Jump to main content
:::

logo5

Hot:
:::

Protecting Personal Information on NHI Card

Security mechanisms of the NHI card

I. Overall security mechanisms

1. Contract specifications

   Article 1 of the contract signed by the NHIA and the contractor stipulates that the confidential information of the NHIA that the contractor learns of or possesses during the performance of the contract must be kept confidential and may not be disclosed. It is also required that the contractor sign a confidentiality contract with its employees and third-party suppliers that has the same obligation to confidentiality as this contract with respect to the NHIA content. Furthermore, Article 11 of the contract stipulates that if the contractor leaks basic information of the card or the insured during the valid term of the contract, the NHIA may confiscate the security deposit and terminate or cancel all or part of the contract, and request compensation from the contractor. In addition, Article 4 of the bidding instructions stipulates that if NHI cards, security modules, card reading equipment, application systems, software and hardware equipment are foreign products, the authorized distribution agency certificate issued by the foreign manufacturer and the joint warranty certificate must be submitted.

2. Overall security plan

   The NHIA requires the contractor to provide an overall system security policy for this project so as to establish a sound management mechanism. According to this regulation, the contractor provides documents, including its overall security plan, overall security mechanism design document and overall security policy management user manual, and invites scholars and experts to review them and implements them accordingly.

3. Establish an NHI card data security protection team

   The NHIA has established an NHI card data security protection team that supervises all security-related matters to prevent data leakage and improper use of the NHI card.

II. Personal data and privacy protection mechanism

Policy

1. Not for use outside of NHI and medical care purposes
   The main function of the NHI card is to identify the insured when seeking medical treatment, and to facilitate correct diagnosis. Not to be used for outside of health administration or health care services.

2.Does not store complete medical records
   The contents available for use in the NHI card are limited to replacing the original functionality of the paper card. The NHIA has continued to communicate with relevant human rights and patient groups to facilitate the storage of medications, tests and examinations information, while also protecting the public's rights to access their medical information and to self-management. The personal health information concerned is recorded and stored in the medical records which are created by the medical institutions. Storage capacity of the NHI card provides only 36K, which is unable to store all the medical records and examination images of patients. These contents are limited to NHI operations, which improve the quality of medical care and saving costs.

Card operation security mechanisms

1.Detailed anti-counterfeiting measures on the card
   The NHI card uses multiple anti-counterfeiting measures such as guilloche design, rainbow patterning, extra small print, UV hidden print, fluorescent ink, optically variable ink (OVI). In addition, the photo background also uses anti-counterfeiting measures to prevent unauthorized use.

2.Multiple confidentiality security measures to protect personal privacy

3.Information security mechanisms

4.Computer virus prevention

5.Crisis handling and response plans
   The NHIA has formulated a crisis response plan, specifying the type, level, identification, and activation procedures for crises, and has organized a crisis response team which acts as a preemptive measure for emergency response and crisis response. After crises (such as natural disasters, power outages) occur, post-crisis response mechanisms are also established, such as:

447