首页    期刊浏览 2024年12月05日 星期四
登录注册

文章基本信息

  • 标题:A patient smart card solution used for an experimental model in health care environment.
  • 作者:Rancea, Irina ; Sgarciu, Valentin ; Dichiu, Daniel
  • 期刊名称:Annals of DAAAM & Proceedings
  • 印刷版ISSN:1726-9679
  • 出版年度:2009
  • 期号:January
  • 语种:English
  • 出版社:DAAAM International Vienna
  • 摘要:The use of electronic medical records offers a unified manner to manage all the medical information of the patients. For each patient the doctors could know immediately his/her medical history. (Beckie, 2002)
  • 关键词:Integrated circuit cards;Medical care;Smart cards

A patient smart card solution used for an experimental model in health care environment.


Rancea, Irina ; Sgarciu, Valentin ; Dichiu, Daniel 等


1. INTRODUCTION

The use of electronic medical records offers a unified manner to manage all the medical information of the patients. For each patient the doctors could know immediately his/her medical history. (Beckie, 2002)

The smart card solution was driven by the advantages that these cards offer over the conventional plastic card with a magnetic stripe. The conventional cards were vulnerable to fraud, have a limited capacity for application data storage and also limited application support and have non-interactive transaction processing capabilities.

A smart card is supporting multiple applications and multiple functions. In order to support multiple applications, the applications must be independent of one another meaning that no application can overwrite another's data without permission.

The advantages of smart card in the health care environment are: availability (data are accessible and usable upon demand by an authorized entity), integrity (data must not be altered or destroyed in an unauthorized manner) and confidentiality (data cannot be available to unauthorized entities).

Smart cards have been used in health card applications by several organizations--University of Pittsburgh Medical Center, Mississippi Baptist Health Systems, French Health Card (Sesam Vitale--one card for the patient and one card for the health care professionals), German Health Care Card, Taiwanese Health Care Smart Card Project.

2. MEDICAL CARE SYSTEM

2.1 Smart Card Resource

The major components of a regular smart card are: a CPU for managing data, executing cryptographic algorithms; ROM for storing operating system (OS) software; RAM for temporary storage of data; EEPROM for storing variable data such as cardholder information, passwords, transaction details; card OS software for controlling applications; application software; dedicated hardware security features that prevent access to software and data stored in memory from physical or logical attacks.

Some smart cards run a "native" OS that is integrated with the installed applications. Others run an open OS (such as MULTOS or Java Card). For this cards the applications are separated from the OS by an application program interface (API), allowing the applications to be developed independently from the OS. (Chen, 2000)

The operating system is capable of execution control and instruction processing, protection of access to data, memory management, file management, management and execution of cryptographic algorithms.

Smart card transactions involve communication between the card and the card reader. The transaction routine is based on a request--response procedure. The reader initiates communication with the card sending a request, the card processes the request and sends back a response.

The proposed solution is using the Oberthur Cosmo Dual 72k smart card that has an embedded operate system, 72KB of EEPROM memory and a cryptographic co-processor for symmetric and asymmetric encryption. The card is ISO 7816 compatible. The card reader (a CardMan Omnikey one) is connected to the host through a USB port.

2.2 Application Architecture

The Application architecture consists in the on-card application and the off-card applications (all the entities that can access the smart card are using an off-line application). The off-line applications are designed for the insurance, health care professionals (doctors and pharmacists). (Vlad et. al., 2006)

The on-card application (for the insurance company, for doctors and for pharmacists) are loaded on the card at the moment of the card emitting (at the insurance company sit) and are used for storing patient personal data in the persistent memory of the smart card.

The off-line applications are installed on the terminals located at the insurance company, doctors and pharmacists.

[FIGURE 1 OMITTED]

[FIGURE 2 OMITTED]

The on-card applications are Java Card applets developed with JCOP (Java Card Open Platform) in Eclipse SDK. JCOP provides a simulator for almost all smart cards currently on the market and an applet installer on the smart cards. The application is running on card on Java Card Runtime Environment.

The on-card applications and the off-line applications are connected through the card reader; both doctors and pharmacists should have such a reader in order to access the patient card.

Data have no protection for reading in order to be easier accessed in an emergency situation. The write operation is protected through a password that is extracted from a private file. This password is unique for each doctor/pharmacists. These documents (certificates) are emitted and distributed by an authorized entity. When the health care professionals (doctors/pharmacists) want to write on the patient card they must authenticate with the private file.

2.3 Application Overview

The off-line application for the insurance company allows patient management--adding new patient, removing patient, updating patient personal data and write those data on the patient card.

The off-line application for the doctors allows adding a new patient to the central data base and managing patient medical information on the card. The doctor can view the historical medical record; can add a new medical problem and a new treatment. All the information that a doctor will write on the card will be also loaded in the central data base.

[FIGURE 3 OMITTED]

[FIGURE 4 OMITTED]

[FIGURE 5 OMITTED]

The off-line application for the pharmacists allows reading patient personal data and last treatment stored on the card. The card is storing a special code that represents the account number of the patient. In order to access this code the patient must introduce a PIN in the off-line application. For this feature a partnership with a bank was needed. The smart card is not actually storing money; it is a bridge between the bank and the pharmacy.

One limitation can be noticed for the pharmacy application. The pharmacist can only access the last treatment; if the patient was received more treatments from different doctors and couldn't go to the pharmacy and buy those medicines, he will loose the previous treatment.

3. CONCLUSIONS

One major concern is that data stored on the smart card can be read without authentication. This manner allows an easier way to access patient data in an emergency situation, but has the disadvantage that anyone who has a card reader can access the information from the card.

In order to make a trade between data needed in an emergency and all the medical record, we have chosen to implement in future release a mechanism that will allow to be read from the card only data needed in an emergency (such as current medication, allergies) and all the other data will be accessed after the patient introduce a password or other manner of authentication like biometrics or digital signature.

4. REFERENCES

Beckie, K. (2002). The Future of Card Technology in Health Care Available from: Health Data Management http://www.accessmylibrary.com/coms2/summary_028625291735 ITM Accessed: 2009-04-28

Chen, Z. (2000). Java Card Technology for Smart Cards, Addisson-Wesley, (Ed.), ISBN 0-201-70329-7

Gogou, V.; Pavlopoulus, S. Karayiannis, D.; & Koutsouris, D. (2000). A Smart Card Network in Health Care Services, Engineering in Medicine and Biology Society, Proceedings of the 22th Annual International Conference of the IEEE, pp. 559-561, Vol. 1, 2006

Vlad, M.; Tatoiu, V. & Sgarciu (2006). Smart Card and Biometrics Used in Secured Personal Identification Systems, Proceedings of the 5th WSEAS Int. Conf. on Data Communication & Computers, pp. 131-136, ISBN 9608457-54-8, ISSN 1790-5117, Bucharest Romania, 2006

*** (2003) http://www.martsoft.com/reference/healthcare/--HIPAA Compliance and Smart Cards: Solutions to Privacy and Security Requirements, Accesed on:2009-04-28

*** (2007) http://www.zurich.ibm.com/jcop/--JCOP embedded security software, Accesed on:2009-04-28

*** (2007) http://www.smartcardalliance.org/pages/ publications-smart-cards-in-healthcare--Smart Cards in

U.S. Healthcare: Benefits for Patients, Providers and Payers, Accesed on:2009-04-28
联系我们|关于我们|网站声明
国家哲学社会科学文献中心版权所有