The Italian region of Lombardy is Italy's largest and economically most important region. It is considered by many to have the most advanced regional identification program. 95% of its population uses the card mainly for
eHealthcare applications. Complementary government and private services and functions such as
transportation, loyalty programs, fuel purchases, electronic payments, and digital television services are also available but less popular or still in pilot phase.
Partnering with Actalis, an IT company based in Milan, Gemalto has been delivering the new generation dual interface smart regional service cards (CRS : Carta Regionale dei Servizi ) since 2009.
Lombardia Informatica, the final customer, is the regional public IT company whose missions are to innovate, increase the regional system’s productivity through Information technology and improve the citizen’s quality of life and Lombard companies’ competitiveness.
From card manufacturing, embedding and personalization including a certificate to postal delivery, Gemalto delivered over 6 million cards in less than 6 months (September 2010 – February 2011) and over 9 million up to now.
Most advanced eHealth system in Europe
Lombardy’s eHealth system (SISS) is one of the best practice case in Europe for the implementation of secure eHealth services including EHRs ( Electronic Health Records) and ePrescriptions. It clearly illustrates the effective use of a secure eHealth card.
Privacy and data security are derived from the use of a virtual private network. The implementation of application layers allows for the encryption of the information exchanged, the identification, authentication and authorization of the users, electronic signature all in compliance with the Italian data protection policy.
The adoption of smart cards has a vital role in the system security mechanisms such as citizen’s consent to processing their health data in accordance to the law (Art. 29) , identification and authorization of users, data security, limited access.
Access rights are defined according to the healthcare professional’s role. General practitioners can see all patient’s data. Specialists only see data with the patient’s card (consent). Nurses can see part of the data. Pharmacists can only see drug prescriptions and appointment booking information. Automatic log-outs are also implemented to avoid any unauthorized access. Patients have the choice to hide either all or part of their data.