Security mechanisms of the NHI card
I. Overall security mechanisms
1. Contract specifications
Article 1 of the contract signed by the NHIA and the contractor stipulates that the confidential information of the NHIA that the contractor learns of or possesses during the performance of the contract must be kept confidential and may not be disclosed. It is also required that the contractor sign a confidentiality contract with its employees and third-party suppliers that has the same obligation to confidentiality as this contract with respect to the NHIA content. Furthermore, Article 11 of the contract stipulates that if the contractor leaks basic information of the card or the insured during the valid term of the contract, the NHIA may confiscate the security deposit and terminate or cancel all or part of the contract, and request compensation from the contractor. In addition, Article 4 of the bidding instructions stipulates that if NHI cards, security modules, card reading equipment, application systems, software and hardware equipment are foreign products, the authorized distribution agency certificate issued by the foreign manufacturer and the joint warranty certificate must be submitted.
2. Overall security plan
The NHIA requires the contractor to provide an overall system security policy for this project so as to establish a sound management mechanism. According to this regulation, the contractor provides documents, including its overall security plan, overall security mechanism design document and overall security policy management user manual, and invites scholars and experts to review them and implements them accordingly.
3. Establish an NHI card data security protection team
The NHIA has established an NHI card data security protection team that supervises all security-related matters to prevent data leakage and improper use of the NHI card.
II. Personal data and privacy protection mechanism
Policy
1. Not for use outside of NHI and medical care purposes
The main function of the NHI card is to identify the insured when seeking medical treatment, and to facilitate correct diagnosis. Not to be used for outside of health administration or health care services.
2.Does not store complete medical records
The contents available for use in the NHI card are limited to replacing the original functionality of the paper card. The NHIA has continued to communicate with relevant human rights and patient groups to facilitate the storage of medications, tests and examinations information, while also protecting the public's rights to access their medical information and to self-management. The personal health information concerned is recorded and stored in the medical records which are created by the medical institutions. Storage capacity of the NHI card provides only 36K, which is unable to store all the medical records and examination images of patients. These contents are limited to NHI operations, which improve the quality of medical care and saving costs.
Card operation security mechanisms
1.Detailed anti-counterfeiting measures on the card
The NHI card uses multiple anti-counterfeiting measures such as guilloche design, rainbow patterning, extra small print, UV hidden print, fluorescent ink, optically variable ink (OVI). In addition, the photo background also uses anti-counterfeiting measures to prevent unauthorized use.
2.Multiple confidentiality security measures to protect personal privacy
- Data stored in the chip is processed by a special protection mechanism.
- Card reader with secure access module (SAM) card: Only a card reader security module card (SAM) produced and issued by the NHIA can read the data stored on the chip, and it adopts a rigorous authorization and mutual authentication mechanism.
- Physician cards: Medical information can only be read with a physician's card
- Personal password: The NHI card has a password function (Pin code). The personal password takes priority over the read and write authorization of the physician's card. The cardholder can choose whether to enter the password for decryption. Once the password is set, both ordinary people and registered personnel cannot read the data in fields other than basic data, even if they have a card reader and SAM. The cardholder must agree to enter the password before staff can access the data.
3.Information security mechanisms
- The operating framework adopts a multi-channel firewall and continuously monitors network operations to detect security faults as soon as possible.
- Using a VPN exclusive network, users cannot enter the VPN through Internet connection, so hackers cannot infiltrate from outside. In addition, network bandwidth at the NHIA is automatically adjusted according to usage to ensure quality of network transmissions and effectively reduce the probability of stoppages in network traffic.
- The NHI card only stores codes of medications for certain chronic diseases, some specific disease names, and expensive test and examination orders. Each item is expressed as a digital code and is transmitted in garbled characters rather than being recorded in Chinese.
4.Computer virus prevention
- The NHIA uses comprehensive antivirus mechanisms.
- Users are advised to use antivirus software.
5.Crisis handling and response plans
The NHIA has formulated a crisis response plan, specifying the type, level, identification, and activation procedures for crises, and has organized a crisis response team which acts as a preemptive measure for emergency response and crisis response. After crises (such as natural disasters, power outages) occur, post-crisis response mechanisms are also established, such as:
- When a card is lost or stolen, the card must be cancelled immediately.
- In the event of a large-scale power outage across Taiwan, a UPS system will start to allow the system to keep running for a short time in order to ensure that the system can be completely shut down while avoiding loss or damage of software, hardware, or data.
- The operating framework adopts a multi-channel firewall and continuously monitors network operations to detect security faults as soon as possible.
- The rights of access to data are differentiated by their authorization. Whenever anyone accesses and uses the NHI card information, it will keep an electronic record to facilitate tracking and prevent leakage of data by personnel.