Web-Enabled Smart Card for Ubiquitous Access of Patient's Medical Record


Alvin T.S. Chan

Internet Computing and Electronic Commerce Laboratory

Department of Computing

The Hong Kong Polytechnic University

Hung Hom, Kowloon, Hong Kong




The combined benefits of smart card to support mobility in a pocket coupled with the ubiquitous access of web technology, presents a new paradigm for medical information access system. The paper describes the framework of Java Card Web Servlet (JCWS) that is being developed to provide seamless access interface between a web browser and a Java enabled smart card. Importantly, the smart card is viewed as a mobile repository of web objects comprising of html pages, medical data objects and, record browsing and updating applet. As the patient moves between hospitals, clinics and countries, the mobility of the smart card database dynamically binds to the JCWS framework to facilitate a truly ubiquitous access and updating of medical information via a standard web browser interface.

Keywords: smart card, web, medical, health

  1. Introduction
  2. In the past decade, we have seen a rapid advancement in application of information technology to almost every sector of industries. The explosion of Internet growth fuelled by the so-called killer application - the World Wide Web, further accelerates this advancement. However, surprisingly, it was noted in [1,2] that most health care institutions, including those in the United States, still maintain most of their patient records in the form of paper charts. This scenario has rendered the almost impossible task of integrating and seamlessly managing patientís record across hospitals, clinics and between countries or states. The emergence of smart card technology is recognized as a potential solution to effectively and accurately manage patientís medical record [3,4]. In particular, smart card based on optical memory offers quantum storage capacity of up to 4-6 Mb. Such storage capacity translates to the ability of the card to store basic patient information such as name, address, photographs, PIN security, to medical information such as blood type, drug allergies and regular prescribed drugs. Moreover, medical records can be augmented to include multimedia-rich information such as scan photography images and voice recording, to facilitate rapid diagnosis of patientís potential symptom and problem. In short, smart card provides the rich benefits of storing comprehensive, accurate, and up-to-date medical history of a patient, while offering the ease of mobility in a pocket [5].

    Although smart card presents an attractive alternative to recording complex medical record, it has failed to gain the critical mass required to spin off a wide market acceptance of such technology. Most usage of smart cards in medical arena is restricted to large organizations such as state hospitals, health insurance groups and government clinics. The lack of a unified data structure and open programming interface have resulted in ad-hoc implementation of medical information systems based on smart card technology [6]. Building on the same spirit as the original Java, Sun has developed the Java Card API specifications [7,8] to facilitate the concept of "write once, run on all cards".

    Our research aims to further develop the standardization effort to support a web-based medical specific smart card application framework. Figure 1 divides the standardization framework to horizontal and vertical standards. While Java Card represent the so-called horizontal standard to facilitate common computing platform for smart card development environment, our project proposes a vertical standard framework that addresses the design requirements specific to the development of medical applications. The concept of Java Card Web Servlet (JCWS) is developed to provide seamless access interface between a web browser and a Java enabled smart card. The framework is designed to support tight coupling of smart card technology to existing web infrastructure. With such a framework, it is possible for medical-related professionals, such as doctors and pharmacists, to seamlessly access medical records directly from the card using a standard web browser interface. An applet contained within the card can be dynamically loaded into the browser to perform active browsing and updating of medical information. The applet can also provide web links to Internet databases to facilitate wide area access of further information such as a video of a recent CT scan, high resolution X-ray image scan, etc. The following section highlights the motivation of this paper and the combined benefits of integrating smart card to web technology. Section 3 describes the use of XML as the formatting language for medical records. An overview description of JCWS is presented in section 4. Finally, section 5 describes our future works and conclusions.

    Figure 1: Horizontal and Vertical Standards

  3. Motivation

Smart card technology presents a new paradigm of computing environment based on embedding processing elements on a credit card sized platform. The technology offers the benefits of easy mobility in a pocket, with the capability of storing large capacity of information as compared to the magnetic-based plastic cards. More importantly, smart card with the local processing capabilities, facilitates the development of active programs that are designed to effectively and accurately manage often complex patientís medical record. Essentially, the patientís information is augmented with active programs residing within the smart card to provide rich services such as record management facilities, security and authentication, and clinical alert system. While smart card technology for medical application has been in existence for some time now, it has been largely restricted to use in large organization such as hospitals, health insurance and large medical groups. The services provided are restricted to simple patientís record management workflow operating within departments of an organization. Extending and integrating such technology and services to a wider community such as across hospitals, medical insurance bodies, polyclinics and dental clinics, present major technical limitation due to the lack of network infrastructure and accessibility. With the continue proliferation of internet technology to home and offices access via dial-up, lease line, ADSL and cable modem, the consideration of integrating smart card and internet technology to facilitate wide area medical information system needs to be re-visited. By closely combining the benefits of Internet web and smart card technologies for medical application, rich services can rapidly be developed and implemented, with the ultimate objective of improving the quality of health care. Figure 2 illustrates the concept of a smart card being viewed as a mobile database containing patientís medical record. As the database "travels" to a new location, the JCWS dynamically binds the database to the framework, to provide web-based browsing and updating services. In this case, the browsing and updating applet can be dynamically downloaded from the smart card itself via the browser interface.

Figure 2: JCWS Concept

In short, the marriage of these two technologies presents the following complementary benefits:

  1. Extensible Markup Language (XML) for Medical Record

With the increasing difficulty in managing and cataloging documents on the web, the World Wide Web consortium (W3) has recently defined and specified a new language standard in document publication, known as the Extended Markup Language (XML) [11]. The XML specification is based on a largely simplified version of SGML [11], which is designed to promote ease of integration to existing web technology. Unlike HTML, which is designed specifically for display markup, XML supports customized specification of application-specific tags. It promotes development of highly structured document, with well-defined meta-data specifications. Moving along the same spirit, the project has right from the start realized the significant benefits of employing XML as an open markup language for creating portable electronic medical records. Specifically, we have chosen XML as the formatting language to structure patient's medical record to be stored within the smart card. The approach of using XML for medical record structuring is in line with the recent announcement of a group within the Health Level 7 (HL7) standard body to derive a standardized medical-specific information structure built on XML [12]. While awaiting for the outcome of the HL7 standardization effort, we have embarked on specifying initial XML meta-tags specific for clinical examination record based on well-formed XML document format [11]. In short, employing XML as a baseline formatting language for medical record storage presents the following benefits:

  1. JCWS Overview

The central objective of JCWS architecture is to form a web service interface between the smart card data objects repository and a standard web browser. The framework is comprised of two sub layers of Java-based components, as depicted in Figure 3.

The Web Servlet Component (WSC) layer is concerned with providing general web services to incoming requests. Specifically, it functions as a lightweight http web server to the smart cardís web repository. For example, to gain initial access to userís personal and medical information on smart card (if security permits), a doctor can issue a http request on the loopback URL address of (assuming that the smart card reader is connected on the same host computer). This will invoke the request for the index file, which can be comprised of a static web page directory of the medical information. Alternatively, the index file can act as a container for an applet downloaded directly from the smart card to assist in active browsing and updating of medical records, as shown in Figure 4. The attractive benefit of such an approach is in the ability of the framework to operate in an autonomous mode without the need to engage in online operation. Additionally, the benefit of smart card being able to carry its own record management tool translates to the avoidance in managing potentially large set of software drivers for different patient record standards and across different operating systems. Such an approach truly supports the concept of "write once, manage everywhere".

Figure 3: JCWS Architecture

The Service Component (SC) sub-layer is comprised of a collection of common medical specific services. The central objective of SC is to augment and complement the functionality of the WSC sub layer. In addition to providing direct services to WSC, each service specific component is encapsulated with open programming interfaces to enable remote method invocation (RMI) from other components to leverage on the services provided. In particular, we have employed similar approach to enable the downloaded record management applet to invoke service interfaces from the web browser. Shown in Figure 4 is the record management applet for browsing and inputting doctorís assess of patientís medical history. Each tab in the user interface represents an area of clinical examination.

Upon downloading the applet to the host web browser, the applet is responsible for making a http request to JCWS to download the XML-based medical record file, record.xml, as shown in Figure 5. This is followed by having the applet perform a complete parse of the record.xml file to create a data object model of the medical record. The SUN XML parser Java library is used here to perform checks on the validity of the well-form record.xml document, in which, if successful, produces an exposed tree-based data object model which supports reading/writing of XML structures. Based on the security level of the user (through password entry), the extracted patient's record is displayed accordingly on the appropriate fields.

Each of the service components is implemented on a two level service-proxy entities approach. The service entity of the component is executed on the host, while the proxy counterpart is executed on the smart card platform. The main rational for such an approach is to enable offloading of large part of the service component to be executed on the host due to memory constrain of the smart card device. The proxy entity on the smart card is responsible for low level execution of commands mediated by the on-host service entity. Importantly, the proxy entity is designed to facilitate open interfaces to resources available on the smart card, while implementing comprehensive control and policy within the service entity residing in the host. For example, in the security service component, the proxy entity is responsible to provide open access to the cryptography services supported by the Java Card framework, such as privacy and authentication. Given the open interfaces supported by the proxy counterpart, the service entity is required to implement comprehensive high-level access control and policy to enforce security requirements specific for medical record management. The two-level service-proxy entities approach provides a consistent way to separate the low-level mechanisms from the central control policy. Such layering approach promotes rapid development and deployment of improved services, without the risk of incurring large maintenance overheads.

The component services implemented here represent the core service facilities directly usable by WSC and application objects. The architecture of JCWS encourages the extension of service facilities by providing ease of adding service components when the need arises. The core service components that are being implemented include medical file system, security service, and event notification service:

Figure 4: Medical Record Viewer Applet

Figure 5: Sample of record.xml

  1. Concluding Remarks

Our implementation currently focuses on the interface between the smart card and web browser. Communication between the two entities is achieved using standard http request-reply via the JCWS service. At the moment, the JCWS supports file access open programming interface call using Java RMI, while further functionality such as security and alert interfaces can be added at a later stage.

To truly exercise the potential of JCWS framework, it is crucial to develop a domain-specific clinical application that directly leverage on services provided by the underlying technology. This will provide an ideal platform to integrate and test all the elements contained within the JCWS framework. The effort will require setting up a fully functional test-bed to enable standalone browser to input or access patientís medical record from the smart card. The structuring of the cardís content is crucial to facilitate multi-levels security access to sensitive medical records. The records can take the form of multimedia, such as sound, low-resolution images and text-based data. For memory intensive media such as high-resolution radiography scan, CT scan video and images, appropriate URL links to the WWW can be created to enable integrated network access. The application shall leverage on the benefits of WWW to locate and share resources distributed across the Internet environment. Such network environment may span across hospitals, clinics and country boundaries. The test-bed will comprise of several web and database servers distributed across the network, with seamless resource links between medical records located within the smart card and the web.

The culmination of a successful implementation of the test-bed will offer the opportunity to transfer the technology to a practical environment, where true implementation using real patient data will be considered.





Thanks to Jiannong Cao, Henry Chan and Gilbert Young for their enthusiasm in this project. Thanks also to Anna Lam and Thomas Chan for their dedicated effort in implementing the prototype.


[1] Institute of Medicine, "The Computer-Based Patient Record", National Academy Press, 1991.

[2] Peter Szolovits, "A Revolution in Electronic Medical Record Systems via the World Wide Web," International Conference on the Use of Internet and WWW for Telematics in Healthcare, Geneva, Switzerland, Sep 6-8, 1995.

[3] Kohane IS, Greenspun P, Fackler J, Cimino C, Szolovits P. Building National Electronic Medical Record Systems via the World Wide Web. Journal of the American Medical Informatics Association. 1996;3:191-207.

[4] Fabian Ng and Chen Jen Tock "A Smart Card Medical System For The People With Disabilities," California State University Northbridge's 11th Annual International Conference, "Technology and Persons with Disabilities", Los Angeles 19-23 March 96

[5] Schumberger Limited (1996). Advantages, Smart Cards: Inherent advantages, Internet WWW page at URL: http://www.slb.com/et/inherent_advantage.html

[6] Seidman, S., 1996, Emerging markets, persistent problems: Smart cards have come a long way, but still have a long way to go, Report on Smart Cards, Dec. 1996, pp 3-5.

[7] Sun Microsystems, "Java Card 2.0 User Guide Developerís Release 2.0", Sun Microsystems, Feb 1998.

[8] Sun Microsystems, "Java Card API 2.0 Reference Implmentation", Sun Microsystems, Feb 1998.

[9] Cimino J.J., Socratous, S.A. Clayton, "Internet as clinical information system: Application development using the World Wide Web," Journal of America Medical Information Association, 2(5), 1995, 273-84

[10] William M. Detmet, Edward H. Shortliffe, "Using the Internet to Improve Knowledge Diffusion in Medicine," Communications of the ACM, 40(8), Aug 97, pp. 101-108

[11] Extensible Markup Language (XML) 1.0, World Wide Web Consortium Recommendation, http://www.w3.org/TR/REC.xml.

[12] Lynda Radosevich, "Health Care uses XML for Records", InfoWorld, 25 Aug 1997, http://www.infoworld.com


Alvin Chan received his B.Eng.(Hons) from the University of Leeds in Electronic and Electrical Engineering. After receiving his Ph.D. degree from the University of New South Wales in 1995, he was employed as a Research Scientist at the Commonwealth Scientific and Industrial Research Organization (CSIRO), Division of Telecommunications and Industrial Physics. From 1997, he was employed by the Center for Wireless Communications, National University of Singapore, as a Programme Manager. He was involved in the National Telecommunications and Research Programme (NTRP) instituted by the Singapore Government to focus on the cutting-edge in information technology R&D. He was responsible for leading a research group in designing and developing the radio access infrastructure for wireless ATM. He is currently employed as a Assistance Professor at the Hong Kong Polytechnic University, Department of Computing. His interests include Internet and Intranet Technology, Mobile Computing, Wireless ATM and Dynamic Object Binding Technology.