The potential use of health smartcards in South Africa has once again been brought to our attention by the National Health Normative Standards Framework (HNSF) for Interoperability in eHealth.
Health smartcards aren’t a new concept in South Africa. The National Department of Health (NDoH) piloted health smartcards in Gauteng; however in late 2012 it was reported by Sowetan Live that the pilot was discontinued resulting in R136 million being wasted. According to NDoH spokesman, Simon Zwane, the failure was due to “affordability and cost” issues, which resulted in the project being cancelled. Zwane added that the decision was taken because “the department was overspending and took a view that we needed to control spending”.
The idea of smartcards was revisited again late last year when Datacard Group announced the Government Printing Works in South Africa will be utilising the Datacard MX series card issuance and delivery systems for its new smart ID card programme. The smart ID cards are intended to replace the current green barcoded ID booklets.
In the report, the HNSF briefly describes health smartcards and the standards that would need to be developed, and indicates such technology being a plausible solution for capturing and sharing patient data in South Africa.
A patient health smartcard is a form of a Personal Health Record (PHR) that remains in the possession of the patient; the information is not kept in a shared Electronic Health Record (EHR).
Health smartcard technology is intended to enable healthcare organisations to streamline operations and reduce costs by issuing a single, secure, multi-purpose credential that can be used for identity and payment. Health smartcards are also intended to act as a secure carrier for portable Electronic Medical Records (EMRs) and to provide secure access to emergency medical information.
Health smartcards can technically work in two ways; they can provide access to cloud-based health information systems or have memory capacity to store pages of data. However, large data files such as lab reports or diagnostic images cannot be stored on the card, which can instead be stored on a central server and be accessed by the card. Since the card authenticates the patient’s identity and carries additional medical and demographic data, it can be used as a key for authorised healthcare providers to unlock and access additional data.
If the decision is made by the Government to make use of health smartcards instead of a shared national EHR to store a patient’s medical records, then specific security questions need to be addressed. How smart is if for people to carry their health smartcards containing their medical data when there’s the risk of their patient security and privacy being jeopardised?
Unauthorised access to sensitive personal healthcare information is a critical concern. In South Africa it’s highly likely that health smartcards will get lost or stolen and used in fraudulent activity, making the concern even more real. With the rise of hackers there’s a risk of identity theft, enabling individuals to pose as someone else to defraud medical aid and reimbursement schemes and to get prescription drugs that they’re not entitled to. Once the crime has been committed, then the hackers can change the data and use the card for further unlawful activity.
However, according to the Smart Card Alliance, there are multiple security features that enable health smartcards to protect patient information. The primary line of defence is the use of authentication methods that protect against unauthorised access to data stored on the card, such as a personal identification number (PIN). Health smartcards can also be programmed to allow only authorised doctors, hospitals and medical staff to access all or part of the patient’s information.
eHealthNews will continue to follow and report on any health smartcard developments.