Securing a Health Information System with a government issued digital identification card

Health information systems (HIS) are often deployed with inadequate security mechanisms and with users being generally pointed out as the weakest link. The launch of the Portuguese digital national identification smart card, the citizen card (CC), with strong authentication and digital signing capabilities, represents a new and viable economic opportunity for securing a HIS and at the same time foster the creation of a much more secure national health information infrastructure. Smart cards are being deployed in healthcare in several places around the world with highly encouraging results. Major programs have already been deployed with great success, although there are some well identified issues that need to be addressed. The CC is a versatile and secure card, with the latest in encryption and tamper resistance technologies, with standard support for a public key infrastructure (PKI). We present the advantages and enumerate some of the problems of using a smart card in a HIS, as well as the CC possible contributions in this area, namely as an easy, inexpensive, widely deployed way of using current technology to protect HIS security, and ultimately patient information, while at the same time fostering the expansion and deployment of inter operable HIS. Issues are identified that will need to be resolved and a detailed plan for further work to assess the level of impact the CC can have on the national HIS is indicated.