A smart card, which is the size of a credit card, has an embedded computer chip
that can store information, process information or serve as a key to an online
database or network. Use of smart cards involves readers that must either
contact or pass within a few inches of the reader.
"Smart cards still are not a mainstream technology," says John Carpenter, who
manages healthcare applications for Microsoft Corp.
Humana, based in Louisville, Ky., has proposed use of smart cards in conjunction
with development of a Web-based medical information system.
Humana officials had announced plans to test limited use of smart cards for
patient identification in Cincinnati by the end of 2000, but spokesperson Dick
Brown said in December that the test may not come until mid-2001.
"We want to be sure that we have the right kind of process," Brown said.
Humana/ChoiceCare, a Cincinnati-based subsidiary of Humana, announced in October
that its more than 300,000 enrollees now have access to personal account
information on the Web. But Humana/ChoiceCare spokesperson Jose Marques and
Brown say the pilot program in Cincinnati does not involve use of smart cards.
"That's a separate thing," Marques says.
Questions about smart card technology not only deal with whether the Internet
already has replaced the need for smart cards but also whether use of smart
cards may undermine the privacy of medical records.
Representatives of the nation's three largest smart card companies, GemPlus,
Oberthur Card Systems and Schlumberger, indicate that their companies have only
limited involvement with health and medical applications for smart cards in the
United States.
"A lot of little pilot projects have been ge nerated," says Michael Cariou,
director of business development for Oberthur in Rancho Dominguez, Calif.
"Interoperability," or the need for standardized equipment and data transfer,
has been a major hurdle to development of healthcare applications for smart card
systems, industry and government officials say.
Since data stored on a microchip on the smart card requires a reader to access
the data, a reader in one health provider's office may not read the smart card
from another health provider.
Cariou says national healthcare systems make smart card applications more
feasible because standardization of equipment is much easier.
Peter Waegemann, executive director of the Medical Records Institute, a Newton,
Mass.-based company that is promoting a total shift to electronic health and
medical records, contends, however, that the use of smart cards to store patient
data is decreasing and should end.
"Medical record information is much better stored and accessed on secure Web
sites than on smart cards," Waegemann says.
Waegemann also is chairman of the U.S. technical advisory group for the
International Standards Organization working group that is trying to develop
international protocols for health cards.
"The official U.S. position is that cards which carry patient information other
than identification data are an obsolete technology," Waegemann says. A smart
card then would provide essentially the same information that may now be
available on an insurance company ID card.
An alternative is to use smart cards as access cards for Internet or other
computer-network storage of medical information. The smart card includes the
security codes necessary to access encrypted data, including health and medical
records.
Carpenter of Microsoft says in the short-term, however, data stored on smart
cards will be useful since all health providers do not have high-speed
connections to the Internet.
Cariou of Oberthur also acknowledged th at the use of smart cards is in
transition, but he says a card's microchip can carry a certain level of
information and then connect with a computer network to provide additional
information.
Even though smart cards can have much as 100 times more memory than traditional
magnetic strip cards such as ATM cards or credit cards, smart card microchips
have limited memory and are limited in storing graphics, for example, he says.
But at least one smart card company executive is banking on the continued use of
data-embedded cards.
George Massengill, who heads Knoxville, Tenn.-based Pocket Medical Records,
contends that his company is taking the right approach by creating smart card
community networks with compatible readers that eventually could be linked.
Medical providers are at different stages of adoption of computers, computer
networks and the Internet, Massengill says. They are more likely to see the
benefits of a local network that allows information transfer on the community
level rather than going directly to a national network.
Massengill agrees with Carpenter that many medical providers do not now have the
necessary hardware, software and Internet connections to make use of smart
cards, only access cards.
"We need to build the network," he says. "We need to build the
infrastructure. We believe this is a stronger, more acceptable approach."
Part of the problem is the nationally diverse nature of the healthcare industry.
"We have to accept the fact that they (medical providers) are very
entrepreneurial and very independent," Massengill says.
Humana officials say the company wants to take the lead in smart card use.
Humana's smart card plans are in conjunction with Microsoft and WebMD Corp.
The system would use Microsoft's Windows for Smart Cards and allow a patient to
access an individual health record on the WebMD portal, a Humana representative
says.
Carpenter says plans for the Humana program still are in development, but a
smart card would provide Humana customers with information about their coverage
and eligibility and provide them access to their medical information on WebMD.
Humana's Web site now allows its enrollees to access information related to
eligibility, claims, referrals and inpatient authorizations.
"We'll have more to talk about when we get it (the smart card system) up and
running," Carpenter says.
Other health insurance companies have decided not to use smart cards.
Representatives of Hartford, Conn.-based AetnaUSHealthcare; Miami-based AvMed
Health Plan; and Kaiser Permanente, based in Oakland, Calif., say they have no
plans to use smart card systems.
Kaiser spokesperson Matthew Schiffgens says the company issues ID cards but has
no plans to use a smart card system because of the question of interoperability
among providers.
Kaiser already has an integrated medical records system for its participants and
in case of an emergency-for example, when someone is away from home-access to
the records office is available through a toll-free number on the ID card,
Schiffgens says.
Schiffgens says Kaiser is studying the possibility of allowing members to access
their health information through an online site.
But many of the nation's healthcare providers also are facing new federal
regulations for electronic transmission of medical information and for
maintaining the privacy of that information.
Although the Health Insurance Portability and Accountability Act of 1996 in its
"administrative simplification" section required creation of standards for
electronic transfer of health information, Congress failed to enact these
standards within the required time limit. That task has fallen to HHS, which
released its final rule that went into effect Oct. 16.
This rule adopts standards for eight electronic transactions and for programs to
be used in those transactions. It also contains requirements concerning the use
of these standards by health plan s, healthcare clearinghouses and certain
healthcare providers.
The compliance deadline for health plans with annual receipts of more than $5
million is Oct. 16, 2002. Those plans with annual receipts of $5 million or less
face a compliance deadline of Oct. 16, 2003.
Still pending is release of privacy requirements for these electronic-data
transfers (see story on page 4). HHS officials have indicated that the
regulations will establish national identification numbers for employers and
healthcare providers to speed claims processing and lower costs but will not
include unique personal identifiers for individual patients.
President Clinton said in August, as HHS released the proposed standards for
transactions, that the standards "will be required to be implemented consistent
with the privacy regulations that we will be finalizing late this year."
Smart card industry representatives, however, contend that electronic records
already are more secure than paper records.
Paper records may be easily accessible, Cariou says. "Almost anyone can look at
them."
The Health Privacy Project of Georgetown University in Washington, in its
comments on the HIPAA standards, recommended that the privacy requirements for
electronic records be extended to paper records as well.
Ari Schwartz, a policy analyst at the Center for Democracy and Technology, a
Washington-based privacy advocacy group, says smart cards themselves do not
raise confidentiality questions.
"It's all a matter of smart card design. It can go either way," Schwartz says.
"Privacy can be strengthened by a smart card."
But Schwartz says those design decisions need to come while smart cards still
are not in wide use for health applications.
"Now is the time to deal with the issue," he says.