||Using Healthcare IC Cards to Help Senior Citizens in Chronic Drug Dose Management and Secure Access Mechanisms
||Department of Engineering Science
Healthcare IC card
In Taiwan’s medical system, Healthcare IC cards are required for outpatient procedures. We firstly propose the idea that a Hospital Information System (HIS) should use the information stored in Healthcare IC cards to promote the health quality of card holders. That is, a patient’s HIS data, and the patient’s Healthcare-IC-card data should be integrated to simulate the diagnostic procedures and keep track of repetitive drug dosage and drug interactions. Hence, doctors could obtain timely information on each patient’s drug dosage and avoid repetitive drug dosage or serious drug interactions. We have developed a prototype and demonstrated its effectiveness by simulating chronic dosage for senior citizens.
To enhance the security of Healthcare IC cards, passwords (PINs) are used. However, PINs are prone to forget, especially for senior citizens. We secondly propose to develop a set of devices and secure operations, called EZPIN, to easily use PINs and to help senior citizens in outpatient services. The key component is a device which stores the PIN of the user’s Healthcare IC card, and securely transmits the PIN to a Healthcare IC card reader if the PIN is required. Hence, a senior citizen does not need not to recite and input the PIN by looking for the keys of the PIN on the keyboard of the card reader (or PC) at the registration desk of clinics.
Healthcare IC cards could be applied in a wider range of fields. We thirdly propose to use healthcare IC cards, together with conditional access in digital TV systems. We propose a key exchange protocol for the secure communication between a Healthcare IC card and a set-top-box. Moreover, the proposed scheme can be integrated with EZPIN to help senior citizens to receive DTV programs.
CHAPTER 1 INTRODUCTION 9
1.1 IC cards 9
1.2 Healthcare IC cards in Taiwan 10
1.3 Motivation 12
1.4 Dissertation structure 13
CHAPTER 2 LITERATURE SURVEY 15
2.1 Information systems for drug dose of the chronic disease 15
2.2 PIN code 17
2.3 Conditional access system 18
CHAPTER 3 USING HEALTHCARE IC CARDS TO MANAGE DRUG DOSE OF THE CHRONIC DISEASE PATIETS 21
3.1 The prototype system 21
3.1.1 Checking the repetitive drug dose 26
3.1.2 Checking the drug interaction 29
3.2 Analysis 32
3.2.1 The repetitive drug dose statistics 32
3.2.2 The drug interaction statistics 35
3.3 Summary 37
CHAPTER 4 POCKET EZPIN DEVICES FOR HEALTHCARE IC CARDS TO ENHANCE THE SECURITY AND CONVENIENCE OF SENIOR CITIZENS 38
4.1 Outpatient procedures using Healthcare IC cards 38
4.2 The prototype system 39
4.3 Summary 44
CHAPTER 5 USING HEALTHCARE IC CARDS AND THE POCKET EZPIN DEVICES TO HELP SENIOR CITIZENS TO PERFORM SECURE COMMUNICATION IN DTV BROADCASTING 45
5.1 CAS in DTV 45
5.2 The proposed scheme 48
5.3 Security analysis 54
5.4 Summary 56
CHAPTER 6 CONCLUSIONS AND FUTURE WORKS 57
 ISO 7816-1, “Identification cards – part 1: Physical characteristics”, 1987.
 ISO/IEC DIS 7816-2, “Information Technology -- Identification cards – Integrated circuit(s) cards with contact – part 2: Dimensions and location of the contacts (Revision of ISO 7816-2:1988) “
 ISO/IEC DIS 7816-3, “Identification cards -- Identification cards – Integrated circuit(s) cards with contact – part 3: Electronic signals and transmission protocols”, 1989.
 ISO/IEC DIS 7816-4, “Information Technology -- Identification cards – Integrated circuit(s) cards with contact – part 4: Interindustry commands for interchange”, 1995.
 Conditional-Access Broadcasting Systems,” ITU-R Rec. 810, 1992.
 YY. Al-Salqan, “Security and Confidentiality in Healthcare Informatics”, Proceedings of 17th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, Page(s): 371-375, 1998.
 Ross J. Anderson, “Privacy Technology Lessons from Healthcare”, Proceedings of the 2000 IEEE Symposium on Security and Privacy, Washington, DC, USA, Page(s): 78-79, 2000.
 C. Boyd, “Modern data encryption”, Electronic & Communication Engineering Journal, Volume: 5, No.5, Page(s): 205-210, 1993.
 Thomas Beth and Dieter Gollmann, “Algorithm Engineering for Public Key Algorithm”, IEEE Journal on Select Areas in Communications, Volume: 7, No.4, Page(s): 458-465, 1989.
 D.W Bates, J.M. Teich, J. Lee, D. Seger, G.j. Kuperman, N. Ma’luf, D. Boyle and L.L Leape, “The Impact of Computerized Physician Order Entry on Medication Error Prevention”, Journal of the American Medical Informatics, Volume: 6, No.4, Page(s): 313-321, 1999.
 D.W. Bates, M. Cohen, L. L. Leape, J. Marc, M.M. Shabot and T. Sheridan, “Reducing the frequency of errors in medicine using information technology”, Journal of the American Medical Informatics, Volume: 8, No.4,Page(s): 299-308, 2001.
 E. Cruselles, J. L. Melus, and M. Soriano, “An overview of security in Eurocrypt conditional access system”, Technical Program Conference Record of Global Telecommunications Conference, including a Communications Theory Mini-Conference, Houston, USA, Volume: 1, Page(s): 188-193, 1993.
 J.J. Cimino, T.B. Stephen. J.G. Hropcsak, P.D. Clayton, R.A. Jenders, “Design of a Clinical Event Monitor”, Computers and Biomedical Research, Volume: 29, No.3, Page(s): 194-224, 1996.
 E. R. Carson, D.G. Gramp, A. Morgan and A.V. Roudsari, “Clinical Decision Support, Systems Methodology, and Telemedicine: The Role in the Management of Chronic Disease”, IEEE Transaction on Information Technology in Biomedicine, Volume: 2, No.2, Page(s): 80-88, 1998.
 Amit Choudhri, Lalana Kagal, Anupam Joshi, Timothy Finin and Yelena Yesha, “Patient Service: Electronic Patient Record Redaction and Delivery in Pervasive Environments”, Proceedings of 5th International Workshop on Enterprise Networking and Computing in Healthcare Industry, Maryland University, Baltimore, USA, Page(s): 41-47, 2003.
 H. M. Chao, S. H. Twu and C. M. Hsu, “A Secure Identification Access Control Scheme for Accessing Healthcare Information Systems”, Proceedings of 4th International IEEE EMBS Special Topic Conference on Information Technology Applications in Biomedicine, Christian University, Chung-Li, Taiwan, Page(s): 122-125, 2003.
 Chien-Lung Chan, Chien-Wei Chen, “Association Rules in metabolic syndrome derived disease”, Master thesis, Department of Information Management, Yuan Ze University, 2005.
 W. Diffie and M. E. Hellman, “New directions in cryptography”, IEEE Transaction on Information Theory, Volume: 22, No.6, Page(s): 644-654, 1976.
 Simson L. Garfinkel, “Public key cryptography”, Internet Kiosk, Page(s): 101-104, 1996.
 J.P. Griffin, P.F. and D’Arcy, A Manual of Adverse Drug Interactions, Elsevier: Amsterdam, 1997.
 Del Fiol G, Rocha B and Nohama P, “Modeling a Decision Support System to Prevent Adverse Drug Events”, Proceedings of 13th IEEE Symposium on Computer-based Medical Systems, Houston, TX, USA, Page(s): 109-113, 2000.
 Jim Heam, “International Participation: The Continuing March Toward Security and Privacy”, IEEE Security & Privacy, Volume: 1, No.1, Page(s): 79-81, 2003.
 Y. L. Huang, S. Shieh, F, S, Ho and J. C. Wang, “Efficient Key Distribution Schemes for Secure Media Delivery in Pay-TV Systems”, IEEE Transaction On Multimedia, Volume: 6, No.5, Page(s): 760-769, 2004.
 J.A. Johnston and J.L. Bootman, “Drug-related morbidity and mortality: a cost of illness model”, Arch Intern Med., Volume: 155, No.18, Page(s): 1949-1956, 1995.
 T Jiang, S Zheng, B Liu, “Key distribution based on hierarchical access control for Conditional Access System in DTV broadcast”, IEEE Transaction on Consumer Electronics, Volume: 50, No.1, Page(s): 225-230, 2004.
 T. Jiang, Y. Hou and S. Zheng, “Secure Communication between Set-top Box and Smart Card in DTV Broadcasting”, IEEE Transaction on Consumer Electronics, Volume: 50, No.3, Page(s): 882-886, 2004.
 W. Kanjanarin and T. Amornraksa, “Scrambling and key distribution scheme for digital television”, Proceedings of IEEE International Conference on Networks, Page(s): 140-145, 2001.
 F. Kamperman and B.V. Rijnsoever, “Conditonal access system Interoperability through software downloading”, IEEE Transaction on Consumer Electronics, Volume: 47, No.1, Page(s): 47-53, 2001.
 L.L. Leape, D.W. Bates and C. David, “System Analysis of Adverse Drug Events”, Journal of the American Medical Informatics, Volume: 274, No.1, Page(s): 35-43, 1995.
 J. W. Lee, “Key distribution and management for conditional access system on DBS”, Proceedings of International Conference on Cryptology and Information Security, Page(s): 82-86, 1996.
 J. Lazarou, B.H. Pomeranz and C.N. Corey, “Incidence of Adverse Reaction in Hospitalized Patients”, Journal of the American Medical Informatics, Volume: 279, No.15, Page(s):1200-1205, 1998.
 Can Lin, “Analysis of the increase of the medicine fees”, Bureau of National Health Insurance (BNHI) of Taiwan, written in Chinese, 1999.
 Daniel P. Lorence and Richard Churchill, “Incremental Adoption of Information Security in Health-Care Organizations: Implications for Document Management”, IEEE Transaction on Information Technology in Biomedicine. Volume: 9, No.2, Page(s): 169-173, 2005.
 J. Lai, T. Hou, C. Yeh and C. Chao, “Using Healthcare IC Cards to Manage the Drug Doses of Chronic Disease Patients”, Computers in Biology and Medicine, Volume 37, No.2, Page(s): 206-213, 2006.
 B. Macq and J. Quisquater, “Cryptology for digital TV broadcasting“, Proceeding of the IEEE, Volume: 83, No.6, Page(s): 944-957, 1995.
 D.J. Mcshane and J.F. Fries, “The Chronic Disease Data Bank-The ARAMIS Experience”, Proceeding of IEEE, Volume: 76, No.6, Page(s): 672-679, 1988.
 I.D. Nussey, “Chronic disease management supported by information: example diabetes“, Science, Measurement and Technology of IEE Proceedings A, Volume: 139, No.4, Page(s): 153-160, 1992.
 T.W. Nolan, “System changes to improve patient safety”, British Medical Journal, Volume: 320, No.7237, Page(s):771-773, 2000.
 J. Poikonen, and J.M Levent, “Medication-Management Issue at the Point of Care”, Journal of Healthcare Information Management, Volume:13, Page(s): 43-51, 1999.
 C. Parkes, “Exploring Errors in a Medication Process: An Analysis of Information Delivery”, Proceedings of 15th IEEE Symposium on Computer-Based Medical Systems, Melbourne University, Australia, Page(s):79-84, 2002.
 R. L. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public-key cryptosystem”, Communication of ACM, Volume: 21, Page(s): 120-126, 1978.
 J.U. Rosholm, L. Bjerrum, J. Hallas, J. Worm, L.F. Gram, “Polypharmacy and the risk of drug-drug interactions among Danish elderly: a prescription database”, Dan Med Bull, Volume: 45, No.2, Page(s): 210-213, 1998.
 R.A. Raschke, B. Gollihare, T.A Wunderlich, J.R. Guidry, A.I Leibowitz, J.C. Perice, L. Lemelson, M.A. Heisler and C. Susong, “A Computer Alert System to Prevent Injury from Adverse Drug Events. Development and Evaluation in a Community Teaching Hospital”, Journal of the American Medical Informatics, Volume: 280, No.15, Page(s): 1317-1320, 1998.
 C. P. Schnorr, “Efficient identification and signatures for smart cards”, Proceedings of CRYPTO’89 , LNCS 435, Springer-Verlag, Berlin, Page(s): 235-251, 1990.
 H. Sakakibara K. Seki, K. Okada and Y. Matsushita, “The ID-based noninteractive group communication key sharing scheme using smart cards”, Proceedings of International Conference on Network Protocols, Keio University, Yokohama, Japan, Page(s): 91-98, 1994.
 S. Soumerai and H.L. Liption, “Computer-Based Drug-Utilization Review-Risk, Benefit or Boondoogle?”, The New England Journal of Medicine, Volume: 332, No. 24, Page(s): 1641-1645, 1995.
 Nat. Bur. Stand, “DES – Modes of Operation”, Federal Information Processing Standard (FIPS), December, 1980.
 Nat. Bur. Stand, “Data Encryption Standard”, Federal Information Processing Standard (FIPS), January, 1997.
 Bruce Schneier, Applied Cryptography. John Wiley & Sons, 1996.
 B. Starfield, “Institute of Medicine Medical Error Figures Are Not Exaggerated”, Journal of the American Medical Informatics, Volume: 284, No.1, Page(s): 95-97, 2000.
 E.A. Stead, “Information Systems Can Prevent Errors and Improve Quality“, Journal of the American Medical Informatics, Volume: 8, No.4, Page(s): 398-399, 2001.
 D. Scheuermann, “The smart as a mobile security device”, Electronic & Communication Engineering Journal, Volume: 14, No.5, Page(s): 205-210, 2002.
 Shahin Shadfar, “Smart Card-Based Identity and Access Management,” Schlumberger, March, 2004.
 M.J. Tarfeshi, M.J. Melby, K.R. Kaback, T.C. Nord, “Medication-related visits to the emergency department: a prospective study”, The Annals of Pharmacotherapy, Volume: 33, No.12, Page(s): 1252-1257, 1999.
 T. C. Ting, “Privacy and Confidentiality in Healthcare Delivery Information System”, Proceedings of 12th IEEE Symposium on Computer-Based Medical Systems, Connecticut University, Storrs, USA, Page(s): 2-4, 1999.
 F.K. Tu, C.S. Laih, and S.H. Toung, “On key distribution management for conditional access system on Pay-TV system”, IEEE Transaction on Consumer Electronics, Volume: 45, No.1, Page(s):151-158, 1999.
 J.R. Warren, G.V. Beliakov, J.T. Noone and H.K. Frankel, “Chronic Disease Coordinated Care Planning: Flexible, Task-Centered Decision Support”, Proceedings of the 32nd Annual Hawaii International Conference on System Sciences, South Australia University, Mawson Lakes, Australia, Page(s): 1-12, 1999.
 W. Wongpoowarak and P. Wongpoowarak, “Unified algorithm for real-time detection of drug interaction and drug allergy“, Computer Methods and Programs in Biomedicine, Volume: 68, No.1, Page(s): 63-72, 2002.
 D. S. Wong and A. H. Chan, “Mutually authentication and key exchange for low power wireless communications”, Proceedings of IEEE Military Communications Conference on Communications for Network-Centric Operations: Creating the Information Force, Northeastern University, Boston, USA, Volume: 1, Page(s): 39-43, 2001.
 J.S. Wimalasiri, P. Ray and C.S. Wilson, “Security of Electronic Health Records based on Web Services”, Proceedings of 7th International Workshop on Enterprise networking and Computing in Healthcare Industry, New South Wales University, Australia, Page(s): 91-95, 2005.