Web-Enabled Smart Card for Ubiquitous Access of Patient's Medical Record
Alvin T.S. Chan
Internet Computing and Electronic Commerce Laboratory
Department of Computing
The Hong Kong Polytechnic University
Hung Hom, Kowloon, Hong Kong
The combined benefits of smart card to support mobility in a pocket coupled with the ubiquitous access of web technology, presents a new paradigm for medical information access system. The paper describes the framework of Java Card Web Servlet (JCWS) that is being developed to provide seamless access interface between a web browser and a Java enabled smart card. Importantly, the smart card is viewed as a mobile repository of web objects comprising of html pages, medical data objects and, record browsing and updating applet. As the patient moves between hospitals, clinics and countries, the mobility of the smart card database dynamically binds to the JCWS framework to facilitate a truly ubiquitous access and updating of medical information via a standard web browser interface.
Keywords: smart card, web, medical, health
In the past decade, we have seen a rapid advancement in application of information technology to almost every sector of industries. The explosion of Internet growth fuelled by the so-called killer application - the World Wide Web, further accelerates this advancement. However, surprisingly, it was noted in [1,2] that most health care institutions, including those in the United States, still maintain most of their patient records in the form of paper charts. This scenario has rendered the almost impossible task of integrating and seamlessly managing patients record across hospitals, clinics and between countries or states. The emergence of smart card technology is recognized as a potential solution to effectively and accurately manage patients medical record [3,4]. In particular, smart card based on optical memory offers quantum storage capacity of up to 4-6 Mb. Such storage capacity translates to the ability of the card to store basic patient information such as name, address, photographs, PIN security, to medical information such as blood type, drug allergies and regular prescribed drugs. Moreover, medical records can be augmented to include multimedia-rich information such as scan photography images and voice recording, to facilitate rapid diagnosis of patients potential symptom and problem. In short, smart card provides the rich benefits of storing comprehensive, accurate, and up-to-date medical history of a patient, while offering the ease of mobility in a pocket .
Although smart card presents an attractive alternative to recording complex medical record, it has failed to gain the critical mass required to spin off a wide market acceptance of such technology. Most usage of smart cards in medical arena is restricted to large organizations such as state hospitals, health insurance groups and government clinics. The lack of a unified data structure and open programming interface have resulted in ad-hoc implementation of medical information systems based on smart card technology . Building on the same spirit as the original Java, Sun has developed the Java Card API specifications [7,8] to facilitate the concept of "write once, run on all cards".
Our research aims to further develop the standardization effort to support a web-based medical specific smart card application framework. Figure 1 divides the standardization framework to horizontal and vertical standards. While Java Card represent the so-called horizontal standard to facilitate common computing platform for smart card development environment, our project proposes a vertical standard framework that addresses the design requirements specific to the development of medical applications. The concept of Java Card Web Servlet (JCWS) is developed to provide seamless access interface between a web browser and a Java enabled smart card. The framework is designed to support tight coupling of smart card technology to existing web infrastructure. With such a framework, it is possible for medical-related professionals, such as doctors and pharmacists, to seamlessly access medical records directly from the card using a standard web browser interface. An applet contained within the card can be dynamically loaded into the browser to perform active browsing and updating of medical information. The applet can also provide web links to Internet databases to facilitate wide area access of further information such as a video of a recent CT scan, high resolution X-ray image scan, etc. The following section highlights the motivation of this paper and the combined benefits of integrating smart card to web technology. Section 3 describes the use of XML as the formatting language for medical records. An overview description of JCWS is presented in section 4. Finally, section 5 describes our future works and conclusions.
Figure 1: Horizontal and Vertical Standards
Smart card technology presents a new paradigm of computing environment based on embedding processing elements on a credit card sized platform. The technology offers the benefits of easy mobility in a pocket, with the capability of storing large capacity of information as compared to the magnetic-based plastic cards. More importantly, smart card with the local processing capabilities, facilitates the development of active programs that are designed to effectively and accurately manage often complex patients medical record. Essentially, the patients information is augmented with active programs residing within the smart card to provide rich services such as record management facilities, security and authentication, and clinical alert system. While smart card technology for medical application has been in existence for some time now, it has been largely restricted to use in large organization such as hospitals, health insurance and large medical groups. The services provided are restricted to simple patients record management workflow operating within departments of an organization. Extending and integrating such technology and services to a wider community such as across hospitals, medical insurance bodies, polyclinics and dental clinics, present major technical limitation due to the lack of network infrastructure and accessibility. With the continue proliferation of internet technology to home and offices access via dial-up, lease line, ADSL and cable modem, the consideration of integrating smart card and internet technology to facilitate wide area medical information system needs to be re-visited. By closely combining the benefits of Internet web and smart card technologies for medical application, rich services can rapidly be developed and implemented, with the ultimate objective of improving the quality of health care. Figure 2 illustrates the concept of a smart card being viewed as a mobile database containing patients medical record. As the database "travels" to a new location, the JCWS dynamically binds the database to the framework, to provide web-based browsing and updating services. In this case, the browsing and updating applet can be dynamically downloaded from the smart card itself via the browser interface.
Figure 2: JCWS Concept
In short, the marriage of these two technologies presents the following complementary benefits:
- Ubiquitous Medical Record Management. The JCWS framework is designed to support both offline and online operations of smart card information access. In the former case, the standard web browser operates in an offline standalone mode such that access and updating procedure to smart cards medical record are facilitated by an active applet downloaded from within the card itself. The ability of smart card to carry its own record management applet while being hosted by a commonly available web browser, presents a powerful paradigm to support a truly mobile and open environment. Importantly, it enables medical personnel to quickly gain access of vital patient's medical record without the need of a hospital or clinic to be equipped with so-called compatible information system. Such immediate availability and easy access of critical patient's record in time of accident and emergency can mean drawing a line between life and death.
- Rapid Deployment of Enhanced Networked Services. The ability of web-enabled smart card to seamlessly integrate with evolving Internet technology translates to the possibility of medical information system to leverage on existing rich services provided by the underlying infrastructure. The Internet and WWW in particular, offer the opportunity for distributed health services to exchange medical knowledge and allow dynamic monitoring of patients health [9,10]. For example, complex services such as remote diagnostics and health-related decision making process can be efficiently and seamlessly integrated with smart cards patient record to provide added treatment alternatives to improve the overall quality of health services.
- Low Deployment Costs. The significant infiltration of Internet technology to home and offices via various access methods (including dial-up, lease line, ADSL and cable modem) underscores the ability to rapidly and economically deploy medical information system across a wide medical community. In particular, there is no need to install special network hardware or user agents on each of the potential participants (including doctors, hospitals or patient) computers.
- Ubiquity Access. Flowing from the wide accessibility of Internet technology, the web browser is seen as the de-facto user interface to access rich information repository within the WWW. Far from just adopting the traditional client-server approach, the web browser supports a rich spectrum of computing paradigm including client side programming using applets, server side programming using servlets, plug-ins, CGI interface and XML. The pocket mobility of smart card, coupled with the ubiquitous access of software configurable web browser, are all crucial in promoting a truly mobile and interactive medical information technology.
- Extensible Markup Language (XML) for Medical Record
With the increasing difficulty in managing and cataloging documents on the web, the World Wide Web consortium (W3) has recently defined and specified a new language standard in document publication, known as the Extended Markup Language (XML) . The XML specification is based on a largely simplified version of SGML , which is designed to promote ease of integration to existing web technology. Unlike HTML, which is designed specifically for display markup, XML supports customized specification of application-specific tags. It promotes development of highly structured document, with well-defined meta-data specifications. Moving along the same spirit, the project has right from the start realized the significant benefits of employing XML as an open markup language for creating portable electronic medical records. Specifically, we have chosen XML as the formatting language to structure patient's medical record to be stored within the smart card. The approach of using XML for medical record structuring is in line with the recent announcement of a group within the Health Level 7 (HL7) standard body to derive a standardized medical-specific information structure built on XML . While awaiting for the outcome of the HL7 standardization effort, we have embarked on specifying initial XML meta-tags specific for clinical examination record based on well-formed XML document format . In short, employing XML as a baseline formatting language for medical record storage presents the following benefits:
- Open Standard. XML is defined by the XML Working Group (originally known as the SGML Editorial Review Board) within the World Wide Web consortium (W3). As such, XML represents a completely vendor-neutral structure that is designed to promote wide support of variety of applications. This is in contrast with most medical information systems available today which often use proprietary structure that render message interchange between different systems at best difficult. The lack of an open standard has far major implications, including the difficulty of patient to switch between health-care institutions and the possibility of patient information being mishandled or misused.
- Web Friendly. As with HTML, XML is a subset of SGML that has been designed to support ease of integration to existing web technology. While HTML focuses on display markup for human-readability, XML is designed to embed structure within the document for machine-understandability. This enables XML-based medical record to leverage on existing web technology for use over the Internet, while supporting uniform message interchange format between healthcare applications .
- Simple and Concise. While W3 consortium has the option of using the more established SGML, the sheer complexity inherent in the markup format and variations is deemed unsuitable for web publication. This issue has greatly motivated the design goals of XML to maintain the key benefits of SGML to facilitate document formatting, while being simple and concise enough to create and support fast parsing, and processing of information.
- JCWS Overview
The central objective of JCWS architecture is to form a web service interface between the smart card data objects repository and a standard web browser. The framework is comprised of two sub layers of Java-based components, as depicted in Figure 3.
The Web Servlet Component (WSC) layer is concerned with providing general web services to incoming requests. Specifically, it functions as a lightweight http web server to the smart cards web repository. For example, to gain initial access to users personal and medical information on smart card (if security permits), a doctor can issue a http request on the loopback URL address of 127.0.0.1 (assuming that the smart card reader is connected on the same host computer). This will invoke the request for the index file, which can be comprised of a static web page directory of the medical information. Alternatively, the index file can act as a container for an applet downloaded directly from the smart card to assist in active browsing and updating of medical records, as shown in Figure 4. The attractive benefit of such an approach is in the ability of the framework to operate in an autonomous mode without the need to engage in online operation. Additionally, the benefit of smart card being able to carry its own record management tool translates to the avoidance in managing potentially large set of software drivers for different patient record standards and across different operating systems. Such an approach truly supports the concept of "write once, manage everywhere".
Figure 3: JCWS Architecture
The Service Component (SC) sub-layer is comprised of a collection of common medical specific services. The central objective of SC is to augment and complement the functionality of the WSC sub layer. In addition to providing direct services to WSC, each service specific component is encapsulated with open programming interfaces to enable remote method invocation (RMI) from other components to leverage on the services provided. In particular, we have employed similar approach to enable the downloaded record management applet to invoke service interfaces from the web browser. Shown in Figure 4 is the record management applet for browsing and inputting doctors assess of patients medical history. Each tab in the user interface represents an area of clinical examination.
Upon downloading the applet to the host web browser, the applet is responsible for making a http request to JCWS to download the XML-based medical record file, record.xml, as shown in Figure 5. This is followed by having the applet perform a complete parse of the record.xml file to create a data object model of the medical record. The SUN XML parser Java library is used here to perform checks on the validity of the well-form record.xml document, in which, if successful, produces an exposed tree-based data object model which supports reading/writing of XML structures. Based on the security level of the user (through password entry), the extracted patient's record is displayed accordingly on the appropriate fields.
Each of the service components is implemented on a two level service-proxy entities approach. The service entity of the component is executed on the host, while the proxy counterpart is executed on the smart card platform. The main rational for such an approach is to enable offloading of large part of the service component to be executed on the host due to memory constrain of the smart card device. The proxy entity on the smart card is responsible for low level execution of commands mediated by the on-host service entity. Importantly, the proxy entity is designed to facilitate open interfaces to resources available on the smart card, while implementing comprehensive control and policy within the service entity residing in the host. For example, in the security service component, the proxy entity is responsible to provide open access to the cryptography services supported by the Java Card framework, such as privacy and authentication. Given the open interfaces supported by the proxy counterpart, the service entity is required to implement comprehensive high-level access control and policy to enforce security requirements specific for medical record management. The two-level service-proxy entities approach provides a consistent way to separate the low-level mechanisms from the central control policy. Such layering approach promotes rapid development and deployment of improved services, without the risk of incurring large maintenance overheads.
The component services implemented here represent the core service facilities directly usable by WSC and application objects. The architecture of JCWS encourages the extension of service facilities by providing ease of adding service components when the need arises. The core service components that are being implemented include medical file system, security service, and event notification service:
- Medical File System: The component provides high level file management services to WCS and object applications to efficiently implement hierarchical based medical record storage. The service defines several well-known object interfaces to enable ease of applications to create, retrieve and manage medical record access, while facilitating direct mapping of these requests to low-level Java Card API.
- Security Service: The component provides complete framework for medical record access security. It supports authentication and access control to sensitive information such as patients psychiatric history, sensitive social history and etc. It supports a hierarchical approach to managing patients medical records. For example, a registration nurse may only be allowed access to key patients information (perhaps without security password), a pharmacist is authorized to gain access to patients drug allergy and related information, while physicians may be allowed full access and updating of patients detail medical history.
- Event Notification Service: The component provides interfaces for medical application objects to register or de-register specific events of interests. For example, applets or objects can be designed to closely monitor the risk of drugs interaction or prescription of allergic drugs by registering the event(s) with the event notification service objects. Whenever a smart card is inserted into the reader, a structured list of registered events is loaded into the repository of the event notification service component. The detection of a registered event will result in triggering a procedural call to among objects interested in the event.
Figure 4: Medical Record Viewer Applet
Figure 5: Sample of record.xml
- Concluding Remarks
Our implementation currently focuses on the interface between the smart card and web browser. Communication between the two entities is achieved using standard http request-reply via the JCWS service. At the moment, the JCWS supports file access open programming interface call using Java RMI, while further functionality such as security and alert interfaces can be added at a later stage.
To truly exercise the potential of JCWS framework, it is crucial to develop a domain-specific clinical application that directly leverage on services provided by the underlying technology. This will provide an ideal platform to integrate and test all the elements contained within the JCWS framework. The effort will require setting up a fully functional test-bed to enable standalone browser to input or access patients medical record from the smart card. The structuring of the cards content is crucial to facilitate multi-levels security access to sensitive medical records. The records can take the form of multimedia, such as sound, low-resolution images and text-based data. For memory intensive media such as high-resolution radiography scan, CT scan video and images, appropriate URL links to the WWW can be created to enable integrated network access. The application shall leverage on the benefits of WWW to locate and share resources distributed across the Internet environment. Such network environment may span across hospitals, clinics and country boundaries. The test-bed will comprise of several web and database servers distributed across the network, with seamless resource links between medical records located within the smart card and the web.
The culmination of a successful implementation of the test-bed will offer the opportunity to transfer the technology to a practical environment, where true implementation using real patient data will be considered.
Thanks to Jiannong Cao, Henry Chan and Gilbert Young for their enthusiasm in this project. Thanks also to Anna Lam and Thomas Chan for their dedicated effort in implementing the prototype.
 Institute of Medicine, "The Computer-Based Patient Record", National Academy Press, 1991.
 Peter Szolovits, "A Revolution in Electronic Medical Record Systems via the World Wide Web," International Conference on the Use of Internet and WWW for Telematics in Healthcare, Geneva, Switzerland, Sep 6-8, 1995.
 Kohane IS, Greenspun P, Fackler J, Cimino C, Szolovits P. Building National Electronic Medical Record Systems via the World Wide Web. Journal of the American Medical Informatics Association. 1996;3:191-207.
 Fabian Ng and Chen Jen Tock "A Smart Card Medical System For The People With Disabilities," California State University Northbridge's 11th Annual International Conference, "Technology and Persons with Disabilities", Los Angeles 19-23 March 96
 Schumberger Limited (1996). Advantages, Smart Cards: Inherent advantages, Internet WWW page at URL: http://www.slb.com/et/inherent_advantage.html
 Seidman, S., 1996, Emerging markets, persistent problems: Smart cards have come a long way, but still have a long way to go, Report on Smart Cards, Dec. 1996, pp 3-5.
 Sun Microsystems, "Java Card 2.0 User Guide Developers Release 2.0", Sun Microsystems, Feb 1998.
 Sun Microsystems, "Java Card API 2.0 Reference Implmentation", Sun Microsystems, Feb 1998.
 Cimino J.J., Socratous, S.A. Clayton, "Internet as clinical information system: Application development using the World Wide Web," Journal of America Medical Information Association, 2(5), 1995, 273-84
 William M. Detmet, Edward H. Shortliffe, "Using the Internet to Improve Knowledge Diffusion in Medicine," Communications of the ACM, 40(8), Aug 97, pp. 101-108
 Extensible Markup Language (XML) 1.0, World Wide Web Consortium Recommendation, http://www.w3.org/TR/REC.xml.
 Lynda Radosevich, "Health Care uses XML for Records", InfoWorld, 25 Aug 1997, http://www.infoworld.com
Alvin Chan received his B.Eng.(Hons) from the University of Leeds in Electronic and Electrical Engineering. After receiving his Ph.D. degree from the University of New South Wales in 1995, he was employed as a Research Scientist at the Commonwealth Scientific and Industrial Research Organization (CSIRO), Division of Telecommunications and Industrial Physics. From 1997, he was employed by the Center for Wireless Communications, National University of Singapore, as a Programme Manager. He was involved in the National Telecommunications and Research Programme (NTRP) instituted by the Singapore Government to focus on the cutting-edge in information technology R&D. He was responsible for leading a research group in designing and developing the radio access infrastructure for wireless ATM. He is currently employed as a Assistance Professor at the Hong Kong Polytechnic University, Department of Computing. His interests include Internet and Intranet Technology, Mobile Computing, Wireless ATM and Dynamic Object Binding Technology.