Smartcard system connects patients, providers, hospitals, and pharmacies throughout Europe.
Austria is well known for its advanced and generous social services—marked by a strong social security system, and an extensive network of hospitals, physicians, and pharmacies. Austrian Social Security Law, a public insurance system that includes 22 institutions offering a variety of insurance coverage and social programs, insures most Austrian citizens, and in recent years this national health system has been bolstered by one of the world’s most advanced programs for smartcards and electronic health records.
"We chose Java because of the platform advantages, especially its tremendous portability among CPUs and hardware platforms."
Today all insured citizens get a smartcard that verifies their insured status and facilitates the creation, transmission, and storage of electronic health records. The e-card system also authorizes citizens to avail themselves of a variety of ehealth services, from preventive checkups to disease management programs. Thousands of healthcare providers have installed special equipment to scan the smartcards and transmit secure data across a secure health information network that spans the Austrian nation and extends to many other European countries within the scope of the NETC@RDS project of the European Union. Java is the lingua franca of the system.
“We chose Java because of the platform advantages, especially its tremendous portability among CPUs and hardware platforms,” says Rainer Schügerl, director of software development and security at SVC, a public entity based in Vienna, Austria, that develops innovative solutions in the field of health telematics and egovernment. SVC served as the systems integrator for the e-card project.
“Java provides a stable, high-quality programming language that suits all of our needs,” Schügerl adds. “For enterprise-caliber development requiring high availability, reliability, and security, most Austrian organizations use Java.”
SVC has made a giant step forward in improving the quality of medical care for citizens throughout Austria and beyond. By implementing the ecard infrastructure, the agency replaced a cumbersome system of paper health insurance vouchers that had dominated Austria’s medical world for 50 years. Manual processes between insured people, employers, doctors, hospitals, and the Main Association of Austrian Social Security Institutions have been systematically replaced by electronic solutions and ebusiness procedures governing the transmission, storage, processing, and virtualization of health and administrative data.
The Main Association of Austrian Social Security Institutions is a group of statutory insurance providers that is responsible for the country’s health, pension, and accident insurance. The association enlisted SVC to design and deploy the ecard system and an associated virtual private network. As a 100 percent subsidiary company of the Main Association of Austrian Social Security Institutions, SVC has a proven track record of enforcing transparency and security in the processing of health and administrative data, whether for clinical use, administration, or science. Its mission is to improve the efficiency of information processes among patients, health service providers, and health administrators.
Rainer Schügerl (second from right) takes a break with members of the SVC engineering team. In just seven months, SVC rolled out 8.5 million ecards to Austrian citizens.
Schügerl has 40 software engineers on his team, including 20 Java developers. Due to the sensitive nature of health and medical information, the team needed a programming language with a robust security architecture. They decided to use Java Standard Edition for Embedded Devices, which supports the same platforms and functionality as Java Platform, Standard Edition (Java SE), along with additional capabilities for the embedded market such as support for small-footprint Java runtime environments (JREs), headless configurations, and memory optimizations. Java SE is ubiquitous on servers and desktop computers, thanks to its high-performance virtual machine and exceptional graphics support. To top it off, it has an extremely lightweight deployment architecture and a complete set of features and libraries for programmers.
Java applets are ideal for smartcards and similar small-memory devices because they carry all the essential security features such as cryptography, authentication, authorization, and public key infrastructure. For SVC, these features ensure that new ecard applications can securely access centralized resources while protecting critical data from theft, loss, and corruption. The Java API supports a wide range of cryptographic services including digital signatures, message digests, ciphers, message authentication codes, key generators, and key factories, allowing SVC developers to easily integrate security into their application code.
The smartcard does not contain software functions. Only the cardholder’s administrative data is stored on the ecard—name, academic title, insurance number, serial number, gender, and user group identification—along with certificate and identity link parameters. “The ecard is used primarily as an identification tool for patients and the key to their data,” explains Schügerl. “In order to get paid, doctors insert their patients’ ecards into a smartcard reader. The administrative patient data is then crosschecked with a central social security database, which resides in a secure data center.”
Only authorized medical practitioners can read the cards and the associated health records, and they must have special equipment called medical practice units (MPUs) to do so. Commonly known as GINA boxes, each MPU is a special-purpose computer that hosts a lightweight Java program to obtain data from the smartcard. The MPUs contain the application software that initiates secure business procedures. They interface with another piece of equipment called a LAN chip card reader to transmit patient data to the SVC data center over a virtual private health information network.
SVC chose Java because of the platform advantages, especially its tremendous portability among CPUs and hardware platforms.
In a span of seven months, SVC rolled out 8.5 million ecards to insured citizens, along with GINA boxes to 11,000 providers and medical practitioners. SVC continues to ship about a million ecards every year and to bring new medical practices and health service providers on board. More than 12,500 healthcare providers now have the equipment and have been trained in the business procedures of the ecard system.
For the cardholder, medical treatment is now accessible without administrative barriers or paper documents. Physicians can verify if a person is insured and which health insurance institution will pay for medical treatment. The system verifies insurance coverage for all citizens, even when they are traveling to member states of the European Union, the European Economic Area, and Switzerland. “The card allows them to receive medical treatment in these member states, for free or at a reduced cost. The intention is to allow people to continue their stay in a country without having to return home for medical care, or to take a job in a neighboring country and keep their health benefits,” Schügerl explains.
After nationwide rollout of the emedication system, citizens can “opt out” if they decide not to share their health information online. Because of the large number of involved stakeholders, it was not easy to balance the different interests and get the project running. But in general, both patients and providers have embraced these existing and emerging ehealth applications, partly as a result of the robust, Java-based security architecture. Data is not stored on the card; it is housed in a secure data center. Only authorized providers and administrators can access these records, and they must have special-purpose equipment.
SVC, a provider of health telematics and egovernment solutions based in Vienna, Austria, has issued millions of ecards to employed Austrian citizens, along with thousands of special-purpose computers that rely on Java to securely store and transmit patient data.
Ecards (active) in Austria: 8,700,000
New ecards issued: 850,000 per year
Healthcare providers connected: 12,500
Pharmacies connected: 120
Hospitals connected: 136
Care facilities connected: 15
Ecard transactions completed: 667,763,920
Average contacts per day: Approximately 500,000
All-time high (December 14, 2009): 629,150
The ecard system has been designed to support a number of future projects, including electronic signatures for pharmaceutical prescriptions, emergency data, electronic vaccination records, and disease management programs. For example, a new emedication system makes it easier for doctors and pharmacists to share information about potentially harmful interactions among medications. Launched as a pilot project earlier this year in three regions of Austria, this service permits pharmacists, physicians, and hospitals to see a list of each patient’s current medications. More than 100 physicians, about 50 pharmacies, and 6 hospitals participate in this project.
“Our research shows that people 70 years and older take up to 10 medications per day,” says Schügerl. “Tracking and comparing pharmaceutical prescriptions with health records helps them to reduce negative interactions. So far about 7,000 citizens have participated in this pilot program.” Within the scope of the pilot project, the participation of patients, physicians, pharmacists, and hospitals is voluntary.
Following the slogan, “Move the data, not the patient,” SVC’s Java-based infrastructure has reduced the cost of healthcare administration, improved collaboration between healthcare professionals, and enabled higher-quality services for patients. Other Java applications communicate with the Main Association of Austrian Social Security Institutions to submit medical claims, verify pharmaceutical prescriptions, route disability reports, and transmit medical records between appropriate medical practitioners.
The ecard infrastructure has become the foundation of many future applications in the burgeoning health telematics sector, including a new “citizen card” that streamlines egovernment services related to tax declarations, alimony payments, student loans, criminal records, residence registration confirmations, insurance data, and pension accounts. Many other countries have expressed interest in developing similar Java-based systems, including Australia, Bulgaria, Colombia, the Czech Republic, Finland, Germany, Iran, Japan, Kuwait, Lithuania, Macedonia, the Netherlands, Poland, Romania, Serbia, Slovenia, South Korea, Taiwan, Turkey, and Vietnam.
Java is the de facto standard for these smartcard initiatives, with 5 billion installations worldwide. Many technically savvy organizations come to the same conclusion as SVC: they depend on Java because it is a powerful and secure environment for applications that run on smartcards and other devices with very limited memory and processing capabilities.
Based in Santa Barbara, California, David Baum writes about innovative businesses, emerging technologies, and compelling lifestyles.
Article originally written for Java Magazine