Healthcare Information Security

Cybersecurity News

Can Smart Cards Reduce the Risk of Medical Identity Theft?

By Elizabeth Snell

WEDI wrote a white paper on how smart cards could potentially reduce the risk of medical identity theft.

- Medical identity theft is increasingly becoming a top concern in the healthcare industry, especially as protected health information (PHI) continues to be valued by cyber thieves. Facilities are storing more data in computer systems and then those systems are becoming connected through health information exchanges (HIEs).


So the question quickly becomes, how can healthcare providers reassure patients that their PHI is safe? What security measures are required to protect sensitive data, without potentially restricting quality care?

According to the Workgroup for Electronic Data Interchange (WEDI), the answer could be “subscriber identity tokens” such as smart cards. The smart patient health cards would contain secure microprocessors that can encrypt and securely store and protect a patient’s personal health information, according to a statement. The Smart Card Alliance Health and Human Services Council also stated that it supports the WEDI effort for medical smart cards.

WEDI outlined its goals for the Real-Time Patient Arrival Identification (PAR) process in a recent white paper.

“Currently, patient records are matched from different providers and different times using probabilistic methods such as matching on name, address, birth date, and other data. Error rates may be 10-15 percent,” the white paper explained. “The PAR process verifies the patient with a biometric, and it sends the patient’s encounter biometric template along with patient and insurance identification to the [Enterprise Master Patient Indexes], where the match engine definitively links the patient to existing records.”

The paper acknowledged that not all errors will necessarily be eliminated, but this new option offers potential to improve the integrity of patient health records with the concomitant benefits of accurate individual and statistical information. Moreover, it adds positive identification to preparation of wristbands and labels that may be used during treatment to reduce errors resultant from mismatched patients.

“A claim submitter needs only this information to submit a fraudulent claim,” WEDI stated in the paper. “Therefore, stolen information is valuable, leading to medical identity theft, access to and wrongful update of patient health records, and claim fraud.”

Additionally, medical smart cards could assist in reducing claim fraud – in the billions of dollars – and improve the coordination of patient health records. There could also be the potential for more accurate, complete and longitudinal personal health records, according to WEDI.

WEDI previously discussed its goals for healthcare security earlier this year, in an interview with President and CEO Dr. Devin Jopp and Co-Chair Mark Cone. The duo told that healthcare organizations should stay “cautiously optimistic,” in terms of privacy and security issues.

There’s so much from a technological aspect that continues to move the healthcare industry forward that it’s difficult to imagine what will even be available in 12 months, according to Cone. This is why it’s so important for healthcare facilities to ensure that they’re meeting some of the basic concepts that the HIPAA Privacy and Security rule.


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...