January 07, 2004

Smart Cards and HIPAA

Denver Health Embraces Smart Card Technology For HIPAA Security

Smart cards can be used to support HIPAA compliance, increase security and simplify system access for caregivers and patients alike, according to a white paper from the Smart Card Alliance.

Denver Health has adopted a smart card system allowing employees to securely access patient information across its healthcare network. The package is from Gemplus International.

Interlink Group consultants working close with Denver Health department were able to integrate the smart cards utilizing active directory certificates to provide a single sign-on solution.

Gemplus smart cards allowed Denver Health to develop a solution that was cost-effective and allowed for the implementation to be completed within three weeks, the company said.

The smart cards are helping Denver Health comply with HIPAA regulations by allowing physicians, nurses and staff to access hospital computer systems with a single sign-on, the company said. "This eliminates the security risk of employees sharing passwords, and thereby protects Denver Healths sensitive patient information from unauthorized access."

The smart cards feature two-factor authentication, which combines the traditional "something you know" (password or PIN), with "something you have" (the badge or card), enabling greater security than traditional usernames/passwords.

Smart cards have a "unique capability to make information access easier for users while at the same time enforcing the more robust security and privacy policies required of healthcare organizations to bring their environments into HIPAA," the alliance said.

HIPAA Compliance and Smart Cards: Solutions to Privacy and Security Requirements provides an overview on how smart cards work and outlines key implementation success factors. The white paper includes profiles of smart health card implementations, including the University of Pittsburgh Medical Center, Mississippi Baptist Health Systems and the French, German and Taiwanese health cards.

On-card intelligence, processing and cryptography capabilities make smart cards capable of enabling compliance with strong privacy guidelines and of enforcing the privacy and security policies set by the healthcare organization, according to the alliance.

The alliance said representatives from 19 organizations were involved in the development of the white paper. The Smart Card Alliance is a not-for-profit, multi-industry association working to accelerate the acceptance of smart card technology.

Addresses: Gemplus Corp., Keith Valley Business Center, One Progress Drive, Horsham, PA 19044; (215) 390-2000, fax: (215) 390-2353, www.gemplus.com. Denver Health, 777 Bannock St., Denver, CO 80204-4507; (303) 436-6000, www.denverhealth.org. Smart Card Alliance, 191 Clarksville Rd., Princeton Junction, NJ 08550; (800) 556-6828, www.smartcardalliance.org.

Posted by Craig at January 7, 2004 07:11 PM