First published in Health Service Journal, 8 September 2005
Across continental Europe, patients visiting a doctor take a plastic card to prove their entitlement to healthcare. Increasingly, these cards hold a microchip allowing payments for treatment to be processed and if necessary refunded more quickly than in the past.
But smartcards can also be used as electronic keys to patient records, boosting security and demonstrating consent.
The UK, with healthcare free at the point of delivery, has had no need for health insurance cards in any of the four home nations. When it becomes compulsory, the national ID card will probably be used in health only when first registering with a surgery or hospital, and probably only in England (Scotland has ruled out using the ID card to check entitlement for devolved services, including health).
The ID card’s associated identity database, which will eventually contain “biometric” images of the faces, fingerprints and irises of every adult in Britain, could be used to identify unknown, unconscious patients in accident and emergency. Home secretary Charles Clarke has suggested that cards could also hold emergency healthcare information.
Other countries have dedicated health smartcards, sometimes in addition to national ID cards. France’s Vitale patient smartcard was introduced in 1998, with the aim of speeding reimbursements of payments for healthcare. It is now held by 48 million people – everyone aged 16 or above insured by a state-sector health insurer.
Before 1998, patients paid upfront for healthcare, received a paper form from the healthcare professional, sent it to their state-sector insurer, then waited 20-25 days to be reimbursed. Now patients only pay in some cases, and if so, they receive reimbursement much faster because the invoice is sent electronically to their insurer; 78.6 million electronic invoices were processed in June. Surgeries and hospitals save time in processing and receiving payments. The system is currently being extended to cover those who use private health insurers. Healthcare professionals also use a smartcard to show they are providing a service, and claims can only be generated when both cards are present.
France’s Vitale card does not hold or give access to medical records, but this may change. Vitale 2 cards will be issued in 2007, with 16-year-olds likely to be the first recipients. ‘At the end, everybody will have a card,” says Jacques de Varax, director of general management for GIE Sesam-Vitale, which issues the cards and manages the infrastructure, although there is no deadline yet for moving everyone to the new card.
Pending a decision by the French health ministry, the Vitale 2 card may contain data such as general and drug allergies, blood group, a person to call in the event of an accident and their doctor’s name. “As far as health data are concerned, we will have only emergency data on the card,” says Mr de Varax. “The idea is to be able to use this data with a simple access,” using the standard card-readers already used by health professionals for insurance claims.
Most of a patient’s clinical data will be held on his or her dossier médical personnel, a separate electronic patient record project due to start in 2007, for which the Vitale 2 may act as an electronic key.
GIE Sesam-Vitale is involved with the European Netc@rds project, which aims to improve the interoperability of countries’ public health insurance systems. It will use either national health smartcards, such France’s Vitale, Germany’s eGesundheitskarte and Italy’s Carta Dei Servizi, or the European health insurance cards (Ehics). The latter are replacing forms such as the E111 in showing a foreigner has entitlement to the same healthcare benefits as locals.
The UK will issue Ehics without a chip from the end of this year – health professionals elsewhere in Europe will need to type in the details of British patients from the card – but the Vitale 2 card could act as an electronic Ehic as well. “The question is not about the capacity to include this, because it is a good size [of memory], the question is what the process is to read and control the different cards in Europe,” says Mr de Varax.
GIE Sesam-Vitale international project manager Noël Nader, says the Netc@rds project is analogous to banks co-operating through systems such as Visa and Mastercard: rather than issuing their customers with different cards for different countries, they build a communications network to allow their normal credit and debit cards to work abroad.
GIE Sesam-Vitale is also discussing a standard for emergency health data on smartcards, known as Netlink, for use across Europe and elsewhere: it has been adopted by an International Standards Organisation working group.
Other parts of Europe are following France’s lead. In the Andalucia region of Spain, access to electronic patient records was in-built from the start. The system covers 92.7 per cent of the region’s population: those using private healthcare are excluded.
Andalucia’s secretary for health issues Antonio Peinado says that the main driver of the scheme was to bring benefits to patients. “The idea is not to gain economically, but to gain quality of service,” he says. “We haven’t done this with the idea of economic impact.” However, one benefit is that GPs are saving 18-20 per cent of their time through reduced administration: “They can use that time to attend to patients,” says Mr Peinado, adding that the move to electronic systems has other benefits. “It gives us a lot of space in surgeries and hospitals, as we don’t need space for the documents to be kept, and people to take care of the documents,” he says.
‘The most important thing is the unique history, the single medical record for every patient. Any doctor can check the record..” This will include knowing about drug allergies and conditions when a patient enters accident and emergency, although the system is not yet available in an A&E ward.
The most obvious difference between systems in Andalucia and England is the presence of a patient smart-card. “The card’s design is careful to ensure that patients” confidentiality is not compromised,” says Mr Peinado. Smartcards include a microchip containing a security code. “It’s a key,” he says. “Without it, you can’t get into the computer system.”
However, it is possible to bypass this security in an emergency, by either the patient or (if the patient is incapacitated) a healthcare professional signing a form.
The system also includes functionality similar to the “secret envelope” planned by Connecting for Health for English patients. “The patient can ask the doctor to hide whatever he wants,” says Mr Peinado. “The doctor would be the only person who could see that part of the record.” This could apply to the whole record, if the patient wishes.
What could CfH learn from Andalucia? Mr Peinado says that keeping the patient in mind, and developing the system with clinical professionals, are the two most important things to do: more than 400 healthcare professionals helped develop the system.
More specifically, he says that training proved to be more work than expected. “The main problem, the most difficult task, is to help the professionals in the change from one system to the other. We had to intensify teaching, to help them to adapt to the new system,” he says. “Also, try not to rush not only the teaching, but also the [implementation of] applications.”
The UK is following continental Europe in issuing smartcards, but only for health professionals. CfH had issued more than 70,000 staff smartcards as of mid-July, giving professionals access to systems including choose and book, GP systems and patient administration systems. It also allows the application of rules as to who can see and change data, as well as an audit trail of what was done when. CfH says it is issuing about 5,000 smartcards a week, and has registration authorities established in more than 90 per cent of primary care and acute trusts.
The Welsh Assembly government announced a similar staff smartcard scheme last October, initially for student and junior doctors, who move quickly between placements compared with full-time staff. Scotland and Northern Ireland do not have current plans for smartcards, although a spokesperson for NHS Scotland said the technology is something it is considering for the future.
Other parts of the UK state sector – specifically, local authorities – are already issuing citizen smartcards. The Office of the Deputy Prime Minister funded the National Smart Card Project to develop software and standards for use by councils.
Mid-Suffolk district council has issued 1,400 smartcards, primarily to administrate concessions for pensioners, those on benefits and those in full-time education. However, the card can also hold the user’s GP details, any important medical conditions and allergies and their willingness to be an organ donor.
Other district councils in Suffolk are adopting smartcards for access to leisure services, and have the option of including health data through the National Smart Card Project standard. ‘Our vision is that, when we have significant numbers and money, we equip frontline staff with readers,” says Suffolk e-services card manager Geoff Doggett.
The National Smart Card Project is talking to CfH about ensuring their staff smartcards are compatible. Richard Tyndall, programme manager for the project points out that local authority and health service staff have to share sensitive information, such as on children at risk. “The vision is that there will need to be strong authentication to allow different parts of government to access each other’s data,” he says.
And if staff smartcards can be compatible, so can those for citizens, allowing secure access to patient and client records. “But we’re not there yet,” cautions Mr Tyndall.
Copyright SA Mathieson 2005. This article won the inaugural BT IT Security Journalism Award for Best Identity Management Story.