Smart Card Alliance Government Conference Concludes with Updates on Health Security Card and Expanding Uses of PIV for Information Access
Princeton Junction, NJ, November 7, 2011–More than 600 government and technology sector leaders and 40 exhibitors came together at the 10th Annual Smart Card Alliance Government Conference, which took place last week in Washington, D.C. The event brings together a broad spectrum of government users, policy makers, analysts and technologists in a collaborative and informative conference that includes the latest news on a wide range of government smart card programs underway.
Health Identity and Security Cards
Dr. Jim James of the American Medical Association updated the audience on the Health Security Card program, which was inspired by the difficulties caregivers had in the wake of Hurricane Katrina. Dealing with 1.5 million evacuees with an absence of clear personal health information and the unavailability of electronic health records made caring for these individuals difficult. The Health Security Card concept is that the individual would have critical personal health information card on their person with PIN protection; if Internet access is available, the card would link to full medical records for authorized caregiver access.
The AMA has identified 30 different data elements, evaluated a number of different form factors and tested consumer acceptance in focus groups and pilot programs. After two years of research, they have determined that a smart card-based personal health information card is far and away the most acceptable to individuals as well as to the American Medical Association, because of its security, durability and privacy.
One of the advantages of using the smart card as the personal medical health card is that it can be read by equipment that is being issued for use by FEMA for first responders who have PIV-I credentials, according to Craig Wilson, who oversees the first responder initiative.
In another healthcare-related initiative, Debra Bucci of the National Institute of Health reported that they have 55,000 users with 275 applications and 700 different URLs using PIV cards for single sign-on. Since December 2010, all sensitive applications have required two-factor authentication. They are also conducting an interoperability pilot across several federal government organizations to test the cross certification and interoperability of PIV credentials and federated identity trust.
Oberthur’s Patrick Hearn reviewed the specifics of the proposed bi-partisan sponsored legislation on a smart card-based Medicare Common Access Card (CAC). The goals are to save as much as $30 billion a year in waste and fraud, and to better protect the healthcare identities of Medicare beneficiaries, including removing their Social Security numbers from the face of the card. The bill would establish five regionally diverse pilot programs of a smart card-based Medicare card for both beneficiaries and service providers within 18 months. Within one year after that, the proposed law calls for a report on the results of the pilot, and within two years an analysis of considerations for expanding the program nationwide.
Other Cybersecurity and Identity Highlights
The importance of smart cards to the National Strategy for Trusted Identities in Cyberspace (NSTIC) continued to figure prominently and was underscored by Paul Grant, who reaffirmed what was said during Wednesday’s keynote sessions: that the smart card PIV-based Federal Identity and Access Management (ICAM) guidance is the executive branch’s instantiation of NSTIC. Grant is special assistant for federated identity management at the office of the Department of Defense CIO, and co-chair of the ICAM Subcommittee (ICAM SC).
Chad Grant of the National Association of State CIOs discussed state and local government interest in PIV-I credentials, stating that based on a survey of its members, “for IT security the game has changed.” States also see that they are “the nucleus of identity from cradle to grave” and know there is a state role to play in helping to build a national framework of interoperable, trusted and federated identities, said Grant.
Bill MacGregor, Hildegard Ferraiolo and David Cooper from NIST reported on the status of FIPS 201-2, the upcoming revision to the Federal standard for personal identity verification. Over 1,000 comments were received on the first draft revision; NIST will produce a second draft and have a 30-day public comment period on it before finalizing the standard. The goals of the update are to improve efficiency, improve security and add requirements for new capabilities, including biometric match-on-card and enabling PIV credential use from mobile devices.
William Irwin of GSA reported on the progress made at the agency in meeting OMB M-11-11 requirements. 99% of employees have PIV cards and 99% of network users are using PIV for workstation login. “In a time span of 4 months, by the 4th of July, pretty much everyone was logging in,” he said. Irwin also reported that GSA went live with the GSA Access Management System in June, and that “the business case showed expected savings of $23 million per year upon full integration.”
Corinne Irwin, NASA, reported that NASA users can use PIV for physical access, network authentication, access to 58% of applications (over 800 at this point) and remote VPN access at two centers. She reported that they saw an 80% reduction in help desk calls for password resets and account lockout when the enterprise training system was integrated with ICAM services. “This was a really stunning surprise.”
Frazier Evans, Booz, Allen, Hamilton, reported that this large government services organization has issued over 20,000 PIV-I credentials to employees with full deployment expected by year-end.
David Belchick, Citi Global Transaction Services, told attendees that Citi is issuing PIV-I credentials to DoD contractors, with the program launch planned for this month. Belchick drew parallels between his organization’s issuance of financial credentials for its banking customers and those government customers with similar needs.
Audio archives including the presentations and audio recordings from the 10th Annual Smart Card Alliance Government Conference are available for purchase at http://www.cvent.com/d/ldqgmg.
About the Smart Card Alliance
The Smart Card Alliance is a not-for-profit, multi-industry association working to stimulate the understanding, adoption, use and widespread application of smart card technology.
Through specific projects such as education programs, market research, advocacy, industry relations and open forums, the Alliance keeps its members connected to industry leaders and innovative thought. The Alliance is the single industry voice for smart cards, leading industry discussion on the impact and value of smart cards in the U.S. and Latin America. For more information please visit http://www.securetechalliance.org. Also follow the Smart Card Alliance on Twitter @SmartCardOrgUSA and Facebook at Smart Card Alliance.