How smart tokens permit the secure, remote access of electronic health records.

From Clinfowiki
Jump to: navigation, search

Review: How smart tokens permit the secure, remote access of electronic health records. Dalley A, Lynch K, Feltham P, Fulcher J; David Bomba. The use of smart tokens to permit the secure, remote access of electronic health records. Int J Electron Healthc. 2006;2(1):1-11.

Question

What model can be developed to empower patients to give access to their centrally located Electronic Health Records (EHR) by physicians of their choosing?

Introduction

This study took place in Australia. The authors wanted to develop a method to help patients give physicians remote access to their Electronic Health Record. The EHR is located on a central server and patient records were only accessible to providers who were assigned designated enrolled patients. A model was conceptualized to give patients the freedom to allow any provider to access their EHR.

Methods

Patients and physicians were matched with unique identifiers. The identifiers were place in USB memory sticks (also referred to as smart tokens) and stored in the central EHR server. The USB keys contained chips similar to cell phone SIM cards so that secure information could be stored on them. Separate electronic tags distinguished physician and patient USB keys. Patient USB keys contained multiple identifiers (a web server ID, a unique identifier, multiple physician ID’s and an identifier obtained from the clinical software program used by physicians), while physician keys only contained a single provider ID.

Using a secure connection to access the remote server, both the patient and physician USB keys were used on the physician’s computer to authenticate both physician and patient identification. Once verified, patient information would then be uploaded to the physician’s computer along with a website display of the patient record.

Limitations

Only 20 patients and six doctors were part of this study. None of the patients transferred between doctors during the study period. Doctors did not verify the identification of the patient but the article mentioned that the use of a biometric parameter on the smart token would link the key to the patient. Perhaps a photo (or another visual ID such as a driver’s license) in the patient EHR would also verify the patient.

Conclusion

This method of using smart tokens demonstrated that it is feasible to provide this type of access to a patient record. The issues of cost and technical deployment of this method on a national scale were noted to be predictably high.

Jim Gemelas