Conference Session C9 Industrial Engineering Topics 4
Paper #2283
A SMARTER WAY OF MANAGING HEALTHCARE: AN ANALYSIS OF THE
APPLICATIONS OF SMART CARDS AS ELECTRONIC PATIENT RECORDS
Ben Zimmerman (bmz13@pitt.edu), Harrison Lynch (hal53@pitt.edu)
Abstract— This paper will give a detailed analysis of the
application of smart cards in the field of healthcare as a
digital supplement to physical copies of patient records. It
will be shown how giving patients and doctors easy,
electronic, and most importantly secure, access to these
records increases the efficiency of existing hospital, clinic,
and other healthcare facilities. It will be made evident how
these smart cards can make several branches of the
healthcare field more efficient by showing how doctors can
use smart cards to access “patient information such
as…comprehensive medical records…current medications,
drug and food allergies, [and] health insurance coverage”
[1]. We will also discuss how smart cards in healthcare can
allow doctors to make educated and well-informed decisions
regarding a patient’s condition, and “help prevent medical
errors” [1]. In order to justify the adoption of this
technology, ethical issues like patient consent and patientdoctor confidentiality [2] will be thoroughly evaluated. The
gravity of these ethical concerns will be properly addressed
in a detailed look at smart card security threats and the
preventive measures taken by engineers to stop attacks on a
user’s information [3]. This paper will also discuss the
costs associated with adopting a smart card based medical
records system. Finally, the improvements to healthcare
infrastructure will lead to the conclusion that the adoption of
smart cards in the field of healthcare is ultimately beneficial
to patient care.
FIGURE 1
A TYPICAL SMART CARD [5]
A smart card based medical record system can improve
the efficiency of a hospital and allow patients to receive the
best care possible. With the multitude of functions smart
cards can provide, “the use of [them]…for a wide range of
applications in [healthcare] suggests that there is a common
need for the security and storage that only these cards can
give” [2]. This way of storing data can allow patients to
keep their records on hand at all times, which in the case of
an emergency where communication is not possible, gives
doctors the most information surrounding their health
history. Giving doctor’s access to this information can cut
down on the amount of time a patient needs to receive
proper care. This can increase efficiency of hospitals and
lead to better patient care by cutting down on the amount of
paperwork and error associated with paper records. With an
easy way to access patient information, doctors can make
well-informed decisions that neither compromise the health
of a patient, nor compromise the ethics of modern healthcare
by violating the level of trust that exists between doctor and
patient. The adoption of a smart card based system is a cost
effective investment that can improve patient care and
increase hospital efficiency without compromising patient
confidentiality.
Key Words— Efficient Patient Care, Healthcare, Medical
History, Patient-Doctor Ethics, Secure Access, Smart Card
A BETTER WAY OF GIVING CARE
In 2006 a case of medical miscommunication occurred in a
Florida hospital, which stemmed from lack of information
given to doctors. An eighteen-year-old man was treated for
a drug overdose when, in actuality, he was suffering from a
brain aneurism. This false treatment went on for 36 hours.
Ultimately this case of malpractice ended up costing the
hospital $71 million dollars [4]. When such a grave medical
error takes place, hospitals must take a hard look at how
their care fell short of what was needed. One way that this
mistake could have been prevented was through the use of a
smart card based medical records system. In this situation a
smart card, a credit card like medium of data storage, as seen
in figure 1, could have been used to store the health history
of the patient allowing doctors to observe that this man may
have had a health history of brain problems or perhaps had
an allergy to a certain medicine used in the treatment
process. Without this knowledge doctors were left guessing.
WHAT MAKES A SMART CARD SMART?
The technology involving the storage and transmission of
data has evolved over the past half century. A major
example of this can be seen in the development of smart
cards. A broad definition of a smart card would be a credit,
debit, or ID card with a built in electronic chip allowing for
transfer of data between the card and a receiver [6]. Most
people are familiar with credit cards and other cards with
magnetic stripes that can only be used for “small amount[s]
of data storage” [6]. In contrast, a smart card contains an
“IC microprocessor with EEPROM, and read-only memory
(ROM) embedded in it” [6]. This memory unit can be used
to store “up to 200 times more [data] than magnetic stripe
University of Pittsburgh
Swanson School of Engineering
March 1, 2012
1
Ben Zimmerman
Harrison Lynch
[cards]” [6], allowing smart cards to be used for multiple
applications. Smart cards also contain a microprocessor.
Microprocessors enhance smart cards by giving them the
ability to hold a required amount of information while
providing the capability to securely transfer data [7].
Contact-less capabilities in smart cards are becoming
prevalent in the field of smart card technology. Contact-less
components allow smart cards to communicate with card
readers without physically touching them. In a contact-less
smart card the device reader uses radio frequency
identification, RFID, to “present an ID to a reader device via
radio frequency (RF) means” [7]. Contact-less cards “can be
used favorably in those areas where communication from the
reader with the smart card must take place in the shortest
time” [8]. In the case of contact-less cards, size does matter.
This type of smart card is limited by the size of their antenna
as it “determines the amount of energy that can be induced
into the card…[which] limits the card’s read/write distance
and data rate” [9]. Contact-less cards have other drawbacks
as they are “more expensive” and while they may be secure,
there exists “reservations, [by companies and other
industries considering adopting smart cards], about any card
that can carry out a transaction without being inserted into a
terminal, since the cardholder may not be aware of covert
transactions” [2]. Overall, the technology involved in smart
cards sets them apart from regular magnetic stripe cards in
terms of technological capabilities.
HOW DO THE ABILITIES OF SMART CARDS IN
HEALTHCARE IMPROVE EFFICIENCY AND
PATIENT CARE?
Smart cards can be used in a variety of approaches when it
comes to storing patient medical records. The most
commonly used approach is having the card contain all
information related to medical and health insurance
information, while having only some information on the
reader system, depending on what the healthcare providers
want [10]. With this approach, information can be easily
transferred within hospitals and from hospital to hospital.
Not only can this convert paper files in to electronic files,
but it makes the “records…more systematic and precise.”
[10].
One main problem that occurs within the current system
of healthcare is the excessive duration of a patient’s visit to a
healthcare facility. Due to the registration and admissions
processes, which include the review of health insurance
information, the presentation of an insurance card, personal
and demographic information, decisions about living will
(with surgeries), physician orders and more, a service wait
can last roughly two hours [11]. According to the Smart
Card Alliance, a smart card industry group in the U.S., smart
cards can reduce this time by two-thirds via the use of a
smart card registration kiosk. These kiosks can transfer
medical and insurance data electronically from the smart
card to the hospital, and validate the provided data to reduce
duplicate treatment orders and other patient information
critical to admissions [11]. Using a kiosk for validating
information reduces the time staff needs to process a patient
checking in. Depending on the nature of a patient’s visit,
certain information, like health insurance data, must be
verified. This verification can be simplified through the use
of these automated kiosks [11]. Other information might
need to be updated but this will vary case by case. A kiosk,
such as the one in figure 2, can allow the check in process to
happen smoothly, ultimately leading to fewer waits and
quicker service.
Improvements over Magnetic Stripe Cards
For many reasons, smart cards are a better alternative to
the commonly used magnetic stripe credit card. According to
Mike Hendry, an independent consultant in payment systems
and electronic commerce, magnetic stripe cards are
relatively easy to be copied and counterfeited [2]. The
individual particles on the magnetic stripe contain no
polarization and therefore can be easy to be decoded or
erased [2]. Fraud and the security of magnetic stripe cards
are one main reason why use of smart cards continues to
increase. Authors of the book “Smart Cards: A Guide to
building and managing smart card applications” Henry
Dreifus, who has fifteen years’ experience in the smart card
technology market and J. Thomas Monk, who has over
twenty years experience in the financial services sector, are
not proponents of magnetic stripe cards and “rejected [them]
for a variety of reasons” [9] including prevalent fraud and
low security, which can lead to a user’s data being stolen
easily. Smart cards provide many applications to the world
of ongoing card technology information storage. When it
comes to securing data in a safe manner, the storage of
health information on a smart card is a practical application
of this technology.
FIGURE 2
A SMART CARD KIOSK [12]
2
Ben Zimmerman
Harrison Lynch
One benefit a digital patient record system brings to
hospitals and medical centers is an “efficient working
environment for healthcare professionals” [13]. Healthcare
professionals having the ability to access updated medical
information can reduce the amount of medical tests taken,
keep track of treatment approaches taken, and “keep records
of trends in, [for example], blood pressure counts” [10].
Having direct access to a patient’s health information can
save lives in an emergency situation, as doctors are equipped
with up-to-date and immediate access to their patient’s
health history [9]. Knowing what tests, medicines, and
diagnosis a patient has is crucial to the health of that patient.
Doctors work with several patients a day, and smart cards
can provide the essential information to a doctor in a timely,
accurate manner.
According to the Smart Card Alliance, smart cards have
the ability to “decrease medical errors” [14]. In 2005,
administrative assistant and credentialing specialist at
NeuroCare Center, Robin Hess, found that a staggering “10
out of 17 medical error deaths [occur] each year due to
wrong patient errors” [14]. Information such as prescription
history, allergies to medicines, and emergency information
can all be stored on a smart card and can all have an impact
on someone’s health condition in a health emergency. One
specific example where smart cards could have saved time,
money, resources, and even a life was with 7-year-old
Rebecca Taylor. Her family “filled out the same forms 73
times…[were] asked the same questions during all 116 visits
to the [healthcare centers]…and received wrong medication
three times (one with dire effect)” [11]. She also underwent
“duplicate lab tests and radiology studies” all of this
experience surmounting to the expenses of about 18,000
dollars [11]. This is a specific situation where someone’s
life was endangered because of paperwork errors, human
errors, and lack of communication because of an inefficient
system in place. With the use of a smart card, Rebecca’s
treatment process could have been more efficient, less
expensive, and most importantly safer. In a case like
Rebecca’s, patients often visit more than one healthcare
institution. With a smart card patient record system, medical
information can easily be transferred from one institution to
another through smart cards. The identity of a patient is
known with the use of a smart card, and “the ability to
accurately link a patient to an institution’s medical records”
can reduce traumatic events and errors “due to lack of
patient information” [14]. This ultimately will save families,
hospitals, and insurance companies money, time, and
resources, leading to life saving care.
When it comes to visiting the hospital or any medical
facility, one thing that stands out in a successful trip is the
customer service and quality of care the facility provides.
Health insurance information can also be accessed and
stored with smart cards. This makes the payment processing
quicker during visits to hospitals or healthcare centers
because the information is already stored on the card. In fact,
“health insurance companies are using cards to reimburse
payments made in advance by the users, and to compensate
for the services of the providers” [15]. If the payments are
done in advance, the duration of treatment at the hospital is
reduced and therefore the patient and the hospital both
benefit from an efficient use of time. Having the insurance
information and patient information readily available can
“lower costs, reduce errors and improve the patient
experience.” This also limits the paper work involved with
visits to hospitals, and helps keep the financial records in
line [13]. The limiting of paperwork increases workflow at a
hospital giving faster, more efficient care to patients.
Sesam-Vitale
One of the best examples of smart card applications in
healthcare is the Sesam-Vitale used in France. This program
“includes 110 million cards in its family plan” and 48
million individual cards” [16].
These smart cards “are
defined as portable family administrative files” [15]. The
Sesam-Vitale includes smart cards for both patients and
physicians. This links the physicians to the millions of
patients who use the Vitale card [16]. The program includes
230 health software applications, 210,000 card readers, 30
servers, 27,000 card updating terminals, and telecom
network and message service. [16] The SESAM-Vitale
program is truly a testament to what smart cards can provide
to the health world. The system has been employed for over
14 years and has reduced the time it takes for claim
processes to go through. Where “in the previous paperbased system, the French Government took up to 2 months
to process claims and reimburse citizens…this process
[today] typically takes a few days” [17].
The
implementation of this system has been reported to save
France “over 1 billion euros per year” [17], which is
equivalent to 1.3319 Billion USD. It has been found that
hospitals using the Sesam-Vitale card, in 2004, on average
had an emergency room wait time of 149.9 minutes [18]. In
comparison the average ER wait time in the United States in
2009 was 247 minutes, which is a difference of more than an
hour and a half [19]. The system has enhanced not only
France’s healthcare system, but the government in France as
well. It has set them apart from other countries and
healthcare systems, and has put France “on the path of egovernment and [provided] success with income tax returns,
[and] paperless medical expense claim forms. “ [20] While
these cards are useful, they raise concerns about the ethics of
modern health.
ETHICAL CONCERNS OF SMART CARDS IN
HEALTHCARE
Smart cards have the potential to make it much easier for
doctors to gain access to patient records and health history.
However, with a connected network that links hospitals
together and allows for patient data to be called up in a wide
array of places, ethical dilemmas and risks are created.
According to Sheri Alpert, a policy analyst specializing in
3
Ben Zimmerman
Harrison Lynch
information privacy issues, a smart card patient medical
records system needs to ensure that “a patient’s fundamental
need to provide sensitive medical information to a
practitioner without fear of the consequences should” [21]
be fully met. Two main concerns, patient consent and
patient-doctor confidentiality, are issues within the
application of smart card based medical records.
One way that the United States government has attempted
to limit ethical breaches in healthcare is through the Health
Insurance Portability and Accountability Act of 1996, also
known as HIPAA.
This law “included provisions
encouraging uniform electronic transfer of medical
information and required modern safeguards to protect both
the security and confidentiality of medical data” [24].
HIPAA is a law that creates legal consequences for breaches
of electronic privacy. For healthcare providers who do not
“assure that individuals’ health information is properly
protected” [25] as it is electronically transferred are liable
for fines between $100 and $1,500,000 and after repeat
offenses those responsible for the lax security are then liable
for prison time [25]. HIPAA makes sure that “patients [are]
given notice of their privacy rights, access to their medical
records, and a right to limit disclosures to third parties” [24].
The protection that HIPAA provides is a crucial aspect of
keeping any smart card system ethically sound. With legal
consequences to violating a patient’s privacy, the respect for
such privacy only increases. Smart cards can be equipped to
prevent breaking this law through advanced security
techniques that ensure the data found on them is safe and
secure.
Patient Consent
When a patient enters the care of a health professional,
whatever treatment they receive must be given under that
patient’s consent. Patient consent deals with two different
factors, the first being the patient having the “right to
determine what happens to his or her body” [22], which
ensures that the patient has full control over what
procedures, operations, medication, or other types of
treatment they receive. Patient consent also entails that the
doctors giving care “provide a person with enough
information so as to ensure that the patient’s ultimate
decision is based on an appreciable knowledge of his/her
condition” [22]. Providing such information to patients is a
way that makes sure caregivers are also fully aware of the
patient’s diagnosis and what steps need to be taken to ensure
quality care.
In a smart card based medical record storage system
patients cannot physically see what is on the cards, and if
they could, “the data [would] be in codes and use words not
understood by the patient” [2].
According to Hendry,
doctors and other medical practitioners need to “explain to a
patient the implications of the data recorded” [2]. If a smart
card based medical records system is to be ethically sound,
then the patient must consent to the electronic recording and
storage of the results of any procedures or treatments that
they may undergo. This ethical issue is something that must
be maintained and cannot be taken for granted in a smart
card based system.
SECURITY OF SMART CARDS
Certain measures need to be taken by hospitals and other
healthcare institutions in order to prevent data theft and
protect the confidential nature of certain medical records.
These security concerns are taken seriously when a smart
card system is being designed, but according to Dreifus, “no
single security method, algorithm, key, or procedure is
entirely secure” [9]. This means that a combination of
security techniques is one of the best ways to prevent data
theft.
Through the implementation of cryptographic
algorithms, engineers can ensure that any data transmitted is
protected and extremely difficult to decrypt and steal.
Engineers can also ensure that the data sent and received is
through repudiated channels and not through individuals
hacking into a system’s network. However, as technology
advances, hacking techniques and other methods of stealing
data become more advanced. Several threats such as brute
force attacks and message corruption impede the adoption of
smart card technology. With new cryptography techniques
being implemented, smart cards are becoming a safe way of
handling sensitive data.
Sending secure messages between two or more sources is
a result of cryptography.
Put broadly “the field of
cryptography deals with the techniques of…allowing the
intended recipient of a message to receive the
message…while
preventing
eavesdroppers
from
understanding the message” [26]. Two different types of
cryptography, symmetric and asymmetric, are used in the
security design of smart cards. Each has its own strengths
and weaknesses in terms of the level of security, which can
Patient-Doctor Confidentiality
The relationship built between a doctor and patient is
built on trust and confidentiality. The confidential nature of
the doctor’s office is one of the most secure places to
divulge information. Doctors who honor the Hippocratic
oath agree, “what [they] may see or hear in the course of the
treatment…[they] will keep to [themselves], holding such
things shameful to be spoken about” [23]. In a hospital or
other healthcare facility that uses a smart card based medical
record storage system, the sensitive nature of some records
that once only existed in a physical medium now exist in the
digital domain. This has potential to lead doctors to be less
private about what they talk about regarding a patient’s
health status. However, mentioning data is still a breach of
patient-doctor confidentiality and it is important that all
healthcare “staff respect privacy” [24] and maintain this
measure of trust.
4
Ben Zimmerman
Harrison Lynch
be represented as the time required to encrypt and decrypt
data [9].
data, secure transfer of records is an important factor for
hospitals considering adopting this technology.
Symmetric Cryptography
Security Threats and Preventative Measures
Symmetric cryptography gets its name from the nature of
how it encrypts and decrypts data. When a smart card
utilizing symmetric cryptography transmits data between
card and receiver, it encrypts and decrypts the message sent
using the same key [27]. According to Hendry, this type of
encryption is useful in situations “where the keys can be
distributed and stored in a dependable and secure way” [2].
This sort of encryption is suitable in an environment where
data needs to be moved quickly and securely. For instance,
in a hospital with smart cards, using symmetric cryptography
to transmit patient data between departments can lead to
faster data transfer times. The Data Encryption Standard
(DES) is a commonly used symmetric cryptographic
algorithm. DES is a method that encrypts data using “a
transforming of two 32-bit variables…through sixteen
iterations of a round function…to produce a ciphertext
block” [7]. This encryption is simple enough that it “can
readily be preformed using slow processors (including those
in smart cards)” [2]. In application, this allows smart cards
containing patient records to encrypt and decrypt data on the
go and whenever the appropriate channels call for it. This
sort of encryption is good for sending records between
doctors within hospitals or other healthcare facilities.
The two main threats to smart card security are brute force
attacks and message corruption. While both of these
problems present risks about adopting a smart card based
patient record system, there are techniques used by engineers
to combat them. In a brute force attack, also known as an
exhaustive key search, a computer program uses raw
processing power and time to run through all possible
combination of encryption keys to try and decode a message.
This method is “analogous to finding a needle in a haystack”
[8], but with enough computing power, encryption with
weaker security can be decoded. Adding more levels of
security combats brute force attacks. For example a DES
security system can be set up to use three levels of
encryption. In such a Triple DES system, like in figure 3,
“each single encryption [is replaced] with an encrypt, a
decrypt, and then a final encrypt…effectively increasing
DES security by a multiple of 3” [8].
Asymmetric Cryptography
Asymmetric cryptography is another, much stronger,
method of encoding data such that the encryption and
decryption key are different [27]. In a message sent that is
encrypted through asymmetric algorithms, “the key between
sender and receiver is split between a public (or known) key
component and a private (or secret) key component” [9].
The type of asymmetric algorithm that is used the most is
called RSA, “after the initials of its originators Rivest,
Shamir, and Adleman” [2]. RSA makes use of very large
prime numbers to create keys based on numbers that are
very difficult to factor. Factoring is a time intensive task
and takes computers a long time to complete [9]. As this
type of encryption takes a while to decode, “it is primarily
used in smart card systems to authenticate the originator of a
message, to prove that data have not been altered since
[transmission]” [2]. This authentication process involves the
creation of digital signatures and certificates. A digital
signature is pieces of data that “confirms that the origin of
data is exchanged in transaction” [24]. In a healthcare
setting it is important that “the accuracy of the medical
information placed in the system, as well as the identity of
the patient presenting his or her electronic card” [21] are
authentic. By using an asymmetrical algorithm to encrypt
data sent between smart cards, receivers, and other branches
of the healthcare network, the security of patient data is
increased heavily. As patient records often contain sensitive
FIGURE 3
TRIPLE DES ENCRYPTION [28]
This method is useful in preventing a brute force attack, as
the length of the key in this type of encoding three times
larger than a regular DES key. With a longer key length the
amount of time required to try every combination will take
longer, therefore reducing the threat of this type of attack.
In a message corruption attack, “an attacker will attempt
to derive information by observing information that leaks
during the computation of a given command, or attempt to
inject faults using mechanisms” [7] developed to plant data
within the card. Such attacks can be made by “observ[ing]
the power consumption of a microprocessor, or to inject
faults by putting a glitch into the power supply” [7]. A
message corruption attack is a serious threat that can lead to
patient records being tampered with, which may have
adverse affects on a patient. For instance, if a hacker was to
5
Ben Zimmerman
Harrison Lynch
change certain drug or food allergies on a patients card then
the results could be disastrous if that patient was given
emergency treatment with those drugs, as the doctors would
not be aware of this problem. One way of preventing
message corruption attacks is through manufacturing
techniques that give a smart card added security features.
Design features like “opaque tamper-evident coating [can]
be used to deter direct observation, probing, or manipulation
of the surface features of the chip” [9]. This simple addition
to the manufacturing process can help ensure that a
hospital’s healthcare network is not threatened by a direct
and physical attack from a hacker.
Security must be a main focus of any healthcare provider
considering transitioning to a smart card based patient
records system. Taking preemptive measures through strong
encryption and tamper resistant manufacturing, a system can
be safe from attack and more importantly give the users,
namely the patients, a sense of security so that they are more
willing to adopt this new technology.
The costs of the components of a smart card system are
investments made by healthcare institutions to improve their
efficiency. The returns from these investments can be seen
in the amount of money saved from redundancies that stem
from a paper record system. For example, in Alberta,
Canada a smart card system was introduced to “carry the
results of past medical tests and thus avoid unnecessary
duplication” [31] In the Alberta system it was estimated that
the adoption of the cards would “save $25 to $30 million in
laboratory costs alone by cutting out…duplication”
(Walker). Spread out over 6,000 facilities the money saved
in this system is notable and has the potential to significantly
reduce operating costs in Alberta [31]. In general, the
problem of redundancies is something that affects all fields
of healthcare.
According to Paul Contino, VP of
Information Technology at Mount Sinai Medical Center, the
problem of redundancies can account for “200,000 duplicate
records—estimated to cost $60 to $100 per patient” [26] at a
regular sized hospital. The adoption of a smart card based
medical record system is an investment that has the potential
to significantly cut costs in hospitals in the long run,
building better infrastructure for future generations.
JUSTIFYING THE COST OF A SMART CARD BASED
PATIENT RECORD SYSTEM
THE FUTURE OF SMART CARDS IN HEALTHCARE
When any healthcare system is considering adopting a smart
card based medical records system, they must be conscious
of the implementation cost of such a system and decide
whether or not the money invested will ultimately have an
impact and cut costs. A smart card system is a significant
investment that, in the long run, can cut costs associated
with keeping track of and taking care of a physical paper
record system. The money saved through the adoption of
such a system has the potential to be a worthwhile endeavor
undertaken by a healthcare provider that will ultimately
benefit them, as much as the patient.
Two key components of a smart card based medical
record system are the actual cards and the card readers that
transmit a patient’s data to and from the hospital’s network.
According to one statistic provided by Xiao and Yu, two
biochemists involved in hospital logistics, “a compatible
reader costs 41 USD in single quantity orders” [29]. Xiao
and Yu also note “with larger quantities and competition
amongst vendors, the price should be reasonable for an item
with a useable life of up to 10 years” [29]. Besides card
readers the actual cards need to be bought as well. Different
sources give different prices for an individual smart card, but
a recent finding from April 2011 states that “card prices
average between $9-15” [30]. While this price may seem
steep, it is directly related to the sophistication of the cards
and what sort of memory and read-write capabilities they
posses [31]. These cards are complicated pieces of
technology that have many detailed and intricate parts that
cannot be cheaply replaced, therefore it is wise of a
healthcare provider to invest in quality cards that do not
have a high rate of failure, as this would defeat the purpose
of shifting to a digital records system.
While smart card technology is slowly being adopted in
healthcare as a medical record storage system, it’s potential
serves as a realistic and beneficial application of this
exciting technology. Smart cards in healthcare provide a
more efficient way of transferring, processing, and storing
patient data and medical records. By reducing the amount of
red tape and filing processes that healthcare providers must
go through to maintain a patient’s records, the entire process
of getting a patient in and out of the hospital can be
expedited. By giving doctors information they need about a
patient such as medical or prescription history immediately,
rather than making them wait for the proper channels to
request the information and then have to physically track
down the records, decisions about a patient’s health can be
made with the necessary information much faster. In a smart
card based medical records system it is important that ethical
concerns such as patient-doctor confidentiality and patient
consent are respected and maintained. As with any form of
digital media all those involved in handling a patient’s smart
card or the data stored on it must be extremely careful so
that no personal information of the patient is divulged. In
order to ensure that patient data is heavily protected, smart
cards often come equipped with a fortified security system,
making it extremely difficult for hackers to steal a patient’s
data. In order to properly implement such a system,
investments must be made so that the smart card system can
operate to its full potential. Spending the money on card
readers and actual cards is an investment that can save
hospitals and other healthcare facilities money in the long
run. It is this long lasting influence that makes the initial
investment such a worthy one. A smart card based patient
record system can have an impact on the efficiency of
6
Ben Zimmerman
Harrison Lynch
[21] S. Alpert. (1993, Nov.). “Smart Cards, Smarter Policy Medical
Records, Privacy, and health Care Reform.” The Hastings Center Report.
pp. 13-23.
[22] Phelps (2003). “Healthcare: Informed Consent.” Gale Encyclopedia of
Everyday law. Detroit MI: Gale. p683-686.
[23] W. Winslade (2004). “Confidentiality.” Encyclopedia of Bioethics.
New York NY: Macmillan Reference. p494-503.
[24] A. Allen. (2004). “Privacy in Healthcare.” Encyclopedia of Bioethics.
New York NY: Macmillan Reference. p2120-2130.
[25] (2012). “Summary of the HIPAA Privacy Rule”. HHS. [Online
Article].
Available:
http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/index.html
[26] A. Eskicioglu, L. Litwin. (2001, Feb./March). “Cryptography.”
Potentials,
IEEE.
[Online
Journal].
Available:
http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=913211
[27] N. Jalaliyoon, S. Sahibuddin, H. Taherdoost. (2011). “Smart Card
Security; Technology and Adoption.” International Journal of Security
[Online
Article].
Available:
http://www.doaj.org/doaj?func=abstract&id=944971&recNo=3&toc=1&ui
Language=en
[28] K. Paudayl (2012, Jan 6). “Triple DES.” Kushal’s Java Blog. [Online
Image]. Available: http://sanjaal.com/java/189/java-encryption/tutorialencryption-and-decryption-using-desede-triple-des-in-java/
[29] C. Xiao, A. Yu (2009). “Medical Smart Card System for Patient
Record
Management.”
[Online
Article].
Available:
http://step.berkeley.edu/White_Paper/Xiao_Yu.pdf
[30] J. Morton (2011, Apr.). “Top smart card blunders: use a little
forethought and common sense to avoid these glitches.” Smarter Buildings.
[Online
Article].
Available:
http://galenet.galegroup.com/servlet/BCRC?srchtp=adv&c=1&ste=31&tbst
=tsVS&tab=2&aca=nwmg&bConts=2&RNN=A256281669&docNum=A2
56281669&locID=upitt_main
[31] R. Walker (1995, June 15). “’Smart cards’ to cut health costs.” Calgary
Herald.
[Online
Article].
Available:
http://www.lexisnexis.com/hottopics/lnacademic/?shr=t&csi=8349&sr=HL
EAD(Smart+cards+to+cut+health+costs)+and+date+is+June,%201995
hospitals and other healthcare institutions, ultimately leading
to improved patient care with minimal drawbacks.
REFERENCES
[1] M. Hansen. (2008, October). “Smart Card Technology and Healthcare
Information: A Dynamic Duo.” CIN: Computers, Informatics, Nursing.
pp254-257.
ScienceDirect.
[Online
article].
Available:
http://www.sciencedirect.com/science/article/pii/S1386505605001231
[2]M. Hendry. (2001). Smart Card Security and Applications, Second
Edition. Norwood, MA: Artech House.[3] D. Musker.
[3]“Reverse Engineering.” Jenkins. [Online article]. Available:
http://www.jenkins.eu/articles-general/reverse-engineering.asp
[4] E. Weise (2006, July 20). “Language Barriers Plague Hospitals.” USA
Today.
[Online
Article].
Available:
http://www.usatoday.com/news/health/2006-07-20-hospital-language_x.htm
[5] (2012). “Smart Card.” Smart Card World. [Online Image]. Available:
http://www.etopiamedia.net/smartcardworld/pages/smartcardworld05551212.html
[6] J. Brahm and E. Turban. (Nov 2009). “Smart Card-Based Electronic
Card Payment Systems in the Transportation Industry.” Journal of
Organizational Computing and Electronic Commerce. Vol 10. no. 4. pp.
281-293.
[7] K. Mayes and K. Markantonakis. (2008). Smart Cards, Tokens, Security
and Applications. New York, NY: Springer.
[8] Y. Haghiri and T. (2002). Tarantino. Smart Card Manufacturing, a
Practical Guide. New York, NY: John Wiley & Sons, Inc.
[9] H. Dreifus and J. Thomas Monk. (1998). Smart Cards. New York, NY:
John Wiley & Sons, Inc.
[10] S. Morris, J. Cooper, D. Bomba, L. Brankovic, M. Miller, F. Pacheco.
(2004, March 19). “Australian healthcare: a smart card for a clever
country.”
ScienceDirect.
[Online
article].
Available:
http://www.sciencedirect.com/science/article/pii/002071019501132X
[11] (Feb. 2006). “Smart Card Applications in the U.S. Healthcare
Industry.” Smart Card Alliance. [Online article]. Available:
http://www.smartcardalliance.org/resources/lib/Smart_Card_Healthcare_Ap
plications_FINAL.pdf
[12] B. Horowitz. (2011, Feb. 2). “Health Care Kiosk.” eWeek. [Online
Image]. Available: http://www.eweek.com/c/a/Health-Care-IT/Health-CareKiosks-Streamline-Patient-Access-to-CheckIns-Screenings-152812/
[13] B. Blobel, P. Pharow, V. Spiegel, K Engel, R Engelbrecht. (2001, Nov.
28). “Securing interoperability between chip card based medical
information systems and health networks.” ScienceDirect. [Online article].
Available:
http://www.sciencedirect.com/science/article/pii/S1386505601001939
[14] (2012). “About Smart Cards: Frequently Asked Questions.” Smart
Card
Alliance.
[Online
article].
Available:
http://www.smartcardalliance.org/pages/smart-cards-faq
[15] J. Zoreda and J. Oton. (1994). Smart Cards. Norwood, MA: Artech
House.
[16] (2009, Aug.) “The SESAM-Vitale program.” GIE SESAM-Vitale.
[Online
Article].
Available:
http://www.sesamvitale.fr/programme/programme_eng.asp
[17] (2006). “Sesam Vitale.” Smart Card Alliance. [Online Article].
Available:
http://www.smartcardalliance.org/resources/pdf/Sesam_Vitale.pdf
[18] I. Pitrou, A. Lecourt, L. Bailly, B. Brousse, L. Dauchet, and J. Ladner.
(2009). “Waiting time and assessment of patient satisfaction in a large
reference emergency department: a prospective cohort study, France.”
Mendeley.
[Online
article].
Available:
http://www.mendeley.com/research/waiting-time-and-assessment-ofpatient-satisfaction-in-a-large-reference-emergency-department-aprospective-cohort-study-france/
[19] (2010, Aug. 22). “US Wait times Average of 4 Hours 7 Minutes in
Emergency Departments in 2009.” Disabled World. [Online article].
Available:
http://www.disabled-world.com/medical/rehabilitation/waittimes.php
[20] (2006). “SESAM-Vitale French eHealth program.” Gemalto. [Online
Article]. Available: http://www.gemalto.com/public_sector/sesam_vitale/
ADDITIONAL SOURCES
J. Gallant (1995, Nov. 23). “Smart cards: trained for security. EDN. [Online
Article]. Available:
http://go.galegroup.com/ps/infomark.do?action=interpret&sPage=34&sourc
e=null&prodId=AONE&userGroupName=upitt_main&searchType=Advan
cedSearchForm&type=DIourl&queryId=Locale%28en%2CUS%2C%29%3
AFQE%3D%28sp%2C2%2934%3AAnd%3AFQE%3D%28iu%2C2%2924
%3AAnd%3AFQE%3D%28sn%2C9%2900127515%3AAnd%3AFQE%3D%28vo%2C2%2940%24&version=1.0&authC
ount=1&u=upitt_main
C. Liu, P. Yang, Y. Yeh, and B. Wang. (2005, August). “The impacts of
smart cards on hospital information systems—An investigation of the first
phase of the national health insurance smart card project in Taiwan.”
ScienceDirect.
[Online
article].
Available:
http://www.sciencedirect.com/science/article/pii/S1386505605001231
D. Sauveron. (July 2009). “Multiapplication smart card: Towards an open
smart
card?”
Université de
Limoges.
[Online].
Available:
http://www.sciencedirect.com/science/article/pii/S1363412709000247
]“Reverse Engineering.” Jenkins. [Online article]. Available:
http://www.jenkins.eu/articles-general/reverse-engineering.asp
ACKNOWLEDGEMENTS
We would like to thank several people who all helped make
our outline what it is today. First we would like to thank Mr.
Dan McMillan for providing insightful comments that
provided us with stimulating thoughts on our topic, allowing
us to narrow our research into a specific field. We would
also like to thank Ms. Beth Newborg for also providing us
with feedback on our topic, allowing us to develop what
7
Ben Zimmerman
Harrison Lynch
field of smart cards we wanted to look into. We would also
like to thank Taylor Robinson our co-chair for providing us
with guiding comments that allowed us to fix up our paper.
8