Meet the requirement of identification, security and independence linked to the development of information technologies in the social and healthcare domain
Created in 1993, the Groupement d’Intérêt Public “Carte de Professionnel de Santé” – The Public Interest Group “Health professionals Card” – provides an personal smartcard to each healthcare professional who requests one. The card, protected by a confidential PIN code, contains information about their identity, qualifications, field of practise in addition to billing data for the electronic treatment record.
This card contains cryptographic keys and electronic certificates – published online in a public directory – to provide three functions: authentication of healthcare professionals, data signing and message encryption (guaranteeing confidentiality of information exchanged online). This system of strong authentication is used in various national applications such as the DMP (Shared Medical Files) or the CNAM repayments history with the objective of improving healthcare services (better treatment and expense management).
The most visible and well known use of the CPS card is the SESAM-Vitale application which enables healthcare professionals to electronically transmit the patient’s electronic treatment record, in addition to sending the electronic repayment request to the obligatory and complementary healthcare insurance organisations. In 2006, over 1 billion electronic treatment records were transmitted.
A directory with over a million entries and 650,000 user identities
The ASIP Santé directory serves to support the publication of valid certificates and revocation lists. It contains approximately 1.3 million entries corresponding to 650,000 users as each of them has 2 certificates dedicated to authentication and digital signature. The number of entries will double during the course of the next 3 years due to the promulgation of the 15th May 2007 “confidentiality” decree which mandates the use of the CPS card.
The directory, built on X.500 technology, is secured in order to protect its data from any commercial use. Authorisation to put the data online was given by CNIL on condition that an access charter is used.
At the end of 2004, the ASIP Santé programmed an upgrade of their directory access front-end, which at that time relied on turnkey developments of which certain components were no longer maintained.