Rosemary E. Libera

Abstract:  The European Union for years has considered introducing a healthcard that citizens of all Member States could carry to help facilitate the provision of health care throughout the EU. Such a card would ensure that care providers in all Member States could access the medical information of those patients who do not reside in the country where care is being provided. In the wake of the EU’s failure to introduce such a card, many Member States have developed their own incompatible healthcard technologies. The EU must implement a universal healthcard in the near future in order to prevent the further development of technologically advanced but functionally incompatible healthcard systems.


After almost two decades of debate, the European Union (EU) still has not reached an agreement on the implementation of a European healthcard,1 a card containing computer-readable data that Member States would use to facilitate the provision of health care.2 The healthcard would contain administrative and medical data, identify the patient and the entitlement to care, and provide access to vital [*PG178]medical information.3 As recently as mid-1999, the European Commission (Commission) indicated that the long awaited healthcards would not be introduced anytime in the foreseeable future.4 The Commission blamed “major legal, political, and technical obstacles” for the hold-up.5 The EU can and must overcome these obstacles and move forward with implementation of the healthcard.

The EU’s failure to reach consensus on the implementation of this card has two detrimental effects within the European community. First, failure to reach consensus encourages individual Member States to continue forging ahead with their own healthcard technologies.6 The efforts of individual Member States in the development of healthcards are to be commended, but if the EU does not step in with healthcard legislation in the near future, individual Member States may develop technology that is not compatible with that of other Member States.7 The EU is the only body that can prevent the development of technologically advanced but functionally incompatible healthcard systems.8

Second, failure to reach consensus compromises the health and safety of European citizens who are traveling in Member States other than their own, thereby frustrating the Maastricht Treaty’s goals of protecting the health of European citizens and enhancing their freedom of movement.9 In 1993 alone, for example, at least ninety million [*PG179]guests from Member States arrived at hotels, camp sites, and related establishments in other Member States.10 These “[c]itizens will only feel that they have genuine freedom to move from one Member State to another if they have ready access to health care.”11

Currently, European citizens who find themselves in need of emergency medical treatment while traveling in other Member States may discover that treatment is delayed or inadequate because the doctors in the host country have difficulty obtaining information about the medical histories of the patients.12 Without this data, the treating doctor may perform tests that have already been performed, render unnecessary or harmful treatment, or prescribe medication to which the traveler is allergic.13 A European healthcard, one that can be read in all Member States, would improve significantly a European traveler’s prospects for receiving prompt and effective medical treatment.14

Part I of this Note reviews the history of the European healthcard, beginning with a 1981 resolution of the European Parliament (Parliament), examines the current vision and purpose of the healthcard, emphasizing the metamorphosis of the healthcard from a stand-alone element to a component of an information and communication system and, finally, addresses the virtues of “smart card” technology. Part II briefly sets forth the technical, legal, and political difficulties that have slowed the development of EU healthcard legislation and pays particular attention to the concerns about transnational interoperability and the protection of privacy and confidential data. Part II also discusses the various healthcard pilot programs involving the EU and those that are taking place in Europe independent of EU involvement. Part III analyzes the obstacles discussed in Part II and suggests that they have been addressed adequately through a combination of pilot programs, the already implemented data protection directive, and the inherent protections of the healthcard itself. This Note concludes by arguing that now is the time for the EU to legislate in this field.

[*PG180]I.  The Metamorphosis of the European Healthcard

In 1981, after two years of preparatory work, Parliament adopted a resolution on a European healthcard.15 This resolution recognized that a healthcard could facilitate the movement of European citizens among Member States and could improve a European citizen’s chances for receiving prompt and accurate medical treatment upon becoming sick or injured while traveling in another Member State.16 Parliament determined, however, that conditions at the time did not favor the introduction of a healthcard.17 It nonetheless recommended that the EU continue communication regarding the card and suggested that the EU introduce the healthcard, as a first step, for those citizens who were particularly at risk, such as those suffering from serious or chronic diseases.18 In 1984, the EU adopted another, almost identical, resolution on the European healthcard but expanded the introduction of the card to encompass any citizen who wished to carry such a card, regardless of whether that citizen was particularly at risk of needing health care in another Member State.19

Substantial advancement on the implementation of a healthcard came in 1986 with a resolution of the European Council (Council) and an annex of a model card.20 The Council determined that the healthcard should be completed by a doctor, be the size of the European driver’s license, contain a photograph of the holder, and set forth the following information relating to the holder: name, sex, date and place of birth, address and country, the name, address and telephone of the person to inform in an emergency, medical comments on health problems, and any necessary explanations.21 The model card also displayed boxes that a doctor could check if the holder of the card, for example, had allergies, incompatibilities to drugs or anesthetics, chronic organ diseases, heart disease, diabetes, glaucoma, required dialysis treatment, had a missing organ, a transplant, a pacemaker, or a removable prostheses.22 Finally, the Council determined that the card should list any medications that the holder [*PG181]was taking, the holder’s blood type and prior vaccinations, and the name and address of the doctor who completed the card.23 A 1996 resolution again addressed the implementation of the healthcard with few changes.24 This resolution called for the EU to establish a European healthcard system by January 1, 1999, a deadline that went unmet.25

The vision of the healthcard promulgated by the 1986 resolution has changed dramatically during the past few years with the emergence of new technologies.26 Most notably, the healthcard no longer is viewed as a stand-alone element but is seen instead as part of a healthcard information and communication system.27 This information and communication system would have at least three components: (1) an international emergency healthcard that would provide the essential medical information that is vital in an emergency situation; (2) an international harmonized administrative data set; and (3) an international professional card that would allow the secure identification of health care professionals when accessing medical data and network services.28 A remote database, or telematic infrastructure, containing extensive electronic patient records is being contemplated as well.29 Authorized medical personnel could access this remote database in order to obtain more thorough medical information than that contained on the card itself.30

Within this system, the healthcard has four primary purposes: (1) to identify the patient and the entitlement to care; (2) to identify the medical professional and the right to access the patient’s data; (3) to make an electronic patient record available as a portable medical file carried by the patient; and (4) to allow medical professionals to access detailed information in a remote database.31 Within this system, a healthcard would serve as a means and an end32—a means because the card would provide health professionals with a way to access a re[*PG182]mote database containing extensive electronic patient records,33 and an end because, where access to the database is unavailable, the information contained in the card itself would assist medical professionals in emergency situations.34

Another difference between the earlier vision and the current vision of the healthcard is that the card now contemplated is a “smart card.”35 Although many different technologies could be used in the development of a healthcard, such as bar codes, magnetic stripes, or integrated circuit memory cards,36 “smart card” technology is viewed as the best technology for the healthcard.37 A “smart card” is a microchip card that has a microprocessor, enabling it to store, manage, process, and exchange data with readers.38 “Smart cards” are an attractive technology because they are superior to other types of technologies in reliability, security, memory size, and versatility of application.39

Additional benefits of using a “smart card” health system include decreased paper work and administrative costs, decreased data entry errors, easier and faster retrieval of information, increased patient convenience, and a reduction in health care fraud.40

II.  The Problems and the Pilots

A.  Legal, Technical, and Political Obstacles to Implementation

In November 1996 and in June 1999, the Commission indicated that legal, technical, and political obstacles prevented the EU from introducing healthcard-related legislation.41 The primary technical obstacle is ensuring transnational interoperability.42 Transnational interoperability between healthcard systems is the ability of one system to read, use, and update the data on the healthcards issued by [*PG183]another system.43 A healthcard system is “the sum of the [h]ealthcards issued and all [of] the hardware and software used in a particular implementation.”44 Without transnational interoperability, the purpose of a healthcard system is defeated.45 The primary legal concerns are protecting the privacy of the European citizens who carry healthcards and protecting the data those cards contain and are able to access.46 Finally, although the Commission has said that political obstacles to the implementation of healthcard legislation exist, no independent evidence that political concerns are holding up legislation is available.47

B.  The Pilots

The EU has been involved with a number of pilot programs that are considering or have considered the development and implementation of healthcards and that attempt to address the obstacles to healthcard legislation.48 These pilots include Eurocards, CardLink, DiabCard, NetLink, and TrustHealth.49

The most significant of these projects, Eurocards, was a framework project completed in 1995.50 A framework project does not result in a card system but instead results in a set of guidelines for card implementation.51 Eurocards was organized by the EU and was a concerted action among its Member States.52 The program produced three reports: Technology Assessment and Health Professional Cards, Administrative Uses of Patient Data Cards, and Emergency Healthcards.53 Together, these reports presented a comprehensive approach to the use of healthcards for administrative, emergency, and clinical purposes.54 The Emergency Healthcards report paid particular attention to the ethical and legal aspects of healthcard implementation [*PG184]and to security requirements.55 The Eurocards project suggested that a European wide healthcard was feasible56 and served as a catalyst for many of the functional pilot programs.57

One such pilot is CardLink, a three-year project that began in March 1996 and that endeavors to implement a patient-held emergency medical “smart card.”58 Approximately 200,000 cards have been issued59 to citizens of nine countries: France, Ireland, Germany, Italy, Spain, the Netherlands, Greece, Portugal, and Finland.60 Each card functions as an identifier and as a data carrier, containing not only emergency data and information about medications but also pointers to locations where additional patient medical data can be obtained.61 The cards use an interoperable emergency data set that is translated into the language of the country where the card is being read.62 This project, for which the Commission provided approximately one-third of the funds, is scheduled to demonstrate user and service provider acceptability of “smart cards.”63 Evaluations began in mid-1999.64

The goal of DiabCard, another pilot, was to test and implement a “smart card”-based medical information system for chronic diseases, such as diabetes, in ambulatory and hospital care.65 The “smart cards” served as portable computer-based medical records66 and were expected to improve the quality and effectiveness of diabetes care and control the costs of that care.67 The Commission provided approximately fifty percent of the funds for this pilot,68 which began in July [*PG185]1996 and which included six countries: Germany, France, Spain, Austria, Greece, and Italy.69 Although this pilot was scheduled to be completed within two years, the results are not yet available.70 CardLink and DiabCard, as a condition of their funding, agreed to demonstrate interoperability between their systems.71 This demonstration, however, will be limited to the reading of administrative and emergency data.72

NetLink, which began in June 1998, is a two-year project funded in part by the Commission involving France, Germany, Italy, and Canada.73 Its goal is to make information systems in the health care sector interoperable,74 and one of its primary concerns is ensuring secure system access by health care professionals.75 TrustHealth, a framework project similar to Eurocards, began in 1998 and is devoted to security issues such as encryption, user authentication, and digital signatures.76 It is expected to result in a set of guidelines for card implementation that will lead to interoperability.77 The EU is also involved with a G-878 project, the International Harmonization of the Use of Data Cards in Healthcare.79 The goal of this project is to develop an international emergency card and professional card.80

In addition to projects involving the EU, Members States, most notably France and Germany, are testing internal healthcard programs.81 France has a number of card projects underway.82 Carte Vi[*PG186]tale, for example, is a project that provides for the distribution of “smart cards” to all insurance policy holders and health care providers.83 As of May 1999, approximately forty-two million of these insurance cards had been issued.84 The cards work in coordination with the French Healthcare Network, activated in November 1998.85 The French government also has implemented a Health Professional Card that is used to securely access the Healthcare Network.86 Carte Vitale 2 will provide for the distribution of cards containing not only insurance information but also medical data.87 Distribution was expected to begin in 2000.88

Like France, Germany has experimented with internal healthcard programs.89 For example, it has distributed eighty million insurance cards to all of its citizens.90 These cards, however, are strictly administrative.91 Germany is also the home of QuasiNiere, a card program focusing on quality management in kidney replacement therapy.92 The project is expected to involve at least 50,000 patients and 3,000 doctors.93 As of March 1997, 35,000 cards had been issued.94 Other German pilots include a card for patients with implanted defibrillators, a card for dental treatment, a patient history and electronic drug prescription card, and a card for patients with cancer.95 Finland is piloting a healthcard as well.96

Austria and Belgium currently have cards for social security and for some access to care; Austria had issued eight million cards by 1997 and Belgium had issued ten million cards by 1996.97 As of 1997, Belgium also had issued 500,000 health care Professional Cards.98 Italy, too, is experimenting with many projects, such as cards for primary [*PG187]care, chronic diseases, and prescriptions, and the Netherlands, as of 1997, had issued one million insurance cards for private insurance.99 Spain also has distributed health care and emergency cards, as well as a social security card.100

Finally, many Eastern European countries have implemented or are considering implementing healthcard systems.101 These countries include Bulgaria, Slovakia, and Slovenia (health insurance cards), the Czech Republic (health care and insurance cards), Estonia and Poland (health care cards), Hungary (cards for selected diagnoses), and Lithunia (social security cards).102 Although these countries are not EU members, the EU should stay abreast of their technologies because of the potential development of incompatible healthcard systems between Western and Eastern Europe.

III.  Analysis

The EU should be lauded for its work to date on the development of an EU healthcard. The time has come, however, to leave the pilot phase and to implement a directive creating and funding an EU-wide, standardized healthcard.

A.  Interoperability

The difficulty in achieving transnational interoperability of healthcard systems in the EU no longer is a technical problem.103 The existing healthcard programs and the pilots have shown that technical interoperability is possible.104 In 1995, Eurocards presented its final report on interoperability and outlined how to achieve it.105 In 1996, the Core Technical Group of the EU Healthcards Interoperability Feasibility Study presented findings on achieving interoperability,106 and France and Germany already have fully functional card systems.107 Instead, the problem now is the EU’s failure to move ahead with standardization. Before all individual Member States develop their own [*PG188]healthcard systems and technologies,108 the EU needs to choose a systems provider that will serve as a common medium.109 Then, a Member State that wishes to provide the EU healthcard to its citizens could contract with the provider to connect that Member State to the healthcard system.

If the EU does not ensure interoperability by choosing a systems provider, or two or three compatible providers, interoperability will become more difficult with every passing day.110 Without a common system and a common provider, individual Member States will continue developing healthcard programs independently.111 It will be difficult and costly to alter these already operable systems so that they may become compatible with one another.

B.  Privacy, Confidentiality, and Data Protection

There are a number of features, both internal and external to a healthcard, that will ensure that patient records contained in and available to be accessed by the cards remain confidential and secure.112 Thus, the issues of privacy, confidentiality, and data protection need not delay EU healthcard legislation any longer.

First, there are protections inherent in the card programs.113 For instance, use of healthcards will be voluntary: Member States that offer healthcards will be unable to mandate that their citizens carry those cards.114 Citizens who do carry healthcards will be able to review the data stored in their cards,115 will be able to prevent certain data from being stored in their cards, and may be able to omit data from the cards.116

[*PG189] “Smart card” technology itself also provides many protections.117 The French cards, for instance, have built-in encryption and electronic signature abilities.118 Proponents of “smart cards” note that the technology has been used in banking for many years without security breaches of electronic records.119 In addition, “smart cards” use a layered data structure.120 This structure arranges the information contained in the card and accessible by the card in classes of sensitivity.121 The first layer, for instance, would be administrative and would have the lowest level of protection.122 The next level would contain a basic medical data set.123 It would be accessible by all health care professionals in case of an emergency.124 Additional layers would be available to hold information that only physicians could access, information necessary to access data in remote databases, and other extended medical information.125 “Smart card” technology provides for this layered structure by “identifying different memory segment[s] that can be accessed independently within the card, and—where necessary—protected by different access rules and protection schemes.”126

In addition to the protections inherent in the card or its technology, there are external protections such as Directive 95/46/EC of the European Parliament and of the Council On the Protection of Individuals With Regard to the Processing of Personal Data and On the Free Movement of Such Data.127 This extensive directive provides guidance for Member States in a number of areas including data quality and processing, the data subject’s right to access the data, and the confidentiality and security of data processing.128 Directive 95/46/EC also provides for judicial remedies, liabilities, and sanctions for breaches of the directive.129 Finally, Member States will have the ability to prosecute those who abuse healthcard technology in the same way [*PG190]that they are able to prosecute those who commit credit card fraud or medical malpractice.


The EU has contemplated healthcard legislation for two decades.130 Meanwhile, individual Member States like France and Germany have developed their own advanced healthcard systems and health networks.131 Other Member States are following suit.132 If the EU postpones legislation in this field any longer, it will face the nearly impossible task of reconciling many technologically advanced but functionally incompatible systems. The existence of numerous incompatible systems within the Member States frustrates the Maastricht Treaty’s goals of protecting the health of European citizens and enhancing their freedom of movement just as much as having no healthcard system at all frustrates those goals.

?? ??