Over the past few years, the healthcare sector has become increasingly dependent upon information technology. Contactless smart card technology has been used for many years in other industries, and is now helping to solve some longstanding thorny issues in the healthcare sector – safeguarding patients and staff, and protecting confidential patient information.
While many hospitals around Australia have adopted smart card technology, medical centres and neighbourhood general practitioners (GPs) are yet to fully engage with it. The National Health Service (NHS), the UK’s public-funded healthcare system, adopted contactless smart cards in its medical centres several years ago, and the technology has filtered through to many GPs in the country as well. Germany has issued healthcare smart cards to its entire 80 million-strong population. Though the most obvious benefit of contactless smart cards is to control physical access to buildings, other factors could deliver substantial benefits to Australian doctors as well, from secure storage of patient data, through to infection control.
In the past, it was relatively easy for an intruder to walk unchallenged around a medical centre, accessing areas meant only for authorised staff. In rare cases, this has led to security breaches where patients, and even staff, have come into contact with things like prescription pads, drugs and syringes. Contactless smart cards can address this physical access problem by using encryption to offer differing levels of building access to selected staff.
For example, a GP would require access to all areas of the building, while reception staff may just need access to patient records on the computer network. An assistant or nurse would need to access the doctors’ rooms, but not storage areas containing sensitive files. If a cleaner is employed to enter the premises out of hours, their access can be determined by the smart card as well, and limited to the waiting room, hallways and amenities.
While contactless smart cards are traditionally used for physical access control, the technology is now being adopted for logical access control as well – access to a personal computer or computer storage device on the Local Area Network (LAN). Medical professionals can use their smart card to access sensitive patient data simply by presenting their card to the reader.
Again, security levels can be set to allow access to certain areas of the computer system to designated people, while locking out others who do not require the same level of information.
As well as safeguarding the security of patients’ personal information, using a smart card for logical access can also create efficiencies in terms of time. If a doctor can access crucial information technology systems simply by brandishing his or her smart card, it saves having to remember and then type in usernames and passwords, freeing up more time for patient care. It also helps healthcare professionals to demonstrate that they are storing and managing patient details in a safe and secure way in compliance with the Data Protection Act 1998 – the UK’s law on the processing of data on identifiable living people.
Smart cards come in either contact or contactless form, and can offer three levels of security: single-, dual- or three- factor authentication. With single-factor authentication, using the card on its own will give access to a computer system or open a door. Dual-factor authentication – the most common level of smart card authentication in the medical profession around the world – adds an extra level of security in the form of a personal identification number (PIN) code. Three-factor authentication goes a step further, using a PIN and an extra security measure such as a biometric scan.
One surprising area where smart card technology is making an impact is infection control – a topic that is never far from the headlines. We’re all familiar with the bottles of antibacterial hand gel that now stand at the doorway to every doctor’s room, bathroom and waiting room. Headlines typically proclaim that Australia faces several new strains of influenza as each winter rolls around.
In just a few hours, a doctor could see as many as 20 patients, accessing different areas of the medical centre and different computer systems as they go. With this many potential touch points, stopping the spread of infection can be a hard task. Contactless smart cards – where the card is passed in front of a reader device without coming into contact – can eliminate several of these factors, thus limiting the spread of infection. If a pass card never touches the reader, it cannot spread germs.
In medical centres where security cards and readers are already in use, the card of choice is generally a magnetic stripe card. While these cards are cheap to produce, they can end up being more expensive in terms of maintenance. Magnetic stripe cards come in contact with the reader when inserted, and any debris that collects on the card inevitably ends up inside the reader and on its contact pins. They are also susceptible to magnetic interference and wear and tear – constant swiping through the card reader causes the stripe to deteriorate and eventually fail.
This type of card is also very restricted in terms of its data storage capacity compared to that of smart cards, some of which now have up to 164 kilobytes of memory. Perhaps their biggest disadvantage, however, is that they are very easy to clone – simply purchasing a reader off the shelf enables one to take data from a magnetic stripe card and use it to create an unlimited number of clones.
The amount of internal storage on today’s smart cards offers a whole host of potential benefits to the medical profession. While many advanced security solutions include biometric data these days, the same technology can be used to transport and convey secure information about a patient’s medical history and private health fund information. For regular patients and those in need of high levels of care, this could save a lot of time and administration – simply present the card to a desktop reader, and a patient’s medical information can instantly be transferred to the computer network.
Another developing area is the use of Near Field Communication (NFC) enabled smartphones to access secure areas. This technology follows the same principles as the traditional plastic smart card, but allows digital credentials carrying a user’s identity data to be embedded inside a mobile phone, which is then able to exchange data with readers placed on secured doors. NFC smartphones can also be used to provide access to personal health history. Users could present their phone at reception rather than filling out forms, and even have the same information available to paramedics during a medical emergency.
When you weigh up the costs of contactless smart card technology against the benefits, it can offer outstanding value to the healthcare sector, saving time and money, protecting patients and staff and securing their personal data.
Portable and secure, contactless smart cards are fast becoming a valuable tool for safeguarding physical security and guaranteeing the privacy of sensitive electronic information.
Steve Katanas is the director of sales – Australia and New Zealand of HID Global.