Getting to Meaningful Use and Beyond: How Smart Card Technology Can Support Meaningful Use of Electronic Health Records
Publication Date: February 2011
Healthcare is at a pivotal point in its evolution–one that has been faced by many other industries which have made the painful transition from a paper to a digital infrastructure. The speed at which healthcare is moving toward electronic medical records has been accelerated by government legislation and incentives, but this pace may also be its downfall. Healthcare data is a sensitive and highly personal collection of information that requires extraordinary protection. At the same time, in order to derive value from electronic health records, this information needs to be readily available to healthcare providers, healthcare facilities, and even patients and their families to positively impact care quality, accuracy and cost. This seeming dichotomy of purpose makes the effective use of electronic medical records very challenging.
However, the challenge is not simply the implementation of electronic health records, but meaningful use of them, which entails a host of additional requirements for new and existing technologies in the healthcare, security and information technology industries. The U.S. government’s Health Information Technology for Economic and Clinical Health (HITECH) Act (part of the American Recovery and Reinvestment Act of 2009, or ARRA) has specific meaningful use criteria requiring all healthcare entities to use certifiable technology that has the ability to transform healthcare information into a standardized, electronic, accessible, readable and usable format. The criteria also require healthcare data to be kept confidential, private and secure, accurate, shareable with patients as well as providers, mobile and exchangeable, and readily available. Smart card technology and smart card-based systems can aid in meeting these requirements.
Smart card technology and smart card-based systems meet a number of criteria for meaningful use:
- Smart cards augment the security of EMRs/EHRs by providing strong authentication which corresponds to at least Level 3 Assurance of the OMB’s 04-04 Memorandum.
- Smart cards can carry PKI certificates which provide the highest level of trust identity management for data interchange across networks.
- Federal standards are in place for identity verification and data access and security which use smart cards (the FIPS 201 Personal Identity Verification (PIV) standard for Federal employee and contractor identification cards).
- Smart card software is commercially available that can improve the quality, safety and efficiency of healthcare delivery while improving care coordination and data access.
- Smart card technology can help institutions manage a qualified EHR by integrating information from other external sources.
- Smart card technology honors the goals of certification criteria by: promoting interoperability, promoting technical innovation which embrace adopted standards, keeping implementation costs low, considering best practices, and providing a modular solution.
As the industry moves forward in the pursuit of meaningful use in EHR implementation, standard best practices will include sharing data from various media across multiple networks. For information to be useful, it must be accurate, secure, and related to a single individual. Access to sensitive medical information must only be granted to known (authenticated) individuals or institutions that can supply valid identity credentials and that are authorized to access the information. Information must be able to be updated and must be synchronized across all networks in real-time. Individuals or entities that access, document and modify medical information (e.g., by adding to a medical record) must provide credentials to demonstrate that the resulting data can be trusted and is accurate. Finally, confidence in the technology, by the healthcare industry, providers and facilities, and consumers, is a requirement for success. Smart card technology can be used to address all of these requirements, with a long history of global success that can help build confidence in the new healthcare systems.
Smart card technology can augment existing EMR/EHR systems to provide the critical functionality necessary to achieve meaningful use, as well as to address important security and privacy gaps that could compromise the future use and utility of emerging regional and national health information networks.
About the White Paper
This white paper was developed by the Smart Card Alliance Healthcare Council to discuss the ways in which smart card technology and smart card-based systems can better position healthcare organizations for meaningful use of electronic health records, while addressing many of the security and privacy challenges that come with electronic health records and health data exchange.
Smart Card Alliance Healthcare Council members involved in the development of this white paper included: Computer Sciences Corp. (CSC); Gemalto; Giesecke & Devrient;IBM; IDmachines; LifeMed ID, Inc.; MasterCard Worldwide; Mount Sinai Medical Center; Northrop Grumman Corporation; Oberthur Technologies; OTI America; SCM Microsystems; XTec, Inc.
About the Health and Human Services Council
The Smart Card Alliance Health & Human Services Council brings together human services organizations, payers, healthcare providers, and technologists to promote the adoption of smart cards in U.S. health and human services organizations and within the national health IT infrastructure. The Health & Human Services Council provides a forum where all stakeholders can collaborate to educate the market on the how smart cards can be used and to work on issues inhibiting the industry.