Smart Cards and EMR

“The ideal circumstance would be the use of EMR smart cards that would be updated with every patient encounter and that can be read electronically by every medical provider treating the patient, regardless of the providers’ medical network or health plan affiliation.” – Jim Lott, Executive Vice President, Hospital Council of Southern California, Los Angeles source

I’ll admit to not being an expert on smart cards, but does anyone really think that smart cards are going to get widespread acceptance? The only thing we’ve ever gotten people to consistently carry around with them is their drivers license and even those go missing all the time. How many patients forget their insurance card? Can you imagine the front desk nightmare trying to get people to remember to bring a smart card.

Sure, the concept and the technology is great and interesting. However, the only way this is going to reasonably happen is by transferring the data in the cloud. Considering all of the various legal, political and cultural challenges associated with healthcare data I’m becoming more convinced this cloud of patient healthcare information is going to be managed by the patient.

About the author

John Lynn

John Lynn

John Lynn is the Founder of the, a network of leading Healthcare IT resources. The flagship blog, Healthcare IT Today, contains over 13,000 articles with over half of the articles written by John. These EMR and Healthcare IT related articles have been viewed over 20 million times.

John manages Healthcare IT Central, the leading career Health IT job board. He also organizes the first of its kind conference and community focused on healthcare marketing, Healthcare and IT Marketing Conference, and a healthcare IT conference,, focused on practical healthcare IT innovation. John is an advisor to multiple healthcare IT companies. John is highly involved in social media, and in addition to his blogs can be found on Twitter: @techguy.


  • There are three ways to store patient records: 1) local server, 2) The Cloud, and 3) patient magnetic card or thumbdrive. The local server approach is the least flexible; the other two can go wherever the patient goes.

    Whither Cloud or Patient card? The latter is likely more secure, but is too easy to lose. The Cloud may evolve into something that is rock-solid from a security standpoint. But accessing the Cloud implies that neither patient nor provider need worry about formatting issues. So all-in-all, the Cloud wins!

  • The idea of a standalone “Smart Card” seems pretty silly if you ask me. What would be in it, maybe some personal identification visibly on the card, but in terms of it’s guts all it needs to have is a transmitter with a unique code per patient that a card reader interprets and pulls data down from the cloud for. Why couldn’t something like that be incorporated into a drivers license?

    That is of course if the idea of having all of your medical history accessible by a single PIN is something that will ever be socially acceptable, or even protectable from hackers. God knows how easy it is to pick up and hack a bluetooth signal these days.

  • Robbin,
    The idea of having it integrated with a card we already have is great. I’m just not sure how interested the various credit cards will be about doing that. It’s interesting to think about though. Thanks for sharing.

    Socially acceptable and protected from hackers has really been the hard part. Protected from insurance companies is related to this issue also. Can you imagine the exclusions they could run if they had everyone’s whole medical history? Unless government decides to stop allowing them to exclude based on pre-existing conditions.

  • The idea of using a “smart card” seems antiquated when there is a far more convenient, less expensive and accurate way to establish a person’s identity- even in a medical emergency, biometrics. Dr John D. Halamka, Chief Information Officer of the Beth Israel Deaconess Medical Center (who has a long list of credentials) has first hand experience on the benefits of using biometrics to quickly and conveniently identify staff and patients (without ID cards, passwords or other methods that can be easily lost, forgotten or stolen). He has written about this multiple times on his blog at

  • Charles,
    The cell phone used as a token is an interesting concept. I’d be interested to learn more about that topic. Biometrics is great, but has it’s challenges as well. Supporting all those USB devices is a huge challenge.

  • In my view (and we do have a dog in this fight, for the record) smart cards make sense on many layers. It’s the fastest, least expensive way to federate an identity AND also offer portability. Our smart card solution solves several problems, only one of which is the identity issue. In 2010 we will release our HIE model using smart card (which biometrics cannot do as ytou cannot write data to your fingertip). Our version marries the card with a cloud service (MS and Google are the two we’re working with.

    We feel that the model of combining RHIO’s over a WAN is antiquated, tried many times, and consistently comes up short. I’ve yet to actually see a RHIO that is scalable and sustainable on its own. With smart cards, scalability and sustainability (at about $5 a patient) is very easy. With an HIE solution offering interoperability, a cloud solution offeirng portability, and a trusted certificate authority offering federation (like our partner, Verisign) smart cards offer a solution that fills many needs.

    Lastly, most of the rest of the world uses them – the US is one of few countries that have not adopted smart cards. We think it is only a matter of time. I am happy to show you how we do it – it’s quite effective and certainly scalable and sustainable.


  • Todd,
    I’m interested to hear how you deal with the lost smart card problem and also how you deal with the $5 per patient charge. Does that get passed on to the patient? Paid for by the organization? etc.

  • Hi John-

    The issuing hospital manages the credentials on the card – they can easily renew, revoke, etc. The hosptial can issue cards themselves, or they can outsource it – just like your bank debit card. With our system it is easy for a hospital to issue a card on site, while the patient waits. I am happy to give you an online demo anytime.

    The beauty of using Verisign for digital certificate (a partnership we’re working on now) is that the certificate are managed by Verisign and the hospital simply makes any needed changes inside of a web broswer console.

    Typcially, the hospital pays for the cardsd and software licensing. We can show ROI very quickly. We currently have the largest deployment of smart cards in US healthcare at Mt. Sinai and Sinai Queens in NYC and we’re also exclusively endorsed by the AHA. Again, I am happy to discuss with you anytime.

    As I have mentioned, smart cards will be an importatn facet of healthcare in the US in the coming years. With ARRA/HiTECH and the ever increasing intechange of data, ensuring identity will become paramount. The best, most cost effective way to do that is with PKI using smart cards. Thanks for listening to my rant!

  • I would think we could solve many identification issues and counterfeit cards by going to a national id muti-purpose card card. This card would have secured and unsecured sections that would hold hipaa information available for updating. The remainer of the card could be secured with national id and drivers license etc.. info.
    Sorry, what was I thinking. This would merge agencies and create fewer government jobs!

Click here to post a comment