Overview

Date: 29.07.2021

Objective: Weekly space for deep dive topics

Participants: (kindly only add your own names, not those of other participants)

• @Uwe Wahser

•  

Topic Proposals:

• QR code / smart health cards (SHC)

•  

Presentations / Attachments

Minutes

possible offline auth payload

• CHFID

• SHC : https://smarthealth.cards/

• https://wiki.ohie.org/display/SUB/Patient+Identity+Management+Community

Offline authentication

• CHIFID (=Insuree Number/Code) in barcode - QRcode : just avoid type CHFID

  • reduce typing errors

  • Advantages:

    • can be provided during enrolment before synchronization

    • can be preprinted to assure the uniqueness

  • Drawback:

    • no validation

      • can record manually a hash on the card that can be manually entered in system to validate the Policy Activation

      • text must be protected again scratches/water …

    • no coverage information

• CHFID + coverage

  • need validation : Sign message with RSA

  •  

  • Advantages:

    • has to be provided after the enrolment synchronization

    • can validate Policy is activated

  • Drawback:

    • cannot be preprinted

    • need patient data

    • need coverage data

    • need policy to be activated

    • no information about the limits and remaining “budget“ on the policy

    • quite detailed QRCODE can be challenge to print.

  • fraud detection

    • signature RSA ?

• NFC/Smartcard card

  • Drawback

    • limitation on memory space => limit information you store there

    • need reader but lots of phone have

    • cost card

  • Advantages

    • number preprinted

    • data can be updated (coverage)

    • photo in memory???

    • biometrics

  • technical hardware standards? do we need to develop a driver for X potential systems?

    • phones and apps on phones should be relatively easy (though lots of systems)

    • printing to different NFC cards is standard (link to definitions?)

    • lots of differences in features / security features

  • fraud detection

    • signature RSA ?

    • locked card ?

• USSD

  • Advantages:

    • easy to access with any type of phone

    • doesn’t need data communication => work offline

    • can validate Policy and Coverage

  • Disadvantages:

    • requires GSM coverage

    • SMS cost

  • fraud detection

    • controlled by the system

• Calls (call center)

  • advantage

    • simple

  • drawback

    • cannot take load

  • fraud detection

    • need a proof that the call was done (confirmation number)

• insuree mobile app

  • Advantage:

    • no support

    • more data / picture / several qrcode / version

    • data transfert paid by insuree

  • Fraud detection

    • signature RSA

  • Drawback

    • Insuree needs smartphone

    • needs to be for Android and IPhone (hybrid app?)

Questions - Challenges - Issues

• next steps:

  • contact OpenHIE identity group

  • schedule follow up calls

Next meeting (05.08.2021):

• Testing scenarios

• offline / distributed scenarios (metadata, policy and claims)

• Beyond Health

• Accounting / Payment layer

Additional Resources

• OpenHIE: https://wiki.ohie.org/display/SUB/Health+Financing+Workflows

• GovStack: Elevator pitches and visual aids