Conference Session C9 Industrial Engineering Topics 4 Paper #2283 A SMARTER WAY OF MANAGING HEALTHCARE: AN ANALYSIS OF THE APPLICATIONS OF SMART CARDS AS ELECTRONIC PATIENT RECORDS Ben Zimmerman (bmz13@pitt.edu), Harrison Lynch (hal53@pitt.edu) Abstract— This paper will give a detailed analysis of the application of smart cards in the field of healthcare as a digital supplement to physical copies of patient records. It will be shown how giving patients and doctors easy, electronic, and most importantly secure, access to these records increases the efficiency of existing hospital, clinic, and other healthcare facilities. It will be made evident how these smart cards can make several branches of the healthcare field more efficient by showing how doctors can use smart cards to access “patient information such as…comprehensive medical records…current medications, drug and food allergies, [and] health insurance coverage” [1]. We will also discuss how smart cards in healthcare can allow doctors to make educated and well-informed decisions regarding a patient’s condition, and “help prevent medical errors” [1]. In order to justify the adoption of this technology, ethical issues like patient consent and patientdoctor confidentiality [2] will be thoroughly evaluated. The gravity of these ethical concerns will be properly addressed in a detailed look at smart card security threats and the preventive measures taken by engineers to stop attacks on a user’s information [3]. This paper will also discuss the costs associated with adopting a smart card based medical records system. Finally, the improvements to healthcare infrastructure will lead to the conclusion that the adoption of smart cards in the field of healthcare is ultimately beneficial to patient care. FIGURE 1 A TYPICAL SMART CARD [5] A smart card based medical record system can improve the efficiency of a hospital and allow patients to receive the best care possible. With the multitude of functions smart cards can provide, “the use of [them]…for a wide range of applications in [healthcare] suggests that there is a common need for the security and storage that only these cards can give” [2]. This way of storing data can allow patients to keep their records on hand at all times, which in the case of an emergency where communication is not possible, gives doctors the most information surrounding their health history. Giving doctor’s access to this information can cut down on the amount of time a patient needs to receive proper care. This can increase efficiency of hospitals and lead to better patient care by cutting down on the amount of paperwork and error associated with paper records. With an easy way to access patient information, doctors can make well-informed decisions that neither compromise the health of a patient, nor compromise the ethics of modern healthcare by violating the level of trust that exists between doctor and patient. The adoption of a smart card based system is a cost effective investment that can improve patient care and increase hospital efficiency without compromising patient confidentiality. Key Words— Efficient Patient Care, Healthcare, Medical History, Patient-Doctor Ethics, Secure Access, Smart Card A BETTER WAY OF GIVING CARE In 2006 a case of medical miscommunication occurred in a Florida hospital, which stemmed from lack of information given to doctors. An eighteen-year-old man was treated for a drug overdose when, in actuality, he was suffering from a brain aneurism. This false treatment went on for 36 hours. Ultimately this case of malpractice ended up costing the hospital $71 million dollars [4]. When such a grave medical error takes place, hospitals must take a hard look at how their care fell short of what was needed. One way that this mistake could have been prevented was through the use of a smart card based medical records system. In this situation a smart card, a credit card like medium of data storage, as seen in figure 1, could have been used to store the health history of the patient allowing doctors to observe that this man may have had a health history of brain problems or perhaps had an allergy to a certain medicine used in the treatment process. Without this knowledge doctors were left guessing. WHAT MAKES A SMART CARD SMART? The technology involving the storage and transmission of data has evolved over the past half century. A major example of this can be seen in the development of smart cards. A broad definition of a smart card would be a credit, debit, or ID card with a built in electronic chip allowing for transfer of data between the card and a receiver [6]. Most people are familiar with credit cards and other cards with magnetic stripes that can only be used for “small amount[s] of data storage” [6]. In contrast, a smart card contains an “IC microprocessor with EEPROM, and read-only memory (ROM) embedded in it” [6]. This memory unit can be used to store “up to 200 times more [data] than magnetic stripe University of Pittsburgh Swanson School of Engineering March 1, 2012 1 Ben Zimmerman Harrison Lynch [cards]” [6], allowing smart cards to be used for multiple applications. Smart cards also contain a microprocessor. Microprocessors enhance smart cards by giving them the ability to hold a required amount of information while providing the capability to securely transfer data [7]. Contact-less capabilities in smart cards are becoming prevalent in the field of smart card technology. Contact-less components allow smart cards to communicate with card readers without physically touching them. In a contact-less smart card the device reader uses radio frequency identification, RFID, to “present an ID to a reader device via radio frequency (RF) means” [7]. Contact-less cards “can be used favorably in those areas where communication from the reader with the smart card must take place in the shortest time” [8]. In the case of contact-less cards, size does matter. This type of smart card is limited by the size of their antenna as it “determines the amount of energy that can be induced into the card…[which] limits the card’s read/write distance and data rate” [9]. Contact-less cards have other drawbacks as they are “more expensive” and while they may be secure, there exists “reservations, [by companies and other industries considering adopting smart cards], about any card that can carry out a transaction without being inserted into a terminal, since the cardholder may not be aware of covert transactions” [2]. Overall, the technology involved in smart cards sets them apart from regular magnetic stripe cards in terms of technological capabilities. HOW DO THE ABILITIES OF SMART CARDS IN HEALTHCARE IMPROVE EFFICIENCY AND PATIENT CARE? Smart cards can be used in a variety of approaches when it comes to storing patient medical records. The most commonly used approach is having the card contain all information related to medical and health insurance information, while having only some information on the reader system, depending on what the healthcare providers want [10]. With this approach, information can be easily transferred within hospitals and from hospital to hospital. Not only can this convert paper files in to electronic files, but it makes the “records…more systematic and precise.” [10]. One main problem that occurs within the current system of healthcare is the excessive duration of a patient’s visit to a healthcare facility. Due to the registration and admissions processes, which include the review of health insurance information, the presentation of an insurance card, personal and demographic information, decisions about living will (with surgeries), physician orders and more, a service wait can last roughly two hours [11]. According to the Smart Card Alliance, a smart card industry group in the U.S., smart cards can reduce this time by two-thirds via the use of a smart card registration kiosk. These kiosks can transfer medical and insurance data electronically from the smart card to the hospital, and validate the provided data to reduce duplicate treatment orders and other patient information critical to admissions [11]. Using a kiosk for validating information reduces the time staff needs to process a patient checking in. Depending on the nature of a patient’s visit, certain information, like health insurance data, must be verified. This verification can be simplified through the use of these automated kiosks [11]. Other information might need to be updated but this will vary case by case. A kiosk, such as the one in figure 2, can allow the check in process to happen smoothly, ultimately leading to fewer waits and quicker service. Improvements over Magnetic Stripe Cards For many reasons, smart cards are a better alternative to the commonly used magnetic stripe credit card. According to Mike Hendry, an independent consultant in payment systems and electronic commerce, magnetic stripe cards are relatively easy to be copied and counterfeited [2]. The individual particles on the magnetic stripe contain no polarization and therefore can be easy to be decoded or erased [2]. Fraud and the security of magnetic stripe cards are one main reason why use of smart cards continues to increase. Authors of the book “Smart Cards: A Guide to building and managing smart card applications” Henry Dreifus, who has fifteen years’ experience in the smart card technology market and J. Thomas Monk, who has over twenty years experience in the financial services sector, are not proponents of magnetic stripe cards and “rejected [them] for a variety of reasons” [9] including prevalent fraud and low security, which can lead to a user’s data being stolen easily. Smart cards provide many applications to the world of ongoing card technology information storage. When it comes to securing data in a safe manner, the storage of health information on a smart card is a practical application of this technology. FIGURE 2 A SMART CARD KIOSK [12] 2 Ben Zimmerman Harrison Lynch One benefit a digital patient record system brings to hospitals and medical centers is an “efficient working environment for healthcare professionals” [13]. Healthcare professionals having the ability to access updated medical information can reduce the amount of medical tests taken, keep track of treatment approaches taken, and “keep records of trends in, [for example], blood pressure counts” [10]. Having direct access to a patient’s health information can save lives in an emergency situation, as doctors are equipped with up-to-date and immediate access to their patient’s health history [9]. Knowing what tests, medicines, and diagnosis a patient has is crucial to the health of that patient. Doctors work with several patients a day, and smart cards can provide the essential information to a doctor in a timely, accurate manner. According to the Smart Card Alliance, smart cards have the ability to “decrease medical errors” [14]. In 2005, administrative assistant and credentialing specialist at NeuroCare Center, Robin Hess, found that a staggering “10 out of 17 medical error deaths [occur] each year due to wrong patient errors” [14]. Information such as prescription history, allergies to medicines, and emergency information can all be stored on a smart card and can all have an impact on someone’s health condition in a health emergency. One specific example where smart cards could have saved time, money, resources, and even a life was with 7-year-old Rebecca Taylor. Her family “filled out the same forms 73 times…[were] asked the same questions during all 116 visits to the [healthcare centers]…and received wrong medication three times (one with dire effect)” [11]. She also underwent “duplicate lab tests and radiology studies” all of this experience surmounting to the expenses of about 18,000 dollars [11]. This is a specific situation where someone’s life was endangered because of paperwork errors, human errors, and lack of communication because of an inefficient system in place. With the use of a smart card, Rebecca’s treatment process could have been more efficient, less expensive, and most importantly safer. In a case like Rebecca’s, patients often visit more than one healthcare institution. With a smart card patient record system, medical information can easily be transferred from one institution to another through smart cards. The identity of a patient is known with the use of a smart card, and “the ability to accurately link a patient to an institution’s medical records” can reduce traumatic events and errors “due to lack of patient information” [14]. This ultimately will save families, hospitals, and insurance companies money, time, and resources, leading to life saving care. When it comes to visiting the hospital or any medical facility, one thing that stands out in a successful trip is the customer service and quality of care the facility provides. Health insurance information can also be accessed and stored with smart cards. This makes the payment processing quicker during visits to hospitals or healthcare centers because the information is already stored on the card. In fact, “health insurance companies are using cards to reimburse payments made in advance by the users, and to compensate for the services of the providers” [15]. If the payments are done in advance, the duration of treatment at the hospital is reduced and therefore the patient and the hospital both benefit from an efficient use of time. Having the insurance information and patient information readily available can “lower costs, reduce errors and improve the patient experience.” This also limits the paper work involved with visits to hospitals, and helps keep the financial records in line [13]. The limiting of paperwork increases workflow at a hospital giving faster, more efficient care to patients. Sesam-Vitale One of the best examples of smart card applications in healthcare is the Sesam-Vitale used in France. This program “includes 110 million cards in its family plan” and 48 million individual cards” [16]. These smart cards “are defined as portable family administrative files” [15]. The Sesam-Vitale includes smart cards for both patients and physicians. This links the physicians to the millions of patients who use the Vitale card [16]. The program includes 230 health software applications, 210,000 card readers, 30 servers, 27,000 card updating terminals, and telecom network and message service. [16] The SESAM-Vitale program is truly a testament to what smart cards can provide to the health world. The system has been employed for over 14 years and has reduced the time it takes for claim processes to go through. Where “in the previous paperbased system, the French Government took up to 2 months to process claims and reimburse citizens…this process [today] typically takes a few days” [17]. The implementation of this system has been reported to save France “over 1 billion euros per year” [17], which is equivalent to 1.3319 Billion USD. It has been found that hospitals using the Sesam-Vitale card, in 2004, on average had an emergency room wait time of 149.9 minutes [18]. In comparison the average ER wait time in the United States in 2009 was 247 minutes, which is a difference of more than an hour and a half [19]. The system has enhanced not only France’s healthcare system, but the government in France as well. It has set them apart from other countries and healthcare systems, and has put France “on the path of egovernment and [provided] success with income tax returns, [and] paperless medical expense claim forms. “ [20] While these cards are useful, they raise concerns about the ethics of modern health. ETHICAL CONCERNS OF SMART CARDS IN HEALTHCARE Smart cards have the potential to make it much easier for doctors to gain access to patient records and health history. However, with a connected network that links hospitals together and allows for patient data to be called up in a wide array of places, ethical dilemmas and risks are created. According to Sheri Alpert, a policy analyst specializing in 3 Ben Zimmerman Harrison Lynch information privacy issues, a smart card patient medical records system needs to ensure that “a patient’s fundamental need to provide sensitive medical information to a practitioner without fear of the consequences should” [21] be fully met. Two main concerns, patient consent and patient-doctor confidentiality, are issues within the application of smart card based medical records. One way that the United States government has attempted to limit ethical breaches in healthcare is through the Health Insurance Portability and Accountability Act of 1996, also known as HIPAA. This law “included provisions encouraging uniform electronic transfer of medical information and required modern safeguards to protect both the security and confidentiality of medical data” [24]. HIPAA is a law that creates legal consequences for breaches of electronic privacy. For healthcare providers who do not “assure that individuals’ health information is properly protected” [25] as it is electronically transferred are liable for fines between $100 and $1,500,000 and after repeat offenses those responsible for the lax security are then liable for prison time [25]. HIPAA makes sure that “patients [are] given notice of their privacy rights, access to their medical records, and a right to limit disclosures to third parties” [24]. The protection that HIPAA provides is a crucial aspect of keeping any smart card system ethically sound. With legal consequences to violating a patient’s privacy, the respect for such privacy only increases. Smart cards can be equipped to prevent breaking this law through advanced security techniques that ensure the data found on them is safe and secure. Patient Consent When a patient enters the care of a health professional, whatever treatment they receive must be given under that patient’s consent. Patient consent deals with two different factors, the first being the patient having the “right to determine what happens to his or her body” [22], which ensures that the patient has full control over what procedures, operations, medication, or other types of treatment they receive. Patient consent also entails that the doctors giving care “provide a person with enough information so as to ensure that the patient’s ultimate decision is based on an appreciable knowledge of his/her condition” [22]. Providing such information to patients is a way that makes sure caregivers are also fully aware of the patient’s diagnosis and what steps need to be taken to ensure quality care. In a smart card based medical record storage system patients cannot physically see what is on the cards, and if they could, “the data [would] be in codes and use words not understood by the patient” [2]. According to Hendry, doctors and other medical practitioners need to “explain to a patient the implications of the data recorded” [2]. If a smart card based medical records system is to be ethically sound, then the patient must consent to the electronic recording and storage of the results of any procedures or treatments that they may undergo. This ethical issue is something that must be maintained and cannot be taken for granted in a smart card based system. SECURITY OF SMART CARDS Certain measures need to be taken by hospitals and other healthcare institutions in order to prevent data theft and protect the confidential nature of certain medical records. These security concerns are taken seriously when a smart card system is being designed, but according to Dreifus, “no single security method, algorithm, key, or procedure is entirely secure” [9]. This means that a combination of security techniques is one of the best ways to prevent data theft. Through the implementation of cryptographic algorithms, engineers can ensure that any data transmitted is protected and extremely difficult to decrypt and steal. Engineers can also ensure that the data sent and received is through repudiated channels and not through individuals hacking into a system’s network. However, as technology advances, hacking techniques and other methods of stealing data become more advanced. Several threats such as brute force attacks and message corruption impede the adoption of smart card technology. With new cryptography techniques being implemented, smart cards are becoming a safe way of handling sensitive data. Sending secure messages between two or more sources is a result of cryptography. Put broadly “the field of cryptography deals with the techniques of…allowing the intended recipient of a message to receive the message…while preventing eavesdroppers from understanding the message” [26]. Two different types of cryptography, symmetric and asymmetric, are used in the security design of smart cards. Each has its own strengths and weaknesses in terms of the level of security, which can Patient-Doctor Confidentiality The relationship built between a doctor and patient is built on trust and confidentiality. The confidential nature of the doctor’s office is one of the most secure places to divulge information. Doctors who honor the Hippocratic oath agree, “what [they] may see or hear in the course of the treatment…[they] will keep to [themselves], holding such things shameful to be spoken about” [23]. In a hospital or other healthcare facility that uses a smart card based medical record storage system, the sensitive nature of some records that once only existed in a physical medium now exist in the digital domain. This has potential to lead doctors to be less private about what they talk about regarding a patient’s health status. However, mentioning data is still a breach of patient-doctor confidentiality and it is important that all healthcare “staff respect privacy” [24] and maintain this measure of trust. 4 Ben Zimmerman Harrison Lynch be represented as the time required to encrypt and decrypt data [9]. data, secure transfer of records is an important factor for hospitals considering adopting this technology. Symmetric Cryptography Security Threats and Preventative Measures Symmetric cryptography gets its name from the nature of how it encrypts and decrypts data. When a smart card utilizing symmetric cryptography transmits data between card and receiver, it encrypts and decrypts the message sent using the same key [27]. According to Hendry, this type of encryption is useful in situations “where the keys can be distributed and stored in a dependable and secure way” [2]. This sort of encryption is suitable in an environment where data needs to be moved quickly and securely. For instance, in a hospital with smart cards, using symmetric cryptography to transmit patient data between departments can lead to faster data transfer times. The Data Encryption Standard (DES) is a commonly used symmetric cryptographic algorithm. DES is a method that encrypts data using “a transforming of two 32-bit variables…through sixteen iterations of a round function…to produce a ciphertext block” [7]. This encryption is simple enough that it “can readily be preformed using slow processors (including those in smart cards)” [2]. In application, this allows smart cards containing patient records to encrypt and decrypt data on the go and whenever the appropriate channels call for it. This sort of encryption is good for sending records between doctors within hospitals or other healthcare facilities. The two main threats to smart card security are brute force attacks and message corruption. While both of these problems present risks about adopting a smart card based patient record system, there are techniques used by engineers to combat them. In a brute force attack, also known as an exhaustive key search, a computer program uses raw processing power and time to run through all possible combination of encryption keys to try and decode a message. This method is “analogous to finding a needle in a haystack” [8], but with enough computing power, encryption with weaker security can be decoded. Adding more levels of security combats brute force attacks. For example a DES security system can be set up to use three levels of encryption. In such a Triple DES system, like in figure 3, “each single encryption [is replaced] with an encrypt, a decrypt, and then a final encrypt…effectively increasing DES security by a multiple of 3” [8]. Asymmetric Cryptography Asymmetric cryptography is another, much stronger, method of encoding data such that the encryption and decryption key are different [27]. In a message sent that is encrypted through asymmetric algorithms, “the key between sender and receiver is split between a public (or known) key component and a private (or secret) key component” [9]. The type of asymmetric algorithm that is used the most is called RSA, “after the initials of its originators Rivest, Shamir, and Adleman” [2]. RSA makes use of very large prime numbers to create keys based on numbers that are very difficult to factor. Factoring is a time intensive task and takes computers a long time to complete [9]. As this type of encryption takes a while to decode, “it is primarily used in smart card systems to authenticate the originator of a message, to prove that data have not been altered since [transmission]” [2]. This authentication process involves the creation of digital signatures and certificates. A digital signature is pieces of data that “confirms that the origin of data is exchanged in transaction” [24]. In a healthcare setting it is important that “the accuracy of the medical information placed in the system, as well as the identity of the patient presenting his or her electronic card” [21] are authentic. By using an asymmetrical algorithm to encrypt data sent between smart cards, receivers, and other branches of the healthcare network, the security of patient data is increased heavily. As patient records often contain sensitive FIGURE 3 TRIPLE DES ENCRYPTION [28] This method is useful in preventing a brute force attack, as the length of the key in this type of encoding three times larger than a regular DES key. With a longer key length the amount of time required to try every combination will take longer, therefore reducing the threat of this type of attack. In a message corruption attack, “an attacker will attempt to derive information by observing information that leaks during the computation of a given command, or attempt to inject faults using mechanisms” [7] developed to plant data within the card. Such attacks can be made by “observ[ing] the power consumption of a microprocessor, or to inject faults by putting a glitch into the power supply” [7]. A message corruption attack is a serious threat that can lead to patient records being tampered with, which may have adverse affects on a patient. For instance, if a hacker was to 5 Ben Zimmerman Harrison Lynch change certain drug or food allergies on a patients card then the results could be disastrous if that patient was given emergency treatment with those drugs, as the doctors would not be aware of this problem. One way of preventing message corruption attacks is through manufacturing techniques that give a smart card added security features. Design features like “opaque tamper-evident coating [can] be used to deter direct observation, probing, or manipulation of the surface features of the chip” [9]. This simple addition to the manufacturing process can help ensure that a hospital’s healthcare network is not threatened by a direct and physical attack from a hacker. Security must be a main focus of any healthcare provider considering transitioning to a smart card based patient records system. Taking preemptive measures through strong encryption and tamper resistant manufacturing, a system can be safe from attack and more importantly give the users, namely the patients, a sense of security so that they are more willing to adopt this new technology. The costs of the components of a smart card system are investments made by healthcare institutions to improve their efficiency. The returns from these investments can be seen in the amount of money saved from redundancies that stem from a paper record system. For example, in Alberta, Canada a smart card system was introduced to “carry the results of past medical tests and thus avoid unnecessary duplication” [31] In the Alberta system it was estimated that the adoption of the cards would “save $25 to $30 million in laboratory costs alone by cutting out…duplication” (Walker). Spread out over 6,000 facilities the money saved in this system is notable and has the potential to significantly reduce operating costs in Alberta [31]. In general, the problem of redundancies is something that affects all fields of healthcare. According to Paul Contino, VP of Information Technology at Mount Sinai Medical Center, the problem of redundancies can account for “200,000 duplicate records—estimated to cost $60 to $100 per patient” [26] at a regular sized hospital. The adoption of a smart card based medical record system is an investment that has the potential to significantly cut costs in hospitals in the long run, building better infrastructure for future generations. JUSTIFYING THE COST OF A SMART CARD BASED PATIENT RECORD SYSTEM THE FUTURE OF SMART CARDS IN HEALTHCARE When any healthcare system is considering adopting a smart card based medical records system, they must be conscious of the implementation cost of such a system and decide whether or not the money invested will ultimately have an impact and cut costs. A smart card system is a significant investment that, in the long run, can cut costs associated with keeping track of and taking care of a physical paper record system. The money saved through the adoption of such a system has the potential to be a worthwhile endeavor undertaken by a healthcare provider that will ultimately benefit them, as much as the patient. Two key components of a smart card based medical record system are the actual cards and the card readers that transmit a patient’s data to and from the hospital’s network. According to one statistic provided by Xiao and Yu, two biochemists involved in hospital logistics, “a compatible reader costs 41 USD in single quantity orders” [29]. Xiao and Yu also note “with larger quantities and competition amongst vendors, the price should be reasonable for an item with a useable life of up to 10 years” [29]. Besides card readers the actual cards need to be bought as well. Different sources give different prices for an individual smart card, but a recent finding from April 2011 states that “card prices average between $9-15” [30]. While this price may seem steep, it is directly related to the sophistication of the cards and what sort of memory and read-write capabilities they posses [31]. These cards are complicated pieces of technology that have many detailed and intricate parts that cannot be cheaply replaced, therefore it is wise of a healthcare provider to invest in quality cards that do not have a high rate of failure, as this would defeat the purpose of shifting to a digital records system. While smart card technology is slowly being adopted in healthcare as a medical record storage system, it’s potential serves as a realistic and beneficial application of this exciting technology. Smart cards in healthcare provide a more efficient way of transferring, processing, and storing patient data and medical records. By reducing the amount of red tape and filing processes that healthcare providers must go through to maintain a patient’s records, the entire process of getting a patient in and out of the hospital can be expedited. By giving doctors information they need about a patient such as medical or prescription history immediately, rather than making them wait for the proper channels to request the information and then have to physically track down the records, decisions about a patient’s health can be made with the necessary information much faster. In a smart card based medical records system it is important that ethical concerns such as patient-doctor confidentiality and patient consent are respected and maintained. As with any form of digital media all those involved in handling a patient’s smart card or the data stored on it must be extremely careful so that no personal information of the patient is divulged. In order to ensure that patient data is heavily protected, smart cards often come equipped with a fortified security system, making it extremely difficult for hackers to steal a patient’s data. In order to properly implement such a system, investments must be made so that the smart card system can operate to its full potential. Spending the money on card readers and actual cards is an investment that can save hospitals and other healthcare facilities money in the long run. It is this long lasting influence that makes the initial investment such a worthy one. A smart card based patient record system can have an impact on the efficiency of 6 Ben Zimmerman Harrison Lynch [21] S. Alpert. (1993, Nov.). “Smart Cards, Smarter Policy Medical Records, Privacy, and health Care Reform.” The Hastings Center Report. pp. 13-23. [22] Phelps (2003). “Healthcare: Informed Consent.” Gale Encyclopedia of Everyday law. Detroit MI: Gale. p683-686. [23] W. Winslade (2004). “Confidentiality.” Encyclopedia of Bioethics. New York NY: Macmillan Reference. p494-503. [24] A. Allen. (2004). “Privacy in Healthcare.” Encyclopedia of Bioethics. New York NY: Macmillan Reference. p2120-2130. [25] (2012). “Summary of the HIPAA Privacy Rule”. HHS. [Online Article]. Available: http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/index.html [26] A. Eskicioglu, L. Litwin. (2001, Feb./March). “Cryptography.” Potentials, IEEE. [Online Journal]. Available: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=913211 [27] N. Jalaliyoon, S. Sahibuddin, H. Taherdoost. (2011). “Smart Card Security; Technology and Adoption.” International Journal of Security [Online Article]. Available: http://www.doaj.org/doaj?func=abstract&id=944971&recNo=3&toc=1&ui Language=en [28] K. Paudayl (2012, Jan 6). “Triple DES.” Kushal’s Java Blog. [Online Image]. Available: http://sanjaal.com/java/189/java-encryption/tutorialencryption-and-decryption-using-desede-triple-des-in-java/ [29] C. Xiao, A. Yu (2009). “Medical Smart Card System for Patient Record Management.” [Online Article]. Available: http://step.berkeley.edu/White_Paper/Xiao_Yu.pdf [30] J. Morton (2011, Apr.). “Top smart card blunders: use a little forethought and common sense to avoid these glitches.” Smarter Buildings. [Online Article]. Available: http://galenet.galegroup.com/servlet/BCRC?srchtp=adv&c=1&ste=31&tbst =tsVS&tab=2&aca=nwmg&bConts=2&RNN=A256281669&docNum=A2 56281669&locID=upitt_main [31] R. Walker (1995, June 15). “’Smart cards’ to cut health costs.” Calgary Herald. [Online Article]. Available: http://www.lexisnexis.com/hottopics/lnacademic/?shr=t&csi=8349&sr=HL EAD(Smart+cards+to+cut+health+costs)+and+date+is+June,%201995 hospitals and other healthcare institutions, ultimately leading to improved patient care with minimal drawbacks. REFERENCES [1] M. Hansen. (2008, October). “Smart Card Technology and Healthcare Information: A Dynamic Duo.” CIN: Computers, Informatics, Nursing. pp254-257. ScienceDirect. [Online article]. Available: http://www.sciencedirect.com/science/article/pii/S1386505605001231 [2]M. Hendry. (2001). Smart Card Security and Applications, Second Edition. Norwood, MA: Artech House.[3] D. Musker. [3]“Reverse Engineering.” Jenkins. [Online article]. Available: http://www.jenkins.eu/articles-general/reverse-engineering.asp [4] E. Weise (2006, July 20). “Language Barriers Plague Hospitals.” USA Today. [Online Article]. Available: http://www.usatoday.com/news/health/2006-07-20-hospital-language_x.htm [5] (2012). “Smart Card.” Smart Card World. [Online Image]. Available: http://www.etopiamedia.net/smartcardworld/pages/smartcardworld05551212.html [6] J. Brahm and E. Turban. (Nov 2009). “Smart Card-Based Electronic Card Payment Systems in the Transportation Industry.” Journal of Organizational Computing and Electronic Commerce. Vol 10. no. 4. pp. 281-293. [7] K. Mayes and K. Markantonakis. (2008). Smart Cards, Tokens, Security and Applications. New York, NY: Springer. [8] Y. Haghiri and T. (2002). Tarantino. Smart Card Manufacturing, a Practical Guide. New York, NY: John Wiley & Sons, Inc. [9] H. Dreifus and J. Thomas Monk. (1998). Smart Cards. New York, NY: John Wiley & Sons, Inc. [10] S. Morris, J. Cooper, D. Bomba, L. Brankovic, M. Miller, F. Pacheco. (2004, March 19). “Australian healthcare: a smart card for a clever country.” ScienceDirect. [Online article]. Available: http://www.sciencedirect.com/science/article/pii/002071019501132X [11] (Feb. 2006). “Smart Card Applications in the U.S. Healthcare Industry.” Smart Card Alliance. [Online article]. Available: http://www.smartcardalliance.org/resources/lib/Smart_Card_Healthcare_Ap plications_FINAL.pdf [12] B. Horowitz. (2011, Feb. 2). “Health Care Kiosk.” eWeek. [Online Image]. Available: http://www.eweek.com/c/a/Health-Care-IT/Health-CareKiosks-Streamline-Patient-Access-to-CheckIns-Screenings-152812/ [13] B. Blobel, P. Pharow, V. Spiegel, K Engel, R Engelbrecht. (2001, Nov. 28). “Securing interoperability between chip card based medical information systems and health networks.” ScienceDirect. [Online article]. Available: http://www.sciencedirect.com/science/article/pii/S1386505601001939 [14] (2012). “About Smart Cards: Frequently Asked Questions.” Smart Card Alliance. [Online article]. Available: http://www.smartcardalliance.org/pages/smart-cards-faq [15] J. Zoreda and J. Oton. (1994). Smart Cards. Norwood, MA: Artech House. [16] (2009, Aug.) “The SESAM-Vitale program.” GIE SESAM-Vitale. [Online Article]. Available: http://www.sesamvitale.fr/programme/programme_eng.asp [17] (2006). “Sesam Vitale.” Smart Card Alliance. [Online Article]. Available: http://www.smartcardalliance.org/resources/pdf/Sesam_Vitale.pdf [18] I. Pitrou, A. Lecourt, L. Bailly, B. Brousse, L. Dauchet, and J. Ladner. (2009). “Waiting time and assessment of patient satisfaction in a large reference emergency department: a prospective cohort study, France.” Mendeley. [Online article]. Available: http://www.mendeley.com/research/waiting-time-and-assessment-ofpatient-satisfaction-in-a-large-reference-emergency-department-aprospective-cohort-study-france/ [19] (2010, Aug. 22). “US Wait times Average of 4 Hours 7 Minutes in Emergency Departments in 2009.” Disabled World. [Online article]. Available: http://www.disabled-world.com/medical/rehabilitation/waittimes.php [20] (2006). “SESAM-Vitale French eHealth program.” Gemalto. [Online Article]. Available: http://www.gemalto.com/public_sector/sesam_vitale/ ADDITIONAL SOURCES J. Gallant (1995, Nov. 23). “Smart cards: trained for security. EDN. [Online Article]. Available: http://go.galegroup.com/ps/infomark.do?action=interpret&sPage=34&sourc e=null&prodId=AONE&userGroupName=upitt_main&searchType=Advan cedSearchForm&type=DIourl&queryId=Locale%28en%2CUS%2C%29%3 AFQE%3D%28sp%2C2%2934%3AAnd%3AFQE%3D%28iu%2C2%2924 %3AAnd%3AFQE%3D%28sn%2C9%2900127515%3AAnd%3AFQE%3D%28vo%2C2%2940%24&version=1.0&authC ount=1&u=upitt_main C. Liu, P. Yang, Y. Yeh, and B. Wang. (2005, August). “The impacts of smart cards on hospital information systems—An investigation of the first phase of the national health insurance smart card project in Taiwan.” ScienceDirect. [Online article]. Available: http://www.sciencedirect.com/science/article/pii/S1386505605001231 D. Sauveron. (July 2009). “Multiapplication smart card: Towards an open smart card?” Université de Limoges. [Online]. Available: http://www.sciencedirect.com/science/article/pii/S1363412709000247 ]“Reverse Engineering.” Jenkins. [Online article]. Available: http://www.jenkins.eu/articles-general/reverse-engineering.asp ACKNOWLEDGEMENTS We would like to thank several people who all helped make our outline what it is today. First we would like to thank Mr. Dan McMillan for providing insightful comments that provided us with stimulating thoughts on our topic, allowing us to narrow our research into a specific field. We would also like to thank Ms. Beth Newborg for also providing us with feedback on our topic, allowing us to develop what 7 Ben Zimmerman Harrison Lynch field of smart cards we wanted to look into. We would also like to thank Taylor Robinson our co-chair for providing us with guiding comments that allowed us to fix up our paper. 8