(This article was published in the July 1999 issue Technology Decisions, a magazine for the insurance industry published by the National Underwriter Company.)
From paper to plastic to magnetic strips, the cards you carry have become more sophisticated over the years. The latest incarnation is the smart card: It looks like a credit card, but with a small gold microchip embedded in it. That chip, which includes a microprocessor, operating system, and data storage, gives the card--and the person who carries it--extraordinary capabilities. And it offers some interesting opportunities to the companies that distribute them.
The machine intelligence--the smarts--of a smart card gives users the power to encrypt sensitive information and conduct transactions securely and privately. Unlike a credit card, where having the number is important, if you don't have a user's physical smart card, you don't have his data. In short, the smart card is not only an electronic record; it is a private and personal computer.
These "fingerheld" computers have between less than a kilobyte of data storage to a whopping (considering the size) one megabyte; most contain two to eight KB. While they cannot carry digitized x-rays and other byte-guzzling records, they can hold small digitized photos for ID purposes, several pages of text, and strings of various coded references--while they may not hold diagnoses, procedures, or prescription drugs, a smart health card could store codes from the International Classification of Diseases (ICD-9), Current Procedural Terminology (CPT), and National Drug Codes. The end result is the same: Smart cards can carry lots of data.
Widely deployed in Europe and, to a lesser extent in Asia and Australia, smart cards are coming into use in North America. Companies issue them to authenticate individual users on their networks, and thus prevent hackers and competitors from accessing them. Sensitive messages are being encrypted and electronically signed with keys stored inside the microchip. Transit systems in the District of Columbia, San Francisco, and Seattle are moving toward smart cards as fare media.
Insurance companies in the U.S. and Europe have been investigating the technology, notably in the area of medical claims and records. Although the applications to date barely scratch the surface of this powerful technology, smart cards are beginning to address issues and concerns common to health care everywhere: identity, fraud, and claims.
Smart cards originated in France, and therefore the French government and industry have been enthusiastic proponents of the technology. Throughout the country, public phones that accept prepaid chip cards have largely displaced coin-operated phones. (Strictly speaking, these are "memory cards" because they lack the smarts of the microprocessor.) French credit cards have microchips, and some resorts sell special cards that carry electronic cash for purchases in local shops and restaurants.
A French health card, Sesam Vitale, has been issued to 36 million people in France; practitioners account for another two million cards. Patient cards carry basic identification data such as name, address, and insurance numbers, but no clinical information. The medical or dental clinic reads the card to determine the patient's eligibility for service and uses the data to generate an electronic claim.
Although French physicians, like their American counterparts, have been slow to computerize clinic operations, the government set a deadline. "If they are not filing electronic claims by 2002, doctors will pay for each paper claim they file," according to Philippe Tartavull, executive vice president of Oberthur Smart Cards U.S.A., the American subsidiary of the French Oberthur Corporation.
In Germany, over 70 million chip cards have been issued; the principal objectives of the program are to reduce fraud and lower administrative costs. These memory cards contain only administrative information, though, not medical data. But, like their French counterparts, the Germans are considering smart cards that could carry clinical information.
"The micro card might evolve to storing electronic prescriptions or being used as a key to a central database," according to Andreas Koebe of Gemplus, the smart-card manufacturer for the German government. "But because of [concerns about] data protection and the questions regarding who pays for new readers, software, etc., no one expects to have a new card before 2005."
The situation in America is more dire. Only 13 thousand smart card readers are currently in use in this country as opposed to over 5 million credit card readers. In today's market, each reader costs approximately $100, roughly the same amount as the credit card verification machines at most retail establishments. As the technology becomes more familiar, this price is likely to drop. However, this cost does not include the price of the physical card (which can range from $.80 to $15) or the software necessary to interface with whatever medical system the office is using. In fact, tying into the existing legacy system has proven to be the most expensive factor in implementation.
On this side of the Atlantic, a patient carrying the card may have privacy concerns. Once the data are recorded into a microchip, there are obviously ways of hacking into that information. Considering that American computer users have shown an aversion to even the most basic identifiers--Intel recently had to remove its unique identification number from the Pentium III chip due to protests over privacy considerations--they are likely to shy away from a pocket computer that contains their most private information. (That could include social security number, date of birth, personal chronic illnesses, and medications taken on a regular basis.) Narrowing the information carried on the card to current medical conditions could bypass some privacy concerns.
To reduce some worries on this front, smart cards are designed to be copy proof. Each card carries a unique internal serial number. If the data from one card were copied into another card, the mismatched serial numbers would render it inoperable. That means the data are married to the physical card, and the cardholder can absolutely control what is done with both just by keeping the card in her possession. No one can generate phony purchases with just a card number, as is often the case with credit cards today. The uniqueness of the card also allows insurance companies and banks to audit how the card is used. If a person reports a card as lost or stolen, the application sponsor can issue a command to all terminals to "switch off" the card to prevent further misuse. Only the sponsor has the power to switch it back on. This level of security will be necessary to prevent theft and the illegal procurement of prescription drugs.
Humetrix's Dr. Bettina Experton will testify before the National Committee for Vital and Health Statistics on the role of smart cards. Her firm is in the midst of a pilot smart card program on the West Coast that will eventually impact several million consumers. "I see broader applications for smart cards in the U.S. Our design puts the consumer at the center of the application through the use of a powerful combination: the smart card and the Internet. That's not the case in Europe," she said.
Indianapolis-based RealMed has developed a system that uses smart cards to help process and settle routine medical claims. Objective: Eliminate the paper tangle and the mystery over who pays what.
"Health care is different from other services," said Daniel B. Perrin, RealMed's vice president of public affairs. "Patients don't know how much the service will cost or how much will be covered by their health plan."
Working with the Sagamore Health Network of Carmel, Ind., RealMed ran a pilot program last year to determine the impact of clean patient data on medical claims. Patients carried smart cards containing basic identification data, including the group and individual ID numbers required by their health plan. A card reader attached to the clinic's computer transmitted the data to the insurance carrier to verify coverage and process the claim.
"Our [pilot] system could process about 85 percent of the claims," Perrin told Technology Decisions. "Of that number, about 80 percent could be resolved on the spot. The vast majority were low-value claims."
So, in most instances, patients not only knew that their claim had been accepted, they received a printed explanation of benefits from the physician's computer detailing the insurance company's payment and the patient's co-pay responsibility.
RealMed's system can also handle differences among payers, Perrin explained. "[Insurers] can set dollar limits on the claims they want to process, or limit the processing to claims for certain HMOs (health maintenance organizations), PPOs (preferred provider organizations), or managed care companies. We have 30 to 35 individual adjudication switches in our system that the carriers can determine. We have one client who wants all claims under $250 resolved electronically."
Sagamore played a critical role in the pilot. A provider network encompassing 9000 physicians and 180 hospitals, mostly in Indiana, Sagamore has agreements with 250 carriers covering the pricing of specific services. Sagamore re-prices the claim according to its agreement with the particular health plan and transmits it to that carrier for adjudication.
Although complicated or costly claims are not so swiftly adjudicated, "you've got to walk before you can run," said Julie Beckner, vice president and chief information officer for Sagamore. "And this is a good place to start--by eliminating the 'administravia'."
"The interest has been phenomenal," she said. "We started by trying to bring the larger carriers into the program, but I had smaller carriers literally begging to be part of the pilot. Providers have also been calling me." Although the smart card is the visible part of the system, Real Med makes limited use of the technology. "The card is important only for 'pinging' the system," Beckner said. It simply verifies that the patient is covered. "Once we have clean data on the patient, we don't need the card."
Perrin agreed with Beckner's observation but pointed out that providers will be able to get more out of the smart cards as manufacturers begin building readers into PCs as standard equipment. "We're looking ahead," he said, "to a system of multifunctional card-based applications as smart card infrastructure is deployed more widely."
But that day is not today. The same types of issues that came to light with "thick-client" systems in the client-server arena also apply to these cards. If the data (or the data formats) are changed, the distributor has to reissue the cards and make changes to the physicians' and hospitals' computers. Coordination between all parties would be required to accomplish any new release. Of course, data must be verified for accuracy, loaded on to the cards, and then the cards distributed to the patients. In the test cases, one of the timeliest but most essential components was the review of the patient data.
In addition, only one in twenty doctors currently has his patient data stored in an electronic format. In many cases, the doctor selects the software but never uses it (or is simply not a software expert), so the system might not be easily compatible with newer technology and software. And, although the International Standards Organization established ISO 7816 for integrated circuit cards with electrical contacts (i.e., microprocessor-based smart cards), no standards have been set for medical-office software regarding external interfaces. Yet the card-reading hardware, the associated software to process the swiped card, and the medical system must communicate seamlessly to make smart cards function.
As most doctors still prefer pens to Palm Pilots, this could mean a duplication of efforts: The patient information must first be transferred from the physical file to the office computer system and then uploaded to the smart card. All of this takes time and additional keystrokes--premium resources in a doctor's office.
Minneapolis-based MedAssure, a member of the DataCard Group, wants to put smart cards to work in the clinic. In pilot programs with the Veterans' Administration and several private hospitals, the Minnesota-based company has been translating clinical data into bits and bytes in the microchip of a smart card.
Ravi Sharma, president of MedAssure, described how his firm is shaping the technology to meet medical as well as administrative needs: "In Europe, most of the applications have been to simplify claims processing. There you have government as the big payer, and they can force providers to comply. In this country, the problem with smart cards and health care is that the interface with the physician is lacking. Doctors don't have the time to spend in front of a computer, and we don't have a more efficient interface than paper. It should not add to the tasks the provider is already performing. Anything that adds to the work of the physicians will not succeed.
"People may go to several locations to receive care. With HIS [hospital information systems] and CIS [clinical information systems], you have the patient's data in the institution, but that data is effectively lost when the patient leaves the setting. If I'm a patient, I want to have vital clinical information with me, and I want the clinician to update it." This mobility means dialysis patients, once confined to their primary clinic for treatment, may now travel with the confidence that their records are portable and readable.
Sharma highlighted other benefits to the card. "Insurance companies send out millions of paper and plastic cards with no direct way to update them. There is also a tremendous benefit in being able to simplify and automate eligibility information and co-payment information on the spot. Today, a clinic's office staff photocopies your insurance card and calls an 800 number to verify coverage. One swipe of a card connected to an insurer's computer system can provide assurance that the patient is eligible for treatment, the amount of the associated CO-pay, and any restrictions in the payment of fees. People are changing plans because their employers do. There's a lot of competition, and that sort of changing is likely to become more common. The smart card will never store all medical information. We're focusing on what is vital in the clinical setting. We want to keep specific conditions and a progressive record of the treatment the patient receives. So, we may retain the last 10 to 20 encounters on the card. The full medical profile will be elsewhere."
Jim Lout, president of Oklahoma City's Precis Smart Cards, ran a successful health care pilot but found no market for the full-scale application. "The biggest problem is infrastructure," he said. "I don't mean smart cards and readers. Those are available and relatively inexpensive. I mean the systems used by physicians, which are diverse and poorly maintained. In most offices, the doctor purchases the practice management system, but many never touch the mouse. Very few doctors have electronic records. They don't like electronic records; they like folders."
In order to effectively use a smart card, the doctor must have an active records computer system and obtain access to a card reader. The reader must be able to communicate with the computer system, which hopefully was designed with an open architecture (the ability to interface with outside media and databases). Most newer medical office systems have this capability, but older configurations and proprietary databases are typically closed loops which makes integration with a smart card difficult. The tie-in to the medical computer system from the keyboard reader is typically the most expensive, time-consuming, and complicated task in establishing a reader. Smart-card standards simplify the use of application interfaces so that only one need be created to read all the disparate insurance cards. This infrastructure can allow for the reader to interact with the medical records system to assist the doctor in all phases of the diagnosis and treatment.
Lout hoped to automate prescriptions using smart cards but ran into an infrastructure problem of a different sort. A large pharmaceutical manufacturer, he said, "was giving away PCs to the pharmacies to make it easy for them to order drugs online. But when they updated the system each quarter, they'd disable the card management software we'd installed for the pharmacist."
Even with these difficulties, Microsoft is developing a smart-card platform for its Windows operating systems. Sun is licensing its Java technology, giving developers the flexibility to use Java smart cards from several manufacturers. With this kind of industry buy-in, PC vendors are beginning to offer low-cost smart-card-capable read/write devices.
Each card manufacturer has its own proprietary commands to operate the cards, but most developers prefer the flexibility of an application programming interface (API). With an API, programmers can use familiar languages, such as Visual Basic, Java, and C++, to develop applications that translate program commands into executable code for the smart card. Application developers control who can read the card and who can write to it. The sorts of privileges and protection assigned to individual fields in a relational database like Oracle or Informix can be replicated with the data elements of the smart card. Indeed, the smart card can operate as an extension of a relational database.
Like Sharma at DataCard, Lout believes those who pay for health care hold the key to the deployment of smart cards. "The business case for smart cards in health care is based on the insurance companies. There's something in it for patients and providers, but the carriers have the most at stake in terms of dollars. If you can get the insurance companies to drive it, providers and patients will participate."
A physician or HMO is theoretically responsible for the patient's record. In reality, medical documentation tends to be scattered across multiple media and locations: digitized records on insurer computers, disks or tapes at hospitals, patient folders in clinics, prescription files at pharmacies.
Our mobility compounds the fracture. About one in five Americans move each year; people change jobs and employers juggle health plan options trying to balance costs with coverage. Recognizing this fragmentation, the Institute of Medicine of the National Academy of Sciences issued a landmark study advocating computer-based patient records. That report came out in 1991.
The result? Eight years later, according to the Medical Records Institute, 95 percent of all medical records in the U.S. remain on paper.
In addition to technical and institutional challenges, people are concerned about privacy. They fear medical records could be used against them--by prospective employers looking to reject people with chronic conditions, by insurance firms trying to avoid the cost of treating existing illnesses, and by people unknown who might use sensitive information to embarrass or even blackmail them.
Smart cards can help deal with all these issues. No one can read what's on your card until you take it from your wallet or purse and give it to someone with authorized hardware and software. By comparison, you lack all control over the records held by clinics, hospitals, and insurance companies. In short, smart cards are among the few electronic devices designed to protect your privacy.
Smart cards today follow national and international standards. The right smart card will interact reliably with a wide range of systems. Smart cards can operate both over the Internet to verify eligibility from a carrier's database and locally in a doctor's office as clinicians read and update patient data and clerks prepare electronic claims for submission.
And those electronic claims create immediate benefits for carriers and physicians. An even bigger payoff could result from preventive activities made possible by smart cards:
Smart cards have proven they can provide clean data for eligibility and claims processing. The ideal smart card, however, would be nothing less than a clinical adjunct that can prevent the sort of errors that arise when one practitioner does not know what others have been doing. In the long run, the data carried by smart health cards will not only prevent illness and save lives; they will save billions of dollars.
—end of sidebar—
Return to Main Page
Return to top of Articles Page
Contact me at: pjsmart@aol.com