If an electronic medical record program is established for the U.S. health care system, policymakers need to define an identity management infrastructure that guarantees the security of those records, suggests two Smart Card Alliance councils in a new white paper. The Health care and Identity Councils suggest using existing federal standards for smart cards to create a trusted identity management infrastructure.
The Alliance argues that plans that emphasize electronic health record exchange are putting the cart before the horse, and effective identity management is needed first.
“As we move away from paper-based medical records that are controlled by physical access to buildings, rooms, and files, we need to have a health care infrastructure that supports strong identity and security controls,” said Paul Contino, chair of the Health care Council and vice president of information technology at Mount Sinai Medical Center. “The issues with establishing identity are compounded as electronic medical records are used by many different organizations at the regional, state, and national levels.”
The Smart Card Alliance paper discusses the current challenges facing the health care IT infrastructure and details why smart cards provide the most cost efficient, secure, and user-accepted method for solving the health care identity management problem. It also explains how smart card technology can help make the critical capabilities needed in the health care infrastructure both possible and cost-effective.
“The lack of consistent and uniform identity management is at the root of the challenges faced by the health care industry today–lowering administrative costs, preventing medical identity theft and fraud, protecting patient privacy, and enabling health care data exchanges. In fact, of the 195,000 deaths in the United States that occur annually due to medical errors, 60% of those were because of failure to correctly identify the patient,” said Randy Vanderhoof, the alliance’s executive director.
In addition to the use of smart cards, the Health care and Identity Councils recommends the health care industry leverage and build upon existing federal initiatives and standards, such as the NIST Federal Information Processing Standard (FIPS) 201 and the Personal Identity Verification (PIV) card, which are already in use by numerous government agencies.
The position paper is available here.