Smartcards in healthcare

Committed to the Open Source Movement in Healthcare

Established
16 October 1998

updated: 13 January 2004

Smartcards in healthcare

By HBS Consulting

“Healthcare alone is almost non-existing anymore. It would be a mistake in the smartcard industry if people were exclusively focused on healthcare. The definite trend today is egovernment. If you contact a major smartcard manufacturer you will not find people in charge of healthcare in these corporations.” So says a vice president at one of the smartcard manufacturers.

But is this true? Certainly, a quick visit to the websites of the major manufacturers reveals much emphasis on egovernment. In general you have to navigate a few levels of the site before you even find the word healthcare. Even industry body Eurosmart no longer splits out healthcare card figures from egovernment and ID card figures.

Yet HBS’s research for its report on the use of smartcards in healthcare suggests a market of over 200m smart health cards in Europe alone over the next five years. That may not be in the league of banking or GSM volumes but it is not negligible. The recent decision by the European Commission to mandate the introduction of a card-based replacement to the E111 form, facilitating cross-border healthcare, should mean significant smartcard volumes too. So what’s going on?

Perhaps the question is one of semantics. After all, in virtually every country bar the United States, healthcare is a substantially state-run or state-funded function. So a healthcare card is a sub-class of egovernment card. Yet manufacturers seem to be promoting the idea of a multi-application egovernment card, good for everything from health to driving licences to evoting.

Well, perhaps not evoting. Most of these multi-application government or ID card systems are being sold outside of Europe to countries such as Oman, United Arab Emirates, Bahrain, Macau, and Hong Kong. The systems are being sold as ID card programmes with healthcare as an option to be added at a later date. That is certainly the case for the contract that Gemplus, for example, has with the Sultanate of Oman. Malaysia’s ID card already contains health data. The system to be launched over the next year in Thailand will combine health and ID. Manufacturers admit that non-European countries in general find it easier to launch technologically advanced ID card systems than do European countries with a tradition of concern about civil liberties and data privacy.

Nonetheless, some European countries are going down this path too. Belgium is soon to launch a smart ID card. Healthcare functions, currently dealt with in a limited way by the SIS social security card system, are likely to move to this new card over the next few years. Italy was certainly planning to put healthcare functions on its new smart/optical ID card, although a change of Health Minister now means that there’s a chance it may launch a separate health card system instead. Romania will put health functionality on its new ID card system. There are discussions going on in France too about whether the SESAM-Vitale system, currently contemplating an upgrade to highly secure and more expensive PKI functionality, should share card real estate with the planned French ID card system, which will also use PKI. The UK’s much threatened entitlement card system is as much about controlling people’s access to state-provided services such as the NHS as it is about providing ID for national security purposes.

Even in the commercial world, issuing multi-application cards is fraught with difficulty. There are questions to answer about branding, about responsibility for issuing cards and for replacing lost and stolen cards. This is unlikely to be any different in the world of government applications. Identity cards are often issued by the Ministry of the Interior or by the police, whereas health cards would normally be the responsibility of the Ministry of Health. Is it clear to the cardholder whether they should complain to their doctor or to their police station if the card is lost or stolen?

If a health application is going to be added later to a card, should that be reflected on the card’s artwork from the outset? If not, how can it be added? Adhesive plastic stickers is the answer that many European countries may arrive at when it comes to adding European health insurance data to national health cards. Jan van Arkel, Co Chair e-Europe Smart Card Charter comments that when issuing [health insurance] cards it is difficult enough to try to negotiate between health insurers and healthcare providers — adding in additional interests can only make this worse.

Public opinion might also be unhappy with the idea of dealing with the police on health-related matters. The Dutch National Chipcard Platform did some research in the Netherlands that showed public reluctance about healthcare functions on multi-application cards during the late 1990s. This prejudice is likely to outweigh the desire to reduce wallet congestion.

“People in general are not that keen on having health data mixed with other cards. If you ask people if they object to having health data or health insurance information on a banking card or on a national ID card, the answer in general is that they do not favour such a combination. People are accustomed to having large quantities of cards and they would like functional combinations.”

Jan van Arkel, Co Chair e-Europe Smart Card Charter.

Public concerns about health data being visible to non-health professionals can often be resolved with sufficient information about card technology. In particular, multi-application technologies such as Java Card are designed to ring-fence data from different applications. Java Card also makes it easy to add further applications to the card once it is out in the hands of the public, without having to recall the card.

Manufacturers say that Java Card is becoming the de facto standard for government applications, although rival multi-application system MULTOS is used in the Hong Kong and Macau programmes. In the healthcare sector the major system using Java Card at this point is Taiwan’s, although the US Department of Defense card uses Java Card too.

One of the reasons that card manufacturers like to promote multi-application systems is that they use more advanced cards that cost more. There is a price difference of several euro per card between the sort of low-end memory card currently in use in the German and Belgian health insurance systems and the high-end Java Card being used in Taiwan.

Another way of combining healthcare functionality with other applications on a card might be to look at the commercial sector. In some applications this could make very good sense. For example, a programme like the UK’s Occupational Health Smart Card system will see hospital doctors carrying a smartcard around while they are on duty. It could well make sense to add building access or a cashless canteen application or even a vending machine purse to that sort of card.

In the United States, where health cards will be issued by insurance providers or HMOs rather than the government, the potential for commercial co-operation is higher. Sun Microsystems who own the Java Card multi-application technology are promoting the idea that insurers could sell card space to pharmacy chains for loyalty applications. That way, all the insurees of insurer X are rewarded for filling their prescriptions only at branches of pharmacy Y.

It couldn’t happen over here. Or could it? British Home Secretary David Blunkett has already floated the idea of having banks share card space with (and fund) the Entitlement Card. In the Netherlands, Dutch banks Rabobank and ABN Amro are investigating offering secure sign-on cards using the bank sector EMV protocol for sign on to non-bank networks including health networks.

There are problems, though, with this type of state–private co-operation. What. for example. would happen to a shared card if commercial privileges (for example credit facilities) were withdrawn? In Britain, where automated teller machines swallow bank cards after three incorrect PIN attempts, losing access to your identity or healthcare card until the bank sees fit to return it could pose problems. In addition, would a government be happy for its cards to carry the Visa or MasterCard brand? And vice versa?

The one existing system where this combination does exist (alongside yet further applications) is the multi-application, social benefits card pilot launched in Moscow by the Bank of Moscow. The system is used by pensioners, students and other state aid recipients and gives access to social benefits including healthcare and free public transport. It also carries a Visa debit application.

However, perhaps people who think about multi-applications in terms of sharing card space are looking in the wrong direction. Van Arkel has another suggestion. “There’s more interest in looking to sharing infrastructure — a combined card reader in the home or something like that”, he says. This avoids arguments over branding issues. That opens up the possibility of leveraging either the bank infrastructure, using ATMs perhaps to make healthcare appointments, or bank-provided smartcard readers at home. The other alternative is the smartcard reader in everyone’s pocket — the GSM phone.

At present though, in Europe, as the report shows, the emphasis is on healthcare alone and the only multi-application we are likely to see in the next few years is a plastic E111 sticker on the back of a national health smartcard.

HBS Consulting
Contact:
Elzbieta Jurkiewicz
Project Manager
HBS Consulting
149 Grosvenor Rd
London SW1 3JY
UK
13 January 2004