Digital healthcare has flourished due to several advocacies and implementations spearheaded by governments, the World Health Organization (WHO), private healthcare-based entities, and IT solution providers. Due to the advancements in cloud computing, blockchain and Nearfield communication (NFC) technologies, manual processes and documentations in the healthcare industry are eventually replaced by E-health initiatives such as electronic prescriptions and electronic health records (EHR) with the general objective to improve the whole healthcare system and provide better patient care. The smart card technologies revolutionize the digitalization of the healthcare industry through applications such as Identification and additional secure element option for EHR , logical and physical access control, and medical asset identification and tracking system.
The EHR system collects and stores patient’s personal data, medical history, test results, treatment and medication history in a web-based or client-server-based set-up. These data are managed by authorized healthcare providers including clinics, hospitals, and Health Maintenance Organizations (HMO) and can be shared among the said entities and personnel such as doctors, nurses, caregivers, etc in order to provide the best care and support to the patients.
The secure element capability of smart cards complements the EHR system by providing an electronic storage as an offline back-up for the patients’ and healthcare personnel’s data. Besides, smart card can be a logical access control medium to a secured website or portal as part of a multi-factor authentication (MFA) scheme for healthcare applications such as such as telemedicine, medical diagnosis system, remote patient monitoring, hospital management, and hospital/clinic customer relationship management (CRM) systems. . Three most common kinds of factors to confirm one’s identity are “something you have” (e.g., a smart ID card or a secure USB key), “something you know” (e.g., a password or a memorized PIN), and “something you are” (e.g., a fingerprint or facial recognition) for authorised personnel to gain access to the said systems.
On the other hand, adopting a public key infrastructure (PKI) using a smart card as the secure element for digital certificates adds another high-end layer of security to these applications. The digital certificate stored in the smart card can be used to encrypt or decrypt files and digitally sign on confidential electronic documents. For example, a healthcare professional can electronically sign prescriptions from a telemedicine or remote patient monitoring app, sign test results/reports from a medical diagnosis system, and sign medical history reports or patient hospital admission referral from a hospital management system. Whereas a patient or legal guardian can encrypt/decrypt files sent to or received from the doctor, sign electronically documents for authorizing procedures, surgeries and waivers. Thereby, ensuring these electronic documents being used and exchanged are authentic and untampered while at the same time have the flexibility to perform these tasks within or outside the healthcare facilities.
A physical access control scheme such as a visitor and patient management and parking system for authorized entry/exit can be covered by a smart card or tag which makes the investment of smart card technology worthwhile due to its capability to handle multiple applications in one card.
One of the most underrated problems that any healthcare organization face is the handling of physical assets. Assets such as diagnostic machines (e.g. X-rays, Vital Signs Monitoring equipment, etc), highly specialized medicines, and human biological materials (e.g. blood, urine, etc) can be logged manually. However, when there are numerous assets that are handled in different locations and operated by different healthcare personnel, without digitalization, identifying, and tracking them derives exposure to human errors. In the worst case, it results in theft which is detrimental and life threatening to patients.
Tagging these assets with NFC tags, one can identify and track them effectively and efficiently by placing a NFC reader or a NFC-enabled phone with an app integrated to the identification and tracking system in close proximity to an NFC-tagged asset. Other than identification and tracking, pharmaceutical companies and diagnostic machine manufacturers can tag their medicines and machines respectively in order to ensure that the items are authentic along the supply chain.
The premium advantage of implementing the smart card technology in the healthcare industry is its capability of providing a multifaceted security solution. Secured storage of MFA components such as PIN and biometric data (e.g. fingerprint) with the appropriate card reader for logical access control or physical access control can deliver match-on-card authentication that eliminates man-in-the-middle attacks and ensure valid entry or access to resources and physical spaces (e.g. buildings, clinics, parking areas, etc). The communication of data is protected by symmetric encryption algorithms (e.g. 3DES, 3KDES, etc). Furthermore, PKI technology has the ability to perform asymmetric algorithms (e.g. RSA, ECC, etc) for the digital signature and encryption of sensitive data. Transaction security, integrity, and anti-tampering have been achieved by the implementation of smart card technology in countless government or private-based eID projects.
Cost implications brought about by medical data inaccuracy or redundancy, identity theft, and cybersecurity attacks are significantly reduced with the adoption of smart card technology. Another cost benefit is that one card can handle multiple applications such as for identification, logical and physical access control, digital signing, and asset management. Each healthcare personnel, patient, guardian and other staff can have their own smart card that can be configured appropriately depending on their roles, functions, and access rights.
Another cost benefit of using a smart card technology is that one card can handle multiple applications intended for different government agencies. It also includes the ability to store multiple digital certificates for use in single or multiple transactions with government entities, hence, resulting in a compact and powerful yet flexible solution with the lowest hardware cost.
The synergy of digitalization and smart card technology allows the potential of eliminating numerous paper documents and human resources needed in processing, and limits the unnecessary vehicle commute to perform specific transactions thereby, promoting a more environmental friendly solution.
The healthcare industry can take advantage of NFC technology as protection against counterfeit pharmaceutical drugs, medical equipment, wearable IOT devices (such as glucose monitor, pulse monitor, etc) and other medical-related assets. The NFC tags attached to these assets can be pre-programmed to store the assets’ details as read-only containing product description, contraindications, instruction manual, links to the manufacturer’s website or social media accounts, etc. Product information can be retrieved by patience and users using a NFC smart card reader or a NFC enabled phone which promotes product transparency and brand awareness.