1 729 The suggested system for health insurance Application based on Smart Cards M. El-Sayed Wahed 1 and Esam M. El Gohary 2 1 Faculty of Computers and information, Suez Canal University, Egypt 2 Faculty of Computer and Information Systems, Mansoura University Mansoura, Egypt Abstract This paper concentrates on designing a system for Health insurance using smart card technology.the system is called HISS (Health insurance system using smart card).as we will see the system is web based application based on central database,uses smart card for two reasons first, as a data carrier for patient and professionals. Second reason is for authentication purposes. There are some figures that describe system architecture and processes then each component well be explained. 1. Healthcare & Medical Service in [URL 1] Egypt The Egyptian Government, through the Ministry of Health and Population, gives high priority to the provision of public health services. It has made substantive progress in improving the health status of its constantly increasing population (more than 70 million & is estimated to reach 100 million by year 2020). In 2001/2 the government expenditure on healthcare was LE 3.64 billion & investment was LE 2.12 billion. Past and ongoing Public Health sector improvement projects either financed locally or by donors, have generally focused either on specific narrow sector issues and/or on targeted population groups. These have not been sufficient to face increased financial pressures resulting from the growing disease burden, population growth, and new and costly medical technologies. They also failed to sustain initial improvement in health conditions and needed to be complemented by fundamental changes in policies. It is generally considered that centralized and fragmented management and combined financing and provision have also led to inefficient use of resources. Consequently, the need for reform existed to increase accountability, transparency and efficiency by clarifying roles, separating finance from provision, and developing needed technical capacities. Public Health Sector being restructured to improve the health service and to provide all Egyptians with effective 'health security'. A pilot reform programmed has been launched Problems in HIO (Health insurance Organization): HIO (Health insurance Organization) is the biggest organization that provide healthcare in Egypt.HIO serves about 25 million insured persons, it has many branches all over Egypt. Although HIO has a hierarchal structure and considered organized more than any healthcare authority, it has some problems affects service quality to insured persons and wastes lot resources, problems such as: Poor IT infrastructure
2 730 Wasted time and money for professionals and patients Bad inventory management Limited primary health care services. Absence of real recognition of infection control procedures and protocols. Most of the equipment in Public hospitals is obsolete or under-maintained. Centralized management of the Public healthcare sector. Public healthcare sector management is fragmented as public hospitals belong to the Ministry of Health, Ministry of Higher Education or military, as well as by some public companies to serve their employees. State-employed doctors and nurses suffer from difficult working conditions, low pay and lack of oversight to enforce performance standards. The private sector has developed during the last two decades & achieved some regional recognition. It continues to grow, and is targeting high worth Egyptians and attracting international visitors. 2. Proposed System architecture Figure 1 illustrates an overview of a typical integrated information system to manage health insurance over multiple hospitals and medical centers. internet internet Figure 1: A common model of interoperable architecture of a web-smart-card-based information system The proposed system is typically a web-based system as it connects all HIO locations with internet connection.the proposed system enable users to access the system from internet browsers. Each Location has a local database which replicates to the central database. At this point we have to notice that all subsystems work on the same central database located on the server farm. Also, all subsystems are integrated with each other to perform the functionality of the whole system. It is important to point that using smartcard, web
3 731 based connection which considered a client server architecture and database replication increase the proposed system reliability and availability. The system consists of the following subsystems: Patient Information and Case History Subsystem. Human Resources Subsystem. Document Flow Subsystem. Inventory Control Subsystem. Administration subsystem. Security subsystem Proposed System Objectives The proposed System has several objectives such as: Increase the quality of medical services to the insured and simplify the procedures involved. Improve communication between the HIO, healthcare users and healthcare providers. Improve data security and confidentiality. Reduce administrative tasks for the insured, healthcare providers, health insurance companies, employers, and the HIO. Increase operating efficiency within the HIO and the healthcare providers. Make the investment at a national level as cost-beneficial as possible.
4 Level zero data flow diagram Figure 2 shows the major subsystems that are considered the components of the system.the figure demonstrates the main data flows between subsystems. Each subsystem details will be explained in the following subsections:
5 733 A. Patient Information and Case History Subsystem. The responsibility of this subsystem is to manage and handle all information related to patient either personal or medical data. It creates a whole isolated profile for each patient includes all related data. As proposed; patient profile consists of patient personal data and the history of all visits and medical reports of the patient occurred in all hospitals of health insurance system..this subsystem uses HIC (health insured person card) and using some features they can increase service quality, independence and autonomy in confirming administrative data. Patient can register electronically at any HIO health care facility in a manner that is fast, user friendly and reliable. Detailed features are: 1- Reading and writing personal data can be done based on HIC see example for HIC figure (3). 2- Adding, browsing and search personal data of patient. 3- Adding new patient personal data creates and initiating a new patient profile. 4- Entering basic medical information of patient like weight, height, allergies any previous surgeries. 5- Adding new page for each visit includes symptoms, diagnosis, treatment and any required investigations or scans. 6- All fields in the case history module are auto-complete fields which assists doctor for fast data entry. 7- Every recorded visit for patient preserves the user name of its doctor and can t be edited by anyone rather than the doctor who created it and system admin according to security rules. 8- Attaching files (Electronic files or scanned reports) to patient s medical profile so HIC can save only URL to these attached files to save storage area on HIC smart card. The card will store pointers (URL addresses) linking the card to the storage of x-rays, lab results and health records located in the databases of organizations where the services were performed. 9- Fast print of prescription details including medicines, dosage, times, required investigations or scans and also logo of the center and doctor name which all are configurable to print or not. 10- Ability to print a report of the whole visit. 11- Ability to print a report of the whole case history of the patient which may include also the case history of his/her couple. 12- View Case History of couples into coupled view, which make it very easier to review progress over both at once. 13- Getting over the problems of managing same case between many doctors as the system gives abilities to all doctors to see notes of other doctors on the case. 14- This subsystem can Decrease the amount of time taken to perform patient registration and Decrease the number of recording errors in medical records.
6 734 Patient data cards A patient data card is a mobile data vehicle for the patient, storing up-todate specialist health information on the patient and enabling differentiated read and write access authorization. Figure 3: Example for Patient card B. Human Resource subsystem HR subsystem is responsible for managing employees data, attendance and payrolls integrating with Financials subsystem to generate financial transactions of payrolls. It perform the following tasks: 1- Managing HPC (Health Professional Card) or (Health Physicians Card) allows to Enter, browse, read and write employee personal and work data. See example for HPC figure (4). 2- Supporting entering attendance times of employees using HPC smart cards. Health professional cards 3- Supporting loans and scheduling loans payments back. 4- Supporting insurance and other salary items. 5- Handling different weekend days for each employee and different work shifts. 6- Generating monthly salary report according to gathered data. 7- Reporting wizard for employee attendance. 8- Integration with Financial module to generate financial transactions. Health professional cards are for doctors at hospitals, in practices and in ambulances as well as for pharmacists. Authorization cards granting the health professionals individual read and/or write access rights for defined data fields on the patient data card. Only the emergency data may be read without the patient's additional permission. Figure.4: Example for professional card C. Document Flow Subsystem This module is responsible for storing management documents and managing moving it forward and backward through the system. It keeps a history for each document about creation date, all processes applied to it and user who applied each process. This module work as EDI technique (Electronic Data Interchange) it helps in the following processes: 1- Adding and browsing documents. 2- Attaching document either in an electronic format (Word document, excel file ) or by scanning paper document. 3- Applying customized security levels by the creator of the document. 4- Attaching notes and related data (ex. Document type, Department, Source, Distinction ) to document.
7 Sending single document or group of related documents to another user on the system. 6- Simple and advanced search for reports and documents. This subsystem increase in productivity among staff due to less time dealing with paperwork. E-prescription offers high savings potential To keep patient documents two alternatives for transfer of the electronic prescription data to pharmacies and insurers are currently under discussion. Both are equally feasible from the technical point of view. In the card-based solution, the electronic prescription is saved directly to the patient's card after the doctor has used his health professional card to authenticate himself and has signed the prescription with his digital signature. At the pharmacy, the electronic prescription is read with the aid of a card reader and the pharmacist's HPC. When the medicine has been dispensed, the prescription is deleted from the health card and stored on the pharmacist's computer. In the server-based data transfer system, the signed and encrypted electronic prescription is transferred to a server via a protected connection. Using his HPC, the doctor writes a "ticket", generated by the server, to the patient's health card. This ticket and the pharmacist's HPC allow the prescription to be retrieved from the server, after which the drug can be dispensed. The e- prescription is then deleted from the server and stored locally at the pharmacy. At regular intervals, all e-prescriptions stored at the pharmacy are sent to the central clearing points serving the pharmacy sector. As under the present system, these clearing centers settle accounts with the health insurance organizations. According to a study carried out by Debold&Lux, introduction of the e- prescription alone will allow the German health service to save up to EUR 250 million a year. Besides the cost savings achievable through fast data transfer, the e-prescription also offers a range of benefits for patients. The medication record stored optionally and only with the patient's consent - on the card will let the pharmacist check for possible interaction between the prescribed drugs and any nonprescription medicines the customer may also be taking, or wish to take. The quality of the advice given in the pharmacy thus improves especially for older people, who are not always able to remember what drugs they may be taking. Also, the registration of co-payment exemptions on the card will optimize the dispensing process. And the e- prescription, not being hand-written, is always legible no more need to refer back to the doctor. D. Financial Subsystem Financial subsystem integrates with other modules in the system in order to manage all financial transactions. That s beside managing purchases and journals. 1- Enter, edit and search purchasing bills which automatically generates its financial transactions. 2- Handling suppliers accounts and payments out operations to suppliers. 3- Generating supplier s balance reports. 4- Integrates with Appointments Module to generate financial transactions of patient payments.
8 Integrates with Scan Center Module to generate financial transactions of patient payments. 6- Ability to enter petty expenses and generating its financial transactions automatically. 7- Ability to enter manual journals. 8- Report wizard of purchases in which purchases can be reported by period, supplier, item or category of items and also grouped by date, supplier or item category. 9- Generating final financial reports such as Income Statement report and balance sheet anytime of the year. E. Inventory Subsystem Inventory subsystem is responsible of all inventory transactions and reporting inventory amounts and transactions. 1- Enter, browse and search items of inventory. 2- Supporting multi-inventory system. 3- Ability to enter items into hierarchical tree of categories with unlimited levels. 4- Entering documents of importing items automatically generates its related inventory transactions. 5- Entering documents of exporting items to use automatically generates its related inventory transactions. 6- Alerting user when critical items amounts get to reorder level. 7- Reporting wizard of inventory transactions and inventory amounts within period of time grouped by item, date or category of items. 8- Report of items which reached reorder level. F. Administration & Security subsystem This subsystem gives the main tool of system administrator to manage the system and central database. It also gives him the ability to create different security levels and assign them to system users. This subsystem can do the following: 1- Creating main schedule of database backup creation. 2- Restoring database backups on any problem. 3- Creating defined security levels of the system. 4- Create, suspend system users and assign them security levels. This subsystem also is responsible for insuring that data transfer is secure.it supports system in interacting with SSL protocol that make proposed system save.
9 Inside one Location Internet Figure 5: Subsystem in one location (single site) and central servers. Front-End server is also Having a deeper look inside one location responsible for synchronizing local database (hospital) to illustrate system deployment and with the central database especially in cases of business work flow, each location has three internet connection failure. servers In such case, the Front-End server start to A. PIS Server compare time stamp of rows in local database The Patient information server (PIS) is where a with the time of last batch sent to the central local database is located. It is a database server. Rows which have time stamp later than dedicated to store patient profiles locally last batch time are queued for batching to the before batching them to the main server. central server as soon as internet connection is B. VHI Server back. The visual health information server (VHI) is where a local VHI database is located. It is a database dedicated to store high resolution health images. C. Front-End Server The server is responsible for sending/querying data to and from the central server. It represents the interface between local world 2.4. DFD for case history subsystem It may also called (patient information subsystem), Figure (6) illustrate Level 1 data flow diagram for patient information subsystem.the figure demonstrates the main data flows between processes.
10 ERD for case history subsystem Figure(7) show main entities in case history subsystem and relations between them.
11 739 Figure.6: DFD level 1 for process 2 PIS
12 740 Figure. 7: ERD for PIS
13 Data Flow and synchronization of card data The confirmation of health insurance and updating of other data is carried out through the network, which links the self-service terminals to the central compulsory and voluntary health insurance databases. The current data are downloaded to the card memory. When presenting the card at the doctor's, the insured person thus transfers current data to the health care and health insurance officers, holders of the health professional The health care worker inserts his/her health professional card into a special purpose device, a card reader, and logs in with his/her personal password. When the patient enters the doctor's office, his card is inserted in the second slot of the same reader. The card reader enables the health professional card holder to read and modify card data in his/her competencies. The data are displayed on the local computer screen and, as required, saved in the local databases. The system grantee that if there is no internet connection between local site and central database, data will be saved in local site and when connection established automatic update will be made. 3. Components of a Smart Card System (1) The configuration of the smart card platform will vary substantially from project to project Figure 8: Online and offline data updating depending upon the card management approach, card personalization and issuance procedures, card capabilities and applications, and technical environment selected by the project. However, the following components will typically comprise a smart identification card platform see fig. (9)
14 742 Figure 9: Card platform 3.1. Data Types on the Patient Data capability to implement multiple Card The administrative part of the information is stored on the card by the health-insurance funds. The medical data is voluntary and is inserted on the card by health professionals or the patient. authentication technologies such as PKI and biometrics. They also have a certain amount of storage capability. Smart cards are generally used for both physical and logical access, and are available with both contact and contactless interfaces. Constant Data : Constant data comprises administrative data such as insurance and address data as well as emergency information. It may, for example, also include information on chronic illnesses or organ-donor information. Central Card Management System. The central card management system should function as the core of the smart card system, and as such, requires connectivity and interfaces with all other system components. It houses the central Transfer Data : Transfer data refers to cardholder database that supports the information such as electronic capture, storage, retrieval, retention, prescriptions, referrals and admission integrity, and management of data requests. necessary for the Life Cycle Management Dynamic Data : Dynamic data is the data (LCM) of smart cards. LCM includes: which is modified in the course of the pre-issuance, issuance, status, patient's life, e.g. the medication, replacement, renewal, post-issuance treatment and health history. Depending on the scope of the data or the system capabilities and audit of smart cards for each agency. architecture preferred, the card can be used as data carrier or as a pointer to data and as an access key. Smart Card Equipment and Software. Smart card equipment and software includes the computers, peripherals, and Cards : Smart cards contain an ICC that software needed to capture the provides computational power similar to information used to enroll a cardholder, that of a PC. Smart cards have the personalize the card, load the card with
15 743 any necessary PKI certificates, issue the card to the cardholder, and perform postissuance capabilities such as PIN reset and certificate updates on the card. Card issuance equipment typically includes: Enrollment Workstation. The enrollment workstation is used to capture enrollment information and route it to the central card management system and to the equipment actually personalizing and issuing the cards (if not the enrollment workstation itself). At agency discretion, attachments to the enrollment workstation may include a digital video camera to capture the cardholder s digitized photo, a digitized signature capture device, a biometric capture device (most commonly a fingerprint capture device but could include a wide variety of biometric capture devices), and a key pad used for generating a user s PIN. Depending on the procedures for capturing demographic data (e.g., through manual entry or legacy system upload), the enrollment workstation may be used to collect demographic data for card personalization. In some implementations, the biometric data and/or public keys captured through the enrollment workstation could be directly routed to the certificate/attribute authority workstation as part of a certificate request. Key Generation Workstation. Although key pairs generally will be generated by a cryptoprocessor on the smart card, some agencies may choose to use a separate workstation to generate keys (i.e., using software-generated keys rather than tokengenerated keys). Once keys have been generated, they are securely transmitted (using mutual authentication protocols and encryption (symmetric or asymmetric)) and loaded onto the card at the point of card personalization and issuance. Card Personalization System. The card personalization system is used to personalize the card with data, photos, key pairs (if not generated on the card itself), and digital or attribute (i.e., biometric) certificates. Attached to the card personalization workstation is a card reader that is used to load information to the chip on the card and a card printer that is used to print information and photos on the face of the card. In some scenarios, the card personalization workstation and enrollment workstation may be the same device, depending on whether a centralized (i.e., bulk personalization) or decentralized (i.e., on-site issuance) process is used for card personalization and issuance. Registration Authority System. In some scenarios, if an agency has a designated registration authority, a separate workstation may be used to read public keys from the card (or verify biometric data), document identity proofing, and generate a digital certificate (or attribute certificate) request. In turn, the registration authority system may receive signed certificates from the certificate authority (or attribute authority) and place them on the card. The registration authority workstation could be the same as the enrollment workstation and the card personalization system in an on-site card issuance location. Certificate/Attribute Authority System. The certificate and/or attribute authority
16 744 system is a trusted computer system that receives certificate requests (that would contain public keys and data or a biometric template) from the entity acting as a registration authority, and, in turn, signs and issues certificates that are returned to the registration authority (or enrollment workstation/card personalization system) for loading onto cards. The certificate or attribute authorities typically will maintain their own repositories (i.e., Lightweight Directory Access Protocol (LDAP) servers) that are used to publish certificates. Card Reader. A card reader is used to communicate with the smart card during a transaction. It is the interface between the card and the host system. Card readers provide power and timing to the ICC and can operate with either contact or contactless interfaces. Applications. Smart cards used to implement physical and logical access control applications, as well as other applications that are components of an agency s card system. Depending on the card management approach, these applications may communicate with the central card management platform to upload back-up transactions and/or to download hot lists. Interfaces to Legacy Databases. Many agencies will choose to personalize their smart cards with data from existing legacy systems. Thus, important components of the platform architecture are the interfaces from legacy systems to the central cardholder database or to the card issuance workstation Smart card Operating System [URL2] Every smart card has an operating system. It is the hardware-specific firmware that provides basic functionality as secure access to on-card storage, authentication and encryption. Only a few cards allow writing programs that are loaded onto the smart card - just like programs on a computer. This is a great way to extend the basic functionality of the smart card OS. Some of popular operating system: COS OS The smart card's Chip Operating System (frequently referred to simply as COS; and sometimes referred to as the Mask) is a sequence of instructions, permanently embedded in the ROM of the smart card. Like the familiar PC DOS or Windows Operating System, COS instructions are not dependent on any particular application, but are frequently used by most applications. Chip Operating Systems are divided into two families: The general purpose COS which features a generic command set in which the various sequences cover most applications, and The dedicated COS with commands designed for specific applications and which can even contain the application itself. An example of a dedicated COS would be a card designed to specifically support an electronic purse application. The baseline functions of the COS which are common across all smart card products include: Management of interchanges between the card and the outside world, primarily in terms of the interchange protocol. Management of the files and data held in memory.
17 745 Access control to information and functions (for example, select file, read, write, and update data). Management of card security and the cryptographic algorithm procedures. Maintaining reliability, particularly in terms of data consistency, sequence interrupts, and recovering from an error. Management of various phases of the card's life cycle (that is, microchip fabrication, personalization, active life, and end of life). In most cases the issuer has to commit to a specific application developer, operating system and chip for each service the issuer wished to provide to its customer base. This leaves almost no flexibility to change any of these components without having to invest funds into a new software and/or hardware implementation. As a result early smart cards were costly and inflexible. But today we can clearly see a development towards open operating systems that support multiple applications. For on-card application development of programs that run inside the secure environment of the smart card chip, we highly recommend operating systems that have bigger market exposure such as JavaCard OS, MultOS and lately Windows for smart cards. Multi Application Card Operating Systems (MACOS) Until the emergence of multi-application smart cards, each software application representing a product or service on a card was written for a specific operating system, which in turn was specific to a particular hardware (chip) or silicon platform supplier. Multi-application operating systems allow the development of multiple applications that run on one card. Ideally the on-card applications can't interfere with each other and are protected by a firewall. Currently there are three major operating systems on the market Java Card is a multi-application JavaCard is a multi-application operating system for smart cards. JavaCard is an open, multi-application operating system for smart cards. Diverse parties can develop applications using their Java programming skills. The resulting applets run on the same card and they all co-reside independently. This way applications from various vendors can be combined, all separated from each other. Until the emergence of multi-application smart cards, each software application representing a product or service on a card was written for a card specific operating system, which in turn was particular to a hardware (chip) or silicon platform supplier. In most cases there wasn't even an operating system between the hardware layer and the card edge. From a card issuer perspective, an issuer had to commit to a specific application developer, operating system and chip for each service the issuer wished to provide to its customer base. The issuer had almost no flexibility to change any of these components without having to invest funds into a new software and/or hardware implementation. Early smart cards were therefore costly and inflexible. From a consumer perspective, cardholders were forced to carry a different card for each service or function they wished to benefit from. If the product or service they benefited from changed in any way, they would receive a replacement card.
18 746 JavaCard has changed the smart card proposition for both issuers and cardholders. Java cards provide increased convenience and flexibility for users while delivering savings and a wealth of opportunities for issuers across all business sectors. Application Load & Unload in JavaCard OS. JavaCard allows applications to be loaded onthe-fly. This means that a card with the JavaCard operating system on it can change features during its lifetime. For example a student who has been issued a smart card with JavaCard on it, can load applications (java applets) over the Internet. Of course this would require the correct authorization. But the interesting part is that this can happen securely over insecure networks. This way the student can change the set of available applications over the smartcard's lifetime. One day it could contain an electronic purse and a metro travel application. The next day the student will add an electronic key to get logical access the university network. This is extremely beneficial for both, the cardholder and the card issuer MULTOS MULTOS is a multi-application operating system for smart cards for highest security needs. MULTOS is the first, open, high security, multi-application operating system for smart cards (hence 'MULT-OS'). The beauty of this system is that diverse parties can develop applications that are running on the same card and they all co-reside both independently and securely. This way applications from various vendors can be combined, all securely separated from each other. The open nature of the MULTOS platform allows anyone to issue cards, write applications, implement the operating system on a specific chip, manufacture smart cards or provide value added products which support MULTOS. From a card issuer perspective, an issuer had to commit to a specific application developer, operating system and chip for each service the issuer wished to provide to its customer base. The issuer had almost no flexibility to change any of these components without having to invest funds into a new software and/or hardware implementation. Early smart cards were therefore costly and inflexible. From a consumer perspective, cardholders were forced to carry a different card for each service or function they wished to benefit from. If the product or service they benefited from changed in any way, they would receive a replacement card. As the leading high security, multi-application operating system, MULTOS has changed the smart card proposition for both issuers and cardholders. MULTOS provides increased convenience and flexibility for users while delivering savings and a wealth of opportunities for issuers across all business sectors System benefits Major system benefits may be listed as follows: Insured persons: benefits in terms of service quality, independence and autonomy in confirming administrative data; health professionals: reduced administrative and paper work, more time available for quality professional tasks, electronic transfer of data onto the existing forms, electronic
19 747 linking to different expert information systems; Employers: total elimination of the issuing and confirmation of the health care identification booklets, reduced administrative tasks; Health insurance providers: improved currency and accuracy of data, rationalized data flows, reduced administrative tasks, improved quality of services, support to analyses and timely and appropriate implementation of measures of proper fund allocation. Society: simpler and better transfer of data between the partners in the health care system, improved personal data security, transparency in the field of financial liabilities among different cooperating subjects, positive longterm national scale economic effects due to optimization of operation of the health care sector. 4. Conclusion The movement to e-government, at its heart, is changing the way people and businesses interact with government. E-Government offers a huge potential in seeking innovative way to reach the ideal of government of people, by people and for people. Although there are a number of applications that can benefit from smart card technology, the main driving force for using smart cards in medical science has been identifying the patient and critical information about the patient such as allergies, the medication that the patient is on, blood type and other information that can help doctors and other medical personnel apply proper care to the patient without suffering long delays. The portability and security provided by smart cards make them appealing to health organizations. When coupled with secure web sites holding detailed data about the history of a patient, medical smart cards seem to be the smart choice for solving our hard-rooted problems. Now after designing smartcard-web-based system it is recommended to apply it for HIO in order to: first, to overcome its problems, second to make this sector as a part of Egyptian e-government, third for the following: Decrease in the amount of time taken to perform patient registration. Decrease in the amount of time taken to access a patient s medical records. Decrease in the number of recording errors in medical records. Increase in productivity among staff due to less time dealing with paperwork. Decrease in the amount of time that patients have to wait for service. Increase in successful life saving medical encounters due to the availability of emergency data. Using web-based system and smartcard technology achieve reliability and availability The new system discussed in the paper is cost efficient improvement in patient care because it:
20 748 a. Provides pertinent patient information for emergency use that: Gives patient demographics. Describes the patient s current medical condition(s). Lists the patient s current medications. Alerts health care professionals to allergies and other need to know conditions. Enables effective contact with the patient s primary physician. artcard_operatingsystems.aspx seen jan-2012 last b. Allows the patient to quickly and securely access medical records in the patient s primary database, using a web site on the Internet. c. Information being updated to HIIS, can also be updated to the patient s smart card concurrently, or added to a patient s smart card at another time. Also Security architectures proposed using SSL protocols and user authentication within the system allow for increased patient medical data confidentiality by providing access only to entitled professionals. Providing better, faster, and secure access to patient clinical information, smart cards sit at the heart of the qualitative evolution of medicine. References 1- Bill Holcombe,GOVERNMENT SMART CARD HANDBOOK,Office of Governmentwide Policy,February [URL 1] last seen june [URL 2]
Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public
Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009 EXECUTIVE OVERVIEW Enterprises these days generally have Microsoft Windows desktop users accessing diverse enterprise applications
Smart Cards for Future Healthcare Systems Secure, efficient, reliable Card-based e-health networks: cutting costs and improving care All around the world, newspaper headlines warn about the exploding costs
Easy Data Centralization with Webster User Guide CONTENTS 3-4 1 Introducing Webster Webster - An Introduction 5-14 2 Installing & Configuring Webster Installing the System Configuring Webster 15-18 3 Managing
HSPD-12 Implementation Architecture Working Group Concept Overview Version 1.0 March 17, 2006 Table of Contents 1 PIV Lifecycle... 3 2 High Level Component Interaction Diagram... 4 3 PIV Infrastructure
Table of Contents 1 Integration with an Oncology EMR and an External Billing System 3 2 Automated Patient Portal 4 3 Client Scheduling 5 4 Client Server based EMR 6 Version 0.0 Page 2 of 8 1 INTEGRATION
DigitalPersona Pro Enterprise Version 5.3 Frequently Asked Questions 2012 DigitalPersona, Inc. All Rights Reserved. All intellectual property rights in the DigitalPersona software, firmware, hardware and
Smart Card Solutions - Make the Smart Choice Smart Card Business Applications Healthcare and Beyond Dmitriy Kruglyak President email@example.com 650-329-0397 October 20, 2004 Patient Safety Consumer
SOLUTIONS FOR HEALTHCARE PROFESSIONALS AND GOVERNMENTS The number of people in need of medical care in the world is continuously increasing, as evidenced by the evolving demographic outlook in both developed
GRAVITYZONE HERE Deployment Guide VLE Environment LEGAL NOTICE All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
Biometrics integration Challenges Demanding access control and identity authentication requirements drive the need for biometrics. Regulations such as Sarbanes-Oxley (SOX), Health Insurance Portability
Empress Embedded Database for Medical Systems www.empress.com Empress Software Phone: 301-220-1919 1. Introduction From patient primary care information system to medical imaging system to life-critical
Microsoft Identity Lifecycle Manager & Gemalto.NET Solutions Jan 23 rd, 2007 Microsoft ILM is a comprehensive, integrated, identity and access solution within the Microsoft system architecture. It includes
Values of Healthcare By Hanan Shahaf Health Organization Managers Our products are suitable for primary and secondary care systems, specialist and multi-disciplinary systems, hospital systems, and rural
A Nemaris Company Formal Privacy & Security Assessment For Surgimap version 2.2.6 and higher 306 East 15 th Street Suite 1R, New York, New York 10003 Application Name Surgimap Vendor Nemaris Inc. Version
Secure web transactions system TRUSTED WEB SECURITY MODEL Recently, as the generally accepted model in Internet application development, three-tier or multi-tier applications are used. Moreover, new trends
The Canadian Migration to EMV Prepared By: December 1993 Everyone But The USA Is Migrating The international schemes decided Smart Cards are the way forward Europay, MasterCard & Visa International Produced
HP IMC Firewall Manager Configuration Guide Part number: 5998-2267 Document version: 6PW102-20120420 Legal and notice information Copyright 2012 Hewlett-Packard Development Company, L.P. No part of this
Entrust Managed Services PKI Entrust Managed Services PKI Administrator Guide Document issue: 3.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust is a trademark or a registered
White Paper Enterprise File Serving 2.0 Anywhere, Any Device File Access with IT in Control Like it or not, cloud- based file sharing services have opened up a new world of mobile file access and collaborative
SUMMARY Features INTERIN Technology, a complex of software tools and techniques for building health care information systems, was developed in the Program Systems Institute, Russian Academy of Sciences.
Overview Timeline Cloud is a backup software that creates continuous real time backups of your system and data to provide your company with a scalable, reliable and secure backup solution. Storage servers
Deriving a Trusted Mobile Identity from an Existing Credential Exploring and applying real-world use cases for mobile derived credentials +1-888-690-2424 entrust.com Table of contents Approval of the mobile
U.S. DEPARTMENT OF COMMERCE UNITED STATES PATENT AND TRADEMARK OFFICE Privacy Impact Assessment Revenue Accounting and Management System (RAM) PTOC-006-00 May 13, 2015 Privacy Impact Assessment This Privacy
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
Patient Accessibility/Scheduling/Account Maintenance: Able to interact with schedule through an online portal pre register VIP status to move patient to the front of the line Access and pre registration
ORIXCLOUD BACKUP CLIENT USER MANUAL LINUX 1. Product Information Product: Orixcloud Backup Client for Linux Version: 4.1.7 1.1 System Requirements Linux (RedHat, SuSE, Debian and Debian based systems such
GMS GRAPHICAL MANAGEMENT SYSTEM 1 GMS The integrated security management system for multi-site organizations. Pacom s Graphical Management System (GMS) is the modular client-server application that integrates
Online Backup Client User Manual Linux 1. Product Information Product: Online Backup Client for Linux Version: 4.1.7 1.1 System Requirements Operating System Linux (RedHat, SuSE, Debian and Debian based
MIS5206 Week 12 Your Name Date 1. Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)? a) User from within could send a file
Version 1.0 January 2011 Xerox Phaser 3635MFP 2011 Xerox Corporation. XEROX and XEROX and Design are trademarks of Xerox Corporation in the United States and/or other countries. Changes are periodically
Sample Assignment 1: Workflow Analysis Directions Purpose The Purpose of this assignment is to: 1. Understand the benefits of nurse workflow analysis in improving clinical and administrative performance
Welcome to Support Express by Shakambaree Technologies Pvt. Ltd. Introduction: This document is our sincere effort to put in some regular issues faced by a Digital Signature and USB Token user doing on
ehealth Beyond the Horizon Get IT There S.K. Andersen et al. (Eds.) IOS Press, 2008 2008 Organizing Committee of MIE 2008. All rights reserved. 395 From Documents on Paper to Electronic Medical Records
Healthcare activities from anywhere anytime The deployment of OHMS TM in private cloud 1.0 Overview:.OHMS TM is software as a service (SaaS) platform that enables the multiple users to login from anywhere
Novell ZENworks Asset Management 7.5 w w w. n o v e l l. c o m October 2006 USING THE WEB CONSOLE Table Of Contents Getting Started with ZENworks Asset Management Web Console... 1 How to Get Started...
Mobile OTPK Technology for Online Digital Signatures Dec 15, 2015 Presentation Agenda The presentation will cover Background Traditional PKI What are the issued faced? Alternative technology Introduction
NETWRIX USER ACTIVITY VIDEO REPORTER ADMINISTRATOR S GUIDE Product Version: 1.0 January 2013. Legal Notice The information in this publication is furnished for information use only, and does not constitute
Concepts of Database Management Seventh Edition Chapter 7 DBMS Functions Objectives Introduce the functions, or services, provided by a DBMS Describe how a DBMS handles updating and retrieving data Examine
White Paper Internet File Management & HIPAA A Practical Approach towards Responding to the Privacy Regulation of the Act The recent activation of the privacy requirement of the Health Insurance Portability
Introduction to Information and Computer Science: Information Systems Lecture 1 Audio Transcript Slide 1 Welcome to Introduction to Information and Computer Science: Information Systems. The component,
The Convergence of IT Security and Physical Access Control Using a Single Credential to Secure Access to IT and Physical Resources Executive Summary Organizations are increasingly adopting a model in which
Health Information Technology & Management Chapter 2 HEALTH INFORMATION SYSTEMS INFORMATION SYSTEM *Use of computer hardware and software to process data into information. *Healthcare information system
Improving File Sharing Security: A Standards Based Approach A Xythos Software White Paper January 2, 2003 Abstract Increasing threats to enterprise networks coupled with an ever-growing dependence upon
Data sheet MainManager IT Mainmanger IT is helping IT Managers and other IT responsible in companies, municipalities and organisations to plan and increase the return of investments in IT equipment. This
HKUST CA Certification Practice Statement IN SUPPORT OF HKUST CA CERTIFICATION SERVICES Version : 2.1 Date : 12 November 2003 Prepared by : Information Technology Services Center Hong Kong University of
User manual Version 2.16 and higher Contents SecureStore I.CA 1. INTRODUCTION...3 2. ACCESS DATA FOR THE CARD...3 2.1 Card initialisation...3 3. MAIN SCREEN...4 4. DISPLAYING INFORMATION ABOUT THE PAIR
Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect
Moving to Multi-factor Authentication Kevin Unthank What is Authentication 3 steps of Access Control Identification: The entity makes claim to a particular Identity Authentication: The entity proves that
eid Security Frank Cornelis Architect eid The eid Project > Provides Belgian Citizens with an electronic identity card. > Gives Belgian Citizens a device to claim their identity in the new digital age.
SERVICE DESCRIPTION 1 (12) OPUSCAPITA TYVI SERVICE DESCRIPTION SERVICE DESCRIPTION 2 (12) CONTENTS 1. OPUSCAPITA TYVI SERVICE... 3 2. PROPERTIES OF THE OPUSCAPITA TYVI SERVICE FOR THE REPORTER... 4 2.1
Incorporated 3/7/06; Rev 9/18/09 PaperClip Compliant Email Service Whitepaper Overview The FTC Safeguard Rules require Financial, Insurance and Medical providers to protect their customer s private information
MCTS Guide to Microsoft Windows 7 Chapter 7 Windows 7 Security Features Objectives Describe Windows 7 Security Improvements Use the local security policy to secure Windows 7 Enable auditing to record security
Technical Standards for Information Security Measures for the Central Government Computer Systems April 21, 2011 Established by the Information Security Policy Council Table of Contents Chapter 2.1 General...
NETASQ & PCI DSS Is NETASQ compatible with PCI DSS? We have often been asked this question. Unfortunately, even the best firewall is but an element in the process of PCI DSS certification. This document
Investment and Governance Division 614.995.9928 tel Ted Strickland, Governor 30 East Broad Street, 39 th Floor 614.644.9152 fax R. Steve Edmonson, Director / State Chief Information Officer Columbus, Ohio
FAQs - New German ID Card General 1) How to change from the old ID card to the new one? The new Law on Identification Cards came into effect on 1 November 2010. Since then, citizens can apply for the new
SESSION ID: HTA-W02 That Point of Sale is a PoS Charles Henderson Vice President Managed Security Testing Trustwave @angus_tx David Byrne Senior Security Associate Bishop Fox Agenda POS Architecture Breach
INTEGRATED STAFF ATTENDANCE SYSTEM (ISAS) WEE PEK LING A report submitted in partial fulfillment of the requirements for the award of the degree of Bachelor of Computer Science (Computer Systems & Networking)
Permeo Technologies WHITE PAPER HIPAA Compliancy and Secure Remote Access: Challenges and Solutions 1 Introduction The Healthcare Insurance Portability and Accountability Act (HIPAA) of 1996 has had an
ABSTRACT Full-scale Online Event Ticketing System The Design and Implementation The paper analyzed the system requirements for online shopping in general and specific requirements for event ticket online
Interchange of Data between Administrations EUROPEAN COMMISSION ENTERPRISE DIRECTORATE- GENERAL INTERCHANGE OF DATA BETWEEN ADMINISTRATIONS PROGRAMME Interchange of Data between Administrations 2 of Generic
Best Practices: Extending Enterprise Applications to Mobile Devices by Kulathumani Hariharan Summary: Extending enterprise applications to mobile devices is increasingly becoming a priority for organizations
Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate
safend a w a v e s y s t e m s c o m p a n y SAFEND Data Protection Suite Installation Guide Version 3.4.5 Important Notice This guide is delivered subject to the following conditions and restrictions:
For Linux distributions Software version 4.1.7 Version 2.0 Disclaimer This document is compiled with the greatest possible care. However, errors might have been introduced caused by human mistakes or by
Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features
OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES Table of contents 1.0 SOFTWARE 1 2.0 HARDWARE 2 3.0 TECHNICAL COMPONENTS 2 3.1 KEY MANAGEMENT