; individuals may be given permission to access only specific information. For example, emergency personnel may need access only to details on allergies, prescriptions, or blood types. Access can also be controlled by PIN or biometric factor. All access transactions can be recorded for audit purposes and reported. The answers to Questions 5 and 6 include additional information describing the security provided by smart cards.

Question 5

What are the advantages of smart cards over a biometrics-only solution for identity authentication?

Accepted Answer

Healthcare organizations considering different approaches for verifying patient and healthcare provider identity must look at the privacy, security, usability and performance implications of the different options. Smart healthcare cards – either alone or combined with biometrics – provide a privacy sensitive, secure solution, and also offer additional features and functions that can provide significant benefits to healthcare providers when compared to a biometrics-only solution. Biometrics-only solutions are not ideal for patient health ID cards. A smart healthcare card with a photo provides a solution that patients are familiar with and will readily accept. In addition, the smart healthcare card promotes the healthcare organization brand, can support a wide variety of applications that add value, and can be interoperable and usable among disparate groups. Either a smart provider ID card or a smart provider ID card with a biometric can provide healthcare organizations with the features needed to authenticate provider identities and offer better performance than a biometrics-only solution. Providers need an identity authentication solution that can be used at multiple facilities and in emergency situations. Smart healthcare cards are built on standards, can be interoperable across multiple locations, and can be used with portable readers in emergency response situations. For multi-factor authentication, a smart healthcare card with a personal identification number can be significantly more cost-effective for a healthcare organization than a biometric solution. Combining smart cards and biometrics can provide a full-feature solution for healthcare provider identity authentication. By storing the biometric and performing the biometric match on the smart healthcare card, the privacy and security of biometric authentication are enhanced and system performance is improved, with local, offline identity authentication. Only identity verification solutions based on smart card technology can provide identity assurance and authentication while increasing privacy and security. Smart cards also bring operational efficiencies to the healthcare system that reduce costs, reduce fraud, and increase patient satisfaction. As electronic health records (EHRs) and personal health records (PHRs) move to the mainstream, smart health ID cards can be used as a two-factor authentication mechanism into a provider or insurer web portal. Smart healthcare cards protect patient privacy and security when accessing online records and support the National Strategy for Trusted Identities in Cyberspace (NSTIC), which identifies consumer access to online electronic health records as warranting two-factor authentication. Smart card technology is used globally for secure identity, access and payment applications. As a standards-based technology, smart card solutions for patient and provider identity management are deployed around the world and are available from numerous vendors. Smart card technology provides a strong foundation for healthcare ID cards, enabling improvement in healthcare processes and in patient and provider identity verification, while securing information and protecting privacy.

Frequently Asked Questions