Kevin Fu testifies on the security of smart cards to access Medicare and Medicaid Services

Prof. Kevin Fu Enlarge
Prof. Kevin Fu

On November 28, Professor Kevin Fu testified before the Energy and Commerce Committee of the U.S. House of Representatives on the cybersecurity of smart cards for combating fraud in health care.

Each year, the Medicare program loses tens of billions of dollars to fraud and abuse. With estimates predicting the Medicare program set to go bankrupt as soon as 2017, much more needs to be done to ensure that our seniors’ health care dollars are protected. The purpose of the hearing was to assess current anti-fraud measures employed and explore potential new approaches to address these substantial and ongoing threats.

Prof. Fu testified that a universal strong ID card to Medicare and Medicaid recipients wouldn’t necessarily reduce Medicare and Medicaid related fraud, especially if proper care isn’t given to how the ID cards are managed. “Smart cards authenticate smart cards, not people,” he told the Committee. “For this reason, a key shortcoming of even the most perfect smart card is the difficulty of securely linking the card with a person. Linking people to a smart card is notoriously difficult.” In particular, smart cards would do little to protect against fraud in which patients and/or providers colluded to defraud the system. Smart card systems also present problems in situations in which vulnerable patients are in the care of home health aides.

This video contains Prof. Fu’s testimony to the Committee (begins at 54m, 21s) and the congressional interrogation of Prof. Fu (begins at 1h, 27m, 21s):

Prof. Fu’s research aims to make embedded computer systems smarter: better security and safety, reduced energy consumption, faster performance. His Security and Privacy Research (SPQR) Lab focuses on two rapidly evolving classes of computing devices: computational RFIDs and implantable medical devices. He maintains a blog on medical device security and safety.

Students can learn about related technical, human, and regulatory issues by enrolling in Prof. Fu’s Winter 2013 course, EECS 598-008, the first course in the nation dedicated to issues of medical device security.