Infrastructure of the Medical Information System

Abstract

This chapter explains how Taiwan has utilized its strong ICT industry to construct the National Health Insurance (NHI) medical information system, as well as the solid information security management and data protection mechanism behind it. The NHI medical information system was constructed to enable providers to make claims through a digital platform and ensure automated claim review. Then, it introduced the revolutionary centralization of medical records to the “National Health Insurance MediCloud System (NHI MediCloud System)”, which collects 12 categories of medical information. It allows medical providers to query patients’ medical records and share medical images in real time, which significantly improves efficiency and prevents unnecessary examinations or tests. Moreover, an application programming interface connection has also been launched so that medical institutions can use the in-house information system for data innovation and value-added applications. It could be used to remind physicians of drug duplication or interaction activity to protect patients’ safety.

The last part of the chapter is about how Taiwan has integrated data across different government agencies to notify the providers when patients are at a high risk of COVID-19 infection, prevent the spread of COVID-19, and safeguard the health of all citizens.

Introduction

Since the launch of the National Health Insurance (NHI) in 1995, people in Taiwan can receive healthcare properly and conveniently without barriers, and their medical rights are also protected. People only need to afford the registration fee and a small amount of co-payment to seek medical care. In 2019, the total number of outpatient visits was 367.61 million, which was equivalent to 1 million visits per day, and the average number of outpatient visits per person per year is much higher than that of Organization for Economic Cooperation and Development member countries.

To process medical claims submitted by NHI-contracted medical institutions, the NHIA established medical information systems. Coupled with the NHI IC card launched in 2004, the National Health Insurance entered a new era of comprehensive informatization. The application of the NHI virtual private network (VPN) and centralized information system enables contracted medical institutions to fully digitalize claims. Platforms such as the National Health Insurance MediCloud System (NHI MediCloud System) were constructed to encourage medical providers to share medical examination reports, test reports, and images promptly.

Cornerstone of the National Health Insurance Database—Introduction to the NHI Medical Information System

The NHIA medical information system is constructed mainly for internal and external medical business services. The NHI Intranet, which enables officers of the NHIA to execute various healthcare affairs of the NHI, applies a multi-tier architecture and the actual information data center are located in Taipei and Taichung to back each other up. Externally, the medical information system provides the NHI applications system (including VPN and Internet) for medical institutions, pharmaceutical companies, special medical device suppliers, and the general public to carry out relevant healthcare services. The overall operating environment runs on a well-protected network of the NHI and the relevant system architecture diagram is shown Fig. 6.1.

Fig. 6.1

Medical information system architecture diagram

Highly Automated Process of Medical Claims

The medical information system mainly processes the claim submission, acceptance, and data verification of the medical claims. Administrative review is a series of automated reviews conducted by computers, followed by sampling and professional peer review, and then an accounting and approval procedure. Except for professional peer review, the main medical claim process has been highly automated to improve the efficiency of the operation and the consistency of claim data verification, so that the medical reimbursement can be finalized within 60 days after acceptance.

In addition to the basic medical claim data, the system also collects relevant data that formulate through medical pilot projects by the NHIA and daily uploading NHI IC card medical information from contracted medical institutions to conduct various service-related inspections. The NHIA also undertakes commissioned business from other government agencies. For example, the Health Promotion Administration (HPA) entrusts the NHIA with paying medical expenses for various preventive health care, and the Bureau of Labor Insurance entrusts the payment of medical expenses for occupational injuries. Owing to the condition of the entrusted businesses, the system, structures, and requirements of information for data editing, accounting, and payment approval procedures are different.

The medical information system mainly functions as an operational environment for internal medical claims and reviews and it also provides an external web service platform for contracted medical institutions, pharmaceutical companies, and special medical device suppliers to submit and obtain the results of claims data. The medically related data are uploaded into the NHI Data Warehouse information system regularly for subsequent statistical analysis and decision-making assistance applications. The main process of the medical system is shown in Fig. 6.2.

Fig. 6.2

The main process of the medical information system

In response to the increasing number of claims that required professional peer review, and to provide a timely and remote cross-regional review function, the NHIA has constructed and upgraded related equipment to establish a centralized medical images system, the Picture Archiving and Communication System, hoping to lay a solid foundation for precise reviews.

Establishing National Health Insurance MediCloud System to Implement a Tiered Medical Care System

In recent years, the NHIA has been actively constructing the NHI MediCloud System to encourage medical institutions to upload medical examination reports and images promptly and expand the scope of digital review. At the same time, the NHIA also incentivizes medical institutions to establish a two-way referral mechanism under the tiered medical care system through various programs. Meanwhile, the NHIA strengthens the integration function of the “Intelligent Peer Review System.” This effort included the establishment of automatic links to health insurance payment regulations, review guidelines, patient’s electronic medical records, reviews of focal point information, reminder mechanisms and individualized settings in helping medical reviewers to perform their work accurately and efficiently. The NHIA further integrates the artificial intelligence (AI) analysis module of the Data Warehouse system and give feedback to doctors as a reference, so as to improve the accuracy of professional review and the efficiency of the peer review process.

The NHIA has carried out a number of medical policy reforms according to important national healthcare guidelines, and the implementation of these policies requires a powerful information system as its foundation. With rapid changes and developments in different stages of the medical policy, the NHIA needs to modify relevant medical information systems to keep up with the changes accordingly to accommodate rapid developments of information technology and guarantee operation efficiency and information security simultaneously. To enhance medical services of the NHI, the Information Management Division of the NHIA endeavors to maintain smooth operation of the medical information system, to provide high-quality information services, and to accomplish missions assigned.

The National Health Insurance MediCloud System

Many people are used to seeking medical care in different hospitals or visiting different doctors owing to different illnesses, so their personal medical records and medication history are scattered in different medical institutions. When doctors can hardly view patients’ previous medical records from other medical institutions promptly, then duplicated medications can be provided and examinations or tests can be conducted easily. Drug–drug interactions caused by duplicated medication may affect medication safety for patients, and also may result in the waste of medical resources.

Building Patient-Centered “NHI PharmaCloud System”

The NHIA built a patient-centered “NHI PharmaCloud System” by using computing technology in July 2013. This system provided assembled patients’ recent medication records by consolidating medical claims data from medical institutions and data uploaded via the NHI IC card. To avoid duplicated medications and enhance drug safety for patients, this system allows doctors and pharmacists to view patients’ medication records.

Upgrading of the “NHI MediCloud System”

The NHIA upgraded the “NHI PharmaCloud System” into the “NHI MediCloud System” in 2015. When doctors are providing clinical treatments and/or prescriptions or pharmacists are dispensing medicines and/or providing medical consultations, they can access the NHI MediCloud System to query 12 categories of patient medical records, such as western and traditional Chinese medication records, examination records and results, surgery records, dental care records, drug allergy records, specific medication records of controlled drugs and coagulation factors, rehabilitation records, discharge summary and vaccination records from the Centers of Disease Control (CDC) (Fig. 6.3).

Fig. 6.3

Functions of the NHI MediCloud System

In 2018, medical images such as computed tomography (CT), magnetic resonance imaging (MRI), X-ray, ultrasound, gastroscopy, and colonoscopy can be uploaded and shared in the NHI MediCloud System (Fig. 6.4), thus allowing doctors to obtain patients’ medical information in real time in different medical institutions.

Fig. 6.4

Development of medical images uploading and sharing

In May 2018, the NHIA expanded the one-way provision of patients’ medical information to a two-way information exchange model, so that medical professionals can report “drug therapeutic inequivalence,” “questionable quality of uploaded medical images,” and “drug allergy” to the NHI MediCloud System to improve the efficiency of information sharing and the quality of medical services.

Design of Active Reminders in the NHI MediCloud System

To increase efficiency and effort in browsing plenty of information and enhancing safety, “active reminder for duplicated orders” and “active reminder for drug interactions and/or allergies” have been provided since September 2018. By instant comparison with the NHI database, these functions remind doctors if there are duplicated orders, drug–drug interactions upon patients’ remaining medicine, or drug allergies when medicine or treatment codes are entered into the Hospital Information System (HIS) from prescriptions.

Personal Privacy Protection and Information Security Management

Because medical information is highly private and sensitive, since the initiation of the NHI PharmaCloud System, the NHIA has gathered professionals from relevant fields such as information, medical quality management, and law to jointly discuss system settings, regulations on the use of medical institutions, etc.

1. 1.

   Establishing the Authentication Mechanism and Management for Data Acquisition

The system is built in a closed VPN, in which only when three necessary cards, i.e., the medical institution secure access module card, physician card (or pharmacist card), and the patients’ NHI IC card, are verified during the visit can healthcare providers obtain patients’ medical history. All query history is documented for the NHIA’s subsequent management purposes. When doctors or hospitals have to download patients’ data to integrate it into HIS, they must obtain the patient’s written consent before doing so. In addition, the NHIA has established relevant information security management measures to conduct information security inspections on medical institutions that download in batches from time to time.

1. 2.

   Password Protection

To further protect personal privacy, doctors and pharmacists will be restricted from querying patients’ medical records if those insured set passwords for their NHI IC cards. Setting a password does not affect patients’ rights and interests in receiving health care, and medical professionals should provide health care according to the needs of their patients.

Cloud-Based Healthcare Technology Is a Future Trend

Uploading medical information to the NHI MediCloud System enables medical information to be accessed and shared across medical institutions and assists clinical medical professionals in diagnosis and planning patients’ follow-up healthcare. Therefore, the concept of “good hospitals in the community; nice doctors in the neighborhood” in the hierarchically integrated medical system policy can be firmed up, and patients’ medical care quality and convenience can be improved. Furthermore, the problem of overcrowding in hospitals and overwork of medical professionals can be reduced.

Continuously Upgrading the NHI MediCloud System

The NHI strongly supports and guarantees the social stability and health security of Taiwan. Its wide coverage, easy access, and high quality of care are well-known worldwide. Because of people’s expectations of the NHI, the NHIA has innovated and made breakthroughs continuously since its establishment in 1995. The NHI IC card was launched in 2004; in the meantime, the NHI entered a new era of comprehensive informatization. The application of the NHI VPN and centralized information system has enabled contracted medical institutions to fully digitalize claims. With a 93% contracting rate of medical institutions, the National Health Insurance database contains health information of almost all residents in Taiwan, making it a unique national treasure house.

It is convenient for Taiwanese people to seek medical treatment in different hospitals with their NHI IC cards. To allow doctors to review the medications, examinations, and tests uploaded by different medical institutions, the NHIA has established a patient-centered “NHI MediCloud System” for medical institutions to query patients’ recent medical records and/or medical images. In addition to linking to websites directly, methods such as batch download and the Application Programming Interface (API) connection have also been launched in response to information development, so that medical institutions can use the in-house information system for data innovation and value-added applications. The achievements were shared in the “Benchmarking Sharing Session on the NHI MediCloud System” on the annual demonstration of this successful public–private partnership. The infrastructure works in line with national policies (so was quickly employed in COVID-19 epidemic prevention in 2020) and establishes a solid foundation on the development of AI.

Applying the Technology to Provide Reminders Proactively

The NHI MediCloud System collects 12 categories of medical information, which is quite diverse and rich. However, medical professionals usually have to make decisions in a split second. By combining information system that provides medical professionals with “information” for clinical practice reference speedily via the HIS, which the medical staff are familiar with, the NHI MediCloud System maximizes the benefits and demonstrates the true value of cloud systems.

Previously, owing to the lack of information circulation, seeking health care in different hospitals often led to duplicated prescriptions or drug interactions, which adversely impacted people’s health and caused a waste of resources of the NHI. In addition to providing sufficient information, the NHI MediCloud System shoulders the responsibility of reminding physicians in a more active way to ensure patient safety. Therefore, the NHIA promoted an “Active reminder for duplicated orders” in September 2018 and launched an “Active reminder for drug–drug interactions and/or allergies” and an “Active reminder of traditional Chinese and Western medicine interaction” in 2019 and 2020 respectively. Innovative technologies were applied to calculate and analyze data actively, and then remind physicians immediately.

The so-called active reminder refers to the quick and instant data exchange between the NHI MediCloud System and the HIS of the medical institutions through the API connection. Before a physician issues a prescription, the information of the prescription is sent to the NHIA through the API, compared with the NHIA big data in real time, and then the physician immediately receives feedback on whether there is a duplication for the current prescription, any interactions with the remaining medicine, or any medicine that patient is allergic to (Fig. 6.5). The connection between the NHI MediCloud System, and the hospital HIS that physicians are accustomed to can be completed within 1–3 s in the same window, which saves physicians time and effort spent on browsing a large quantity of information, as well as enhancing patient safety and medical efficiency.

Fig. 6.5

The active reminder function of the NHI MediCloud system

In addition, medical costs related to kidney disease have remained high in recent years. Kidney function impairment causes patients to enter a course of dialysis, which severely impacts on patients’ quality of life. To avoid nonsteroidal anti-inflammatory drugs (NSAIDs), contrast media, and other nephrotoxic drugs from causing further kidney damage to patients with renal dysfunction, the NHIA added “Renal Dysfunction Reminders” in the summary area of the NHI MediCloud System in 2019, and an “Active reminder for NSAID drug usage” in 2020 to remind physicians to review and pay attention to drug prescriptions for specific risk groups.

Image Upload, Retrieval, and Sharing

The NHIA started the promotion of medical image-sharing mechanism in 2018 to prevent radiation exposure caused by unnecessary examinations and reduce the waste of medical resources. This mechanism breaks through the limitations of the image retrieval system, formats, and storage space. The NHIA encourages medical institutions to upload imaging data of the patient to the NHI database, so that the doctors from other hospitals can access the images in the NHI MediCloud System through medical image sharing. It reduces patients’ cost of transportation, time, and money when applying for video disks from the hospital to seek a second opinion or follow-up care from other hospitals. It also reduces the radiation exposure hazards that the patient may be exposed to when repeatedly undergoing imaging examinations. It is estimated that by sharing CT images and MRI, approximately New Taiwan dollars (NTD) 5.98 million in image reproduction fees and travel time costs were saved every month for the society as a whole.

Medical imaging is an important tool for assisting physicians in diagnosis and disease treatment. In recent years, high-tech imaging examinations such as CT and MRI have been widely used, and their related expenses have always ranked in the top few in the proportions of medical expenses of the NHI. However, repeated medical imaging has the same problem as repeated medications. Physicians may order the examinations owing to professional considerations such as the necessity to check different parts, changes in condition, but it is likely that some examinations are truly unnecessary. It is hoped that through information sharing and decisions made jointly by physicians and patients, in addition to medical necessity, patients must understand the risks of repeated examinations, and cherish medical resources by avoiding unnecessary imaging examinations to achieve the goal of multiparty win-win.

Importing ISO Certification to Protect Personal Information

Medical records are classified as sensitive data with a high degree of privacy in the Personal Data Protection Act. Considering that medical information is helpful for the safety and quality of care when people receive medical care in different hospitals and promotes holistic care, the NHIA not only provides real-time data queries online but also allows the contracted medical institutions to batch download the medical records of the registered patients. The medication, examination, and test are batch downloaded to the HIS system for data integration and value-added applications, such as automatic drug-dosage decisions, and preoperative bleeding risk checks. However, the contracted medical institutions must comply with the Personal Data Protection Act and related regulations and obtain patients’ written consent. Before the NHIA provides the active reminder function, some medical institutions have already downloaded patient medical information in batches to build a pop-up reminder in the HIS system to alert doctors. It is especially effective in medication integration, reduction of repeated medications, examinations, and tests of outpatients in hospitals, as well as the prevention of drug interactions.

To ensure that the medical information of the public is fully protected and preserved, the NHIA has set up the “Principles of Batch Download Operation of the NHI MediCloud System for the Contracted Medical Institution” to standardize the implementation of batch download. The institutions should delete the relevant information immediately after completing the consultation (if preservation is necessary, the medical record preservation regulations must be followed). In addition, self-assessment must be conducted every year according to the checklist established by the operation principles. The NHIA will conduct on-site inspections to ensure that the institutes implement the personal data and information security protection.

The Cyber Security Management Act was announced in 2018 and the Regulations on the Classification of Cyber Security Responsibility Levels was amended in 2019 to effectively formulate the cyber security management policies and construct a secure cyber communication environment through the hierarchical management. Taking the agencies with level A cyber security responsibility (such as medical centers) as an example, their core cyber security system should integrate the Chinese National Standards (CNS) 27001/International Organization for Standardization (ISO) 27001 and other Information Security Management System (ISMS) and should be verified by a fair third party. In line with the previous acts and regulations, the NHIA encourages institutions that implement batch downloads to include the NHI MediCloud System batch download operation into the scope of hospital CNS 27001/ISO 27001 certification to standardize management procedures, simplify the trial of batch download, and further ensure the information security protection when utilizing the NHI MediCloud System.

Integrating Information Across Organizations to Safeguard the Health of All Residents

To provide doctors with reference for holistic care, the NHIA not only improves the NHI data integration, but also focuses on cross-organizational information integration. For example, the link to the homepage of the medical institution Electronic Medical Record Exchange Center was added to the examination and test results tab of the NHI MediCloud System in 2017; the NHIA cooperated with the Food and Drug Administration, Ministry of Health and Welfare (MOHW) to promote the report function of the “Drug Therapeutic Inequivalence Reporting System” and establish a drug quality protection mechanism in 2018; the “CDC Vaccinations” tab was added on the NHI MediCloud System at the end of 2018 to provide linkage to the “National Immunization Information System (NIIS)” of the Centers for Disease Control, MOHW; the NHI MediCloud System connects the data of the Taiwan Organ Registry and Sharing Center to provide the function of “comprehensive reporting for overseas organ transplantation” in 2019. The NHIA cooperated with the HPA to import records of adult preventive health care and offer screening results for four major cancers, as well as hepatitis B and hepatitis C, in 2021 to further provide patient-centered diagnosis and treatment.

At the beginning of 2020, the COVID-19 epidemic gradually spread in various countries around the world. The NHIA cooperated with the Central Epidemic Command Center (CECC) to take advantage of the wide use of NHI VPN and the NHI MediCloud System in various medical institutions and quickly integrate the reminder function for travel history of Wuhan and the contact history with confirmed cases provided by the CDC in the NHI MediCloud System. As soon as the patient’s NHI IC card is inserted, the system will immediately display a pop-up window to remind the medical institution to pay attention to the patient’s condition. Based on the overall epidemic prevention measures, the reminders have been expanded to travel history in various countries, specific high-risk occupations and cluster, referral for further COVID-19 examinations, and whether patients were prescribed with influenza antiviral drugs within 10 days. Through integrating information from the MOHW, National Immigration Agency of the Ministry of the Interior (MOI), the Civil Aeronautics Administration of the Ministry of Transportation and Communications, and the Veterans Affairs Council (Fig. 6.6), the NHI MediCloud System provides medical institutions at all levels (including contracted and noncontracted medical institutions), long-term care institutions, and administrative agencies (the National Fire Agency of the MOI, the Agency of Corrections of the Ministry of Justice, and the local public prosecutor office) with multiple queries such as online queries (with/without the NHI card), batch download, or API connect, to access epidemic prevention information such as travel history, occupation, contact history, and cluster (TOCC) of incoming and outgoing personnel (Fig. 6.7). The abovementioned information was used to reduce the risk of nosocomial infection and the infection spreading in clusters and communities, reduce internal pressure and infection risks of medical staff and executives, effectively control the spread of diseases, and comprehensively prevent cluster infections. According to statistics, the total number of TOCC inquiries reached nearly 1.18 billion person-times from February 2020 to September 2021.

Fig. 6.6

The integrated interministerial information safeguards the national epidemic prevention. SFTP = secure file transfer protocol

Fig. 6.7

The epidemic prevention information reminder window such as travel history, occupation, contact history, and cluster of the Continuous National Health Insurance MediCloud System upgrade enables smart medical care

The flexible data connection, real-time query, and convenience of the NHI MediCloud System enables it to exert its powerful additional value at this time, so that medical staff can feel more at ease and avoid exposing themselves to danger. Although it is unexpected, the NHI MediCloud System plays an important role in epidemic prevention.

Continuous NHI MediCloud System Upgrade Enables Smart Medical Care

The query rate of the NHI MediCloud System has reached nearly 90% since its establishment in 2013. The medical information shared through the NHI MediCloud System and active reminder function significantly reduced the number of unnecessary prescriptions. It is estimated that the cost of repeated drugs reduced by about NTD 9.35 billion from 2014 to 2020, and the cost of repeated examinations and tests was reduced by 1 billion RVUs in 44 categories from 2018 to 2020. Facing the challenges of global population aging, disease treatment, and medical care, it is crucial to promote policies that facilitate innovative application of big data. On the premise of ensuring patient privacy and compliance with relevant laws and regulations, the NHIA will also continuously upgrade the NHI MediCloud System to respond to the development of information and communication technology and the needs of clinical practice (Fig. 6.8). At the same time, it is the ongoing mission of the NHIA to optimize the online query interface of the NHI MediCloud System, provide functions and data with content and interval that are more in line with clinical practice needs to fulfill its key role in improving the quality of medical care. It is hoped that through sharing and integrating medical information, we can exert its highest value to promote smart medical care and benefit the whole population.

Fig. 6.8

Development history of the National Health Insurance MediCloud System

The National Health Insurance Information Security Management System and Data Protection Mechanism

To abide by the national policy of “Cyber Security is National Security” and to defend increasingly sophisticated cyberattacks, the NHIA improves its information security management mechanism continuously to ensure the security of information systems and national personal data, thereby protecting the information security of the country.

Continuous Improvement of the Information Security Management Mechanism

The NHIA cooperated with the “Implementing a National Information and Communication Infrastructure Security Mechanism Plan” of the National Information and Communication Security Taskforce and imported the ISMS in accordance with the requirements of the “Grading Operations Implementation Plan for Government Agencies’ Information Security Responsibility Level.” The NHIA owned the domestic and international information security standards obtaining two information security licenses in 2004, and then followed the cyclical improvement spirit of the ISO Plan-Do-Check-Act continuing to promote and strengthen overall cyber security to this day. The NHIA documents and standardizes all information system-relevant operation procedures, including computer room security management, cyber security management, information application system development and management, information access control operations, information security risk assessment and management, business continuity management, and computer virus prevention operations. In addition, the NHIA verifies that the ISMS and information security are in line with domestic and international information security standards through practices such as information asset inventory and risk assessment, internal audit, business continuity plan, management reviews, and on-site audits by impartial third-party auditing agencies. Continuously improving the information security management mechanism through the above methods to ensure the sustainable development of information system operation under the premise of safety and security.

Defense-in-Depth Mechanism Implementation and Internal and External Network Isolation Policies

To ensure the overall information security, the NHIA gradually adjusted the original distributed network architecture to single portal architecture, integrated related information systems into a centralized system architecture, and promoted the construction of dual operation centers in Taipei and Taichung for mutual backup. In addition, firewalls, intrusion detection and defense mechanisms, email filtering, application firewalls, measures against advanced persistent threat, antivirus and antispyware, database accessing and monitoring mechanisms, and intranet firewalls are deployed layer by layer from the external network to the internal network (Fig. 6.9). The NHIA also built a Security Operation Center operating 24 h a day, 365 days a year, and assigned dedicated professional information technology personnel for supervision to prevent intrusion by any malicious threats (Fig. 6.10).

Fig. 6.9

Defense-in-depth mechanism

Fig. 6.10

External service protection mechanism

As internet access is the main intrusion channel for any malicious threats, the NHIA has implemented a policy of isolation between the internal and external networks to ensure the overall security of the internal network. Colleagues can only connect to the internet through the external Virtual Desktop Infrastructure mechanism to block possible internet threats from the external network (Fig. 6.11).

Fig. 6.11

Intranet protection mechanism

Regular Information Security Testing and Drills to Reduce the Potential Risks of Information Security

The NHIA is a government agency compliant with information security responsibility level A, which regularly conducts two website security vulnerability detections and repairs, one penetration test that simulates hacking techniques, and one information security inspection annually. We hope to find out and fix the potential risks of the information system architecture through regular self-review to avoid being used by hackers. The NHIA also implemented the most advanced Red Team Assessment attack in 2018. Under the premise of not affecting the operation of the NHIA, the practice conducts simulated intrusion attacks on the organization, executes attacks from various entry points in a limited time in an all-purpose way, tries to achieve the test tasks designated by the NHIA, as well as exploring potential risks and fixing them.

Implement Database ID Entity Encryption Mechanism

The large amount of highly sensitive medical claim data from contracted institutions collected by the NHIA is coveted by all parties (computer hackers, data brokers, fraudulent groups, etc.), and it is always facing the threat of intrusion and stealing by interested parties in various ways. In view of the foregoing circumstances, the NHIA conducted related research on data encryption in 2008, and the results showed that only a small number of operations may need to display plaintext data. Subsequently, the medical data transferred from the external to the NHIA will be encrypted (Database ID entity encryption mechanism), and the relevant information system will be fully renovated to ensure that the information and business personnel cannot have contact with the true plaintext data during the business process and reduce the possibility of data leakage. In addition, the underwriting database of the NHI was also implemented in 2013; the data provided by the Data Warehouse to external agency passes two encryption operations to ensure the security of people’s personal data.

Conclusion

Taiwan has entered the era of value-added use of medical, health, and care data. With the promotion of a smart health policy by the government, the NHIA has improved the quality and efficiency of medical services by introducing information communication technology. Combined with data analysis and a high transmission rate through 5G applications, the design and promotion of the virtual NHI card will continue to be in line with the vision of fostering open application and industrial development, so that the public can obtain medical services more conveniently with more choices as we start a new era of care.