Seven years after President Clinton touted smart cards as the linchpin for storing patient medical data as part of a universal healthcare system, use of the technology is inching forward. Yet some wonder whether the time for the cards has passed.
A smart card, which is the size of a credit card, has an embedded computer chip that can store information, process information or serve as a key to an online database or network. Use of smart cards involves readers that must either contact or pass within a few inches of the reader.
"Smart cards still are not a mainstream technology," says John Carpenter, who manages healthcare applications for Microsoft Corp.
Humana, based in Louisville, Ky., has proposed use of smart cards in conjunction with development of a Web-based medical information system.
Humana officials had announced plans to test limited use of smart cards for patient identification in Cincinnati by the end of 2000, but spokesperson Dick Brown said in December that the test may not come until mid-2001.
"We want to be sure that we have the right kind of process," Brown said.
Humana/ChoiceCare, a Cincinnati-based subsidiary of Humana, announced in October that its more than 300,000 enrollees now have access to personal account information on the Web. But Humana/ChoiceCare spokesperson Jose Marques and Brown say the pilot program in Cincinnati does not involve use of smart cards.
"That's a separate thing," Marques says.
Questions about smart card technology not only deal with whether the Internet already has replaced the need for smart cards but also whether use of smart cards may undermine the privacy of medical records.
Representatives of the nation's three largest smart card companies, GemPlus, Oberthur Card Systems and Schlumberger, indicate that their companies have only limited involvement with health and medical applications for smart cards in the United States.
"A lot of little pilot projects have been generated," says Michael Cariou, director of business development for Oberthur in Rancho Dominguez, Calif.
"Interoperability," or the need for standardized equipment and data transfer, has been a major hurdle to development of healthcare applications for smart card systems, industry and government officials say.
Since data stored on a microchip on the smart card requires a reader to access the data, a reader in one health provider's office may not read the smart card from another health provider.
Cariou says national healthcare systems make smart card applications more feasible because standardization of equipment is much easier.
Peter Waegemann, executive director of the Medical Records Institute, a Newton, Mass.-based company that is promoting a total shift to electronic health and medical records, contends, however, that the use of smart cards to store patient data is decreasing and should end.
"Medical record information is much better stored and accessed on secure Web sites than on smart cards," Waegemann says.
Waegemann also is chairman of the U.S. technical advisory group for the International Standards Organization working group that is trying to develop international protocols for health cards.
"The official U.S. position is that cards which carry patient information other than identification data are an obsolete technology," Waegemann says. A smart card then would provide essentially the same information that may now be available on an insurance company ID card.
An alternative is to use smart cards as access cards for Internet or other computer-network storage of medical information. The smart card includes the security codes necessary to access encrypted data, including health and medical records.
Carpenter of Microsoft says in the short-term, however, data stored on smart cards will be useful since all health providers do not have high-speed connections to the Internet.
Cariou of Oberthur also acknowledged that the use of smart cards is in transition, but he says a card's microchip can carry a certain level of information and then connect with a computer network to provide additional information.
Even though smart cards can have much as 100 times more memory than traditional magnetic strip cards such as ATM cards or credit cards, smart card microchips have limited memory and are limited in storing graphics, for example, he says.
But at least one smart card company executive is banking on the continued use of data-embedded cards.
George Massengill, who heads Knoxville, Tenn.-based Pocket Medical Records, contends that his company is taking the right approach by creating smart card community networks with compatible readers that eventually could be linked.
Medical providers are at different stages of adoption of computers, computer networks and the Internet, Massengill says. They are more likely to see the benefits of a local network that allows information transfer on the community level rather than going directly to a national network.
Massengill agrees with Carpenter that many medical providers do not now have the necessary hardware, software and Internet connections to make use of smart cards, only access cards.
"We need to build the network," he says. "We need to build the infrastructure. We believe this is a stronger, more acceptable approach."
Part of the problem is the nationally diverse nature of the healthcare industry.
"We have to accept the fact that they (medical providers) are very entrepreneurial and very independent," Massengill says.
Humana officials say the company wants to take the lead in smart card use. Humana's smart card plans are in conjunction with Microsoft and WebMD Corp.
The system would use Microsoft's Windows for Smart Cards and allow a patient to access an individual health record on the WebMD portal, a Humana representative says.
Carpenter says plans for the Humana program still are in development, but a smart card would provide Humana customers with information about their coverage and eligibility and provide them access to their medical information on WebMD.
Humana's Web site now allows its enrollees to access information related to eligibility, claims, referrals and inpatient authorizations.
"We'll have more to talk about when we get it (the smart card system) up and running," Carpenter says.
Other health insurance companies have decided not to use smart cards. Representatives of Hartford, Conn.-based AetnaUSHealthcare; Miami-based AvMed Health Plan; and Kaiser Permanente, based in Oakland, Calif., say they have no plans to use smart card systems.
Kaiser spokesperson Matthew Schiffgens says the company issues ID cards but has no plans to use a smart card system because of the question of interoperability among providers.
Kaiser already has an integrated medical records system for its participants and in case of an emergency--for example, when someone is away from home--access to the records office is available through a toll-free number on the ID card, Schiffgens says.
Schiffgens says Kaiser is studying the possibility of allowing members to access their health information through an online site.
But many of the nation's healthcare providers also are facing new federal regulations for electronic transmission of medical information and for maintaining the privacy of that information.
Although the Health Insurance Portability and Accountability Act of 1996 in its "administrative simplification" section required creation of standards for electronic transfer of health information, Congress failed to enact these standards within the required time limit. That task has fallen to HHS, which released its final rule that went into effect Oct. 16.
This rule adopts standards for eight electronic transactions and for programs to be used in those transactions. It also contains requirements concerning the use
of these standards by health plans, healthcare clearinghouses and certain healthcare providers.
The compliance deadline for health plans with annual receipts of more than $5 million is Oct. 16, 2002. Those plans with annual receipts of $5 million or less face a compliance deadline of Oct. 16, 2003.
Still pending is release of privacy requirements for these electronic-data transfers (see story on page 4). HHS officials have indicated that the regulations will establish national identification numbers for employers and healthcare providers to speed claims processing and lower costs but will not include unique personal identifiers for individual patients.
President Clinton said in August, as HHS released the proposed standards for transactions, that the standards "will be required to be implemented consistent with the privacy regulations that we will be finalizing late this year."
Smart card industry representatives, however, contend that electronic records already are more secure than paper records.
Paper records may be easily accessible, Cariou says. "Almost anyone can look at them."
The Health Privacy Project of Georgetown University in Washington, in its comments on the HIPAA standards, recommended that the privacy requirements for electronic records be extended to paper records as well.
Ari Schwartz, a policy analyst at the Center for Democracy and Technology, a Washington-based privacy advocacy group, says smart cards themselves do not raise confidentiality questions.
"It's all a matter of smart card design. It can go either way," Schwartz says. "Privacy can be strengthened by a smart card."
But Schwartz says those design decisions need to come while smart cards still are not in wide use for health applications.
"Now is the time to deal with the issue," he says.