Alliance Outlines Need For Smart Card-Based Healthcare Identity Management Infrastructure Leveraging Existing Federal Standards

  • Oct 09, 2009

Government policy makers and healthcare stakeholders looking to establish electronic medical records (EMRs) to improve the U.S. healthcare system should look first to defining the identity management infrastructure for securely identifying patients, medical providers and anyone else handling the records, stated the Smart Card Alliance Healthcare and Identity Councils in a position paper issued recently. To this end, the Councils recommend the use of existing federal standards for smart cards to create a trusted identity management infrastructure.

The passing of the American Recovery and Reinvestment Act of 2009 (ARRA) and HITECH Act gave impetus for the Smart Card Alliance to create the paper to elevate the discussion about identity management before the federal government begins to invest over $19 billion in healthcare information technology. This investment will provide significant incentives for healthcare providers to implement EMR systems over the next five years. The Alliance argues that these plans that emphasize electronic health record exchange are putting the cart before the horse, and effective identity management is needed first.

“As we move away from paper-based medical records that are controlled by physical access to buildings, rooms, and files, we need to have a healthcare infrastructure that supports strong identity and security controls,” said Paul Contino, chair of the Smart Card Alliance Healthcare Council and vice president of information technology with Mount Sinai Medical Center “The issues with establishing identity are compounded as electronic medical records are used by many different organizations at the regional, state, and national levels. There must be a way to uniquely and securely authenticate each person across the healthcare infrastructure, whether that interaction is in person or over the Internet.”

The Smart Card Alliance paper discusses the current challenges facing the healthcare IT infrastructure and details why smart cards provide the most cost efficient, secure, and user-accepted method for solving the healthcare identity management problem. It also explains how smart card technology can help make the critical capabilities needed in the healthcare infrastructure both possible and cost-effective. It can also provide an ideal way to achieve HIPAA compliance and meet the more stringent regulatory requirements of ARRA / HITECH.

“The lack of consistent and uniform identity management is at the root of the challenges faced by the healthcare industry today -- lowering administrative costs, preventing medical identity theft and fraud, protecting patient privacy, and enabling healthcare data exchanges. In fact, of the 195,000 deaths in the United States that occur annually due to medical errors, 60 percent of those were because of failure to correctly identify the patient,” said Randy Vanderhoof, executive director of the Smart Card Alliance. “Creating a healthcare identity management infrastructure based on smart card technology directly addresses these problems because it enables the ability to properly identify patients and healthcare providers, match healthcare records, and identify individuals and healthcare providers that have authorized access to them.”

In addition to the use of smart cards, the Healthcare and Identity Councils advise the healthcare industry to take the opportunity to leverage and build upon existing federal initiatives and standards, such as the NIST Federal Information Processing Standard (FIPS) 201 and the Personal Identity Verification (PIV) card, which are already in use by numerous government agencies. These existing standards are proven technology solutions and an established set of best practices for smart card-based identity management and authentication that can be adapted to healthcare.

“NIST standards, and the Federal Identity, Credential, and Access Management (F/ICAM) committee vision and framework on identity management provide the foundation for the healthcare industry to jump-start the definition of a national healthcare identity management infrastructure and provide a proven model for interoperability across multiple organizations,” Vanderhoof said

Featured

  • The Future of Access Control: Cloud-Based Solutions for Safer Workplaces

    Access controls have revolutionized the way we protect our people, assets and operations. Gone are the days of cumbersome keychains and the security liabilities they introduced, but it’s a mistake to think that their evolution has reached its peak. Read Now

  • A Look at AI

    Large language models (LLMs) have taken the world by storm. Within months of OpenAI launching its AI chatbot, ChatGPT, it amassed more than 100 million users, making it the fastest-growing consumer application in history. Read Now

  • First, Do No Harm: Responsibly Applying Artificial Intelligence

    It was 2022 when early LLMs (Large Language Models) brought the term “AI” into mainstream public consciousness and since then, we’ve seen security corporations and integrators attempt to develop their solutions and sales pitches around the biggest tech boom of the 21st century. However, not all “artificial intelligence” is equally suitable for security applications, and it’s essential for end users to remain vigilant in understanding how their solutions are utilizing AI. Read Now

  • Improve Incident Response With Intelligent Cloud Video Surveillance

    Video surveillance is a vital part of business security, helping institutions protect against everyday threats for increased employee, customer, and student safety. However, many outdated surveillance solutions lack the ability to offer immediate insights into critical incidents. This slows down investigations and limits how effectively teams can respond to situations, creating greater risks for the organization. Read Now

  • Security Today Announces 2025 CyberSecured Award Winners

    Security Today is pleased to announce the 2025 CyberSecured Awards winners. Sixteen companies are being recognized this year for their network products and other cybersecurity initiatives that secure our world today. Read Now

Most   Popular

New Products

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.