Could ID cards open up health records to patients, or are they an infringement of civil liberties, asks Lyn Whitfield Swindon - officially the most 'average' place in the country - was briefly a hotbed of smartcard technology.

For a couple of years in the 1990s, people in the Wiltshire town had the chance to carry Mondex, an 'electronic purse' that promised to do away with petty cash. But take-up was low. People had to charge the cards through public telephones or 'hole in the wall'machines - no less hassle than withdrawing cash.

Now, however, smartcards are back in vogue. They have become more robust, have greater capacity and are more versatile. One card could operate as an electronic purse - but also clock up store loyalty points, for instance. Or act as an identification and access device.

Since March, Southampton council workers and students have been using smartcards to access leisure facilities and libraries. An electronic purse that can be 'filled' via a mobile phone or PC should be incorporated this year for use in city stores. By 2003, 200,000 city residents could have cards.

What does this have to do with the NHS? Several things. In the wake of the terrorist attacks in the US, government ministers have been flip-flopping over the idea of compulsory identity cards. Last week, home office minister Lord Rooker told a Labour Party conference fringe meeting that it had 'no policy, no plans' for an ID card, despite enthusiasm from his boss, home secretary David Blunkett.

But he left the door open for 'citizen access' or 'entitlement' cards, giving people access to public services - including the NHS, which has already been exploring the use of smartcards by professionals and patients. A Home Office spokesperson said the issue of cards 'will be looked at, not in the light of recent events but in a broader context of citizenship and participation.'

Also, the Office of the E-envoy has announced that three policy working groups will be set up to examine digital certificates (effectively electronic signatures) and smartcards.

The first meeting of the smartcard group, scheduled for three days after the New York and Washington outrages, was postponed. But a spokesperson said this week that the work would continue.

This work, which should lead to a public consultation document in December, could also have implications for the NHS - and will certainly have implications for personal privacy.

The strategic outline case for the first-generation emergency/urgent care electronic health record revived the debate about smartcards in the NHS.

The SOC, issued by the NHS Executive information policy unit, indicates that the EHR will be built around an existing national system (probably NHS Direct). Smartcards are cited as potential identification and access devices (see e-novation, 2 August, and HSJ news focus, pages 14-15, 9 August).

Ministers appeared to suggest last year that patients would be given smartcards holding their medical records as part of the NHS plan.

But an unpublished technical feasibility study for the IPU notes that previous experiments with portable medical records have had mixed results.

Examination of the 1989 Exmouth Carecard trial found there was no business justification for introducing a national scheme. Private schemes have been abandoned due to low take-up.

Another report, drawn up for the IPU by university experts, says the most successful smartcard applications to date have involved simple functions, where there are clear benefits and alternative transaction routes. The use of smartcards as information storage devices 'has largely been discounted'.However, plans to create a centralised EHR make privacy campaigners twitch.

Caspar Bowden, director of the Foundation for Information Policy Research, says there is no way a modernised NHS can rely on poor paper records.

However, he warns that the centralisation of NHS records 'could presage a privacy cataclysm in the UK', unless technology is adopted to give patients control of their own data.

The row over 'clause 59' of the Health and Social Care Bill, which allows the health secretary to pass identifiable patient information to anyone he wants, has done little to reassure privacy campaigners about the government's intentions.

Multi-function cards, such as the 'citizen access' card just multiply these concerns.

Indeed, Simon Davies, a visiting fellow at the London School of Economics, told a recent conference that 'behind the scenes are those who want to get an identity card through to streamline government administration'.

Though the FIPR voted the NHS Executive 'most heinous government department' this year for its plans to centralise medical records (reluctance to embrace encryption and persistent flouting of data protection law), it would be unfair to suggest its staff are unaware of these issues.

Another report for the IPU says multi-function cards carry a 'perceptible threat to individual privacy' and that a guarantee of confidentiality will be 'crucial to consumer confidence building'.

Particular risks of smartcard use include 'dataveillance' - using information collected from smartcards to track individual transactions with the state or business - and 'function creep' - access by unrelated agencies to personal data of all kinds.

'Function creep is a stealthy process, and cardholders will want an assurance that controls are implemented to prevent it from evolving, ' the report says.

However, it is not clear how much weight will be given to these issues in the Cabinet Office, or other departments suddenly keen on 'citizen access' cards.

The Cabinet Office's performance and innovation unit was supposed to issue a report on privacy and data sharing this spring, but this is yet to appear.

This may be why e-envoy Andrew Pinder seized the initiative in August. Though digital signatures are vital to conducting many e-commerce and e-government transactions, uptake has been slow.

The e-envoy wants to 'galvanise the market' - but does not expect the government to issue cards itself.

Instead, it wants to 'piggy back' on commercial schemes - such as store loyalty cards - arguing this will give consumers 'choice' about what cards to hold and what to put on them. For example, a spokesperson told HSJ: 'You might decide to make VAT returns online and do that on a card through Sainsbury's.'Or put the information needed to access my EHR on my Tesco Clubcard, presumably.

Astonishing as this seems, the idea is not new.

Keen to avoid the cost of issuing cards, the government tried something similar in 1996, with the Government Direct initiative.

Tim Conway, director of industry body the Computing Services and Software Association, said the e-envoy's initiative should be used to build public support for an identity card, and claimed this would give people password-protected access to their data.

But password access is hardly the point. As Mr Bowden says: 'If the government mandates the use of smartcards with identifiable digital signatures, every fleeting transaction could be logged and time-stamped through the government Gateway.'

There are smartcard architectures designed to protect personal privacy, such as the private credentials system developed by Dr Stefan Brands at McGill University, Montreal. But Mr Bowden says they are not well known in the business world, where the development of security was held back in the 1990s by a row over 'key-escrow' - whether the government should be able to demand the 'key' to unlocking encrypted data.

Since 1996, the government has passed the Regulation of Investigatory Powers Act, which allows it to threaten anyone - including doctors - with fines or jail if they refuse to hand over decryption keys.

Meanwhile, Mr Bowden warns that if private card issuers are held liable for fraud and error, they will be tempted to 'over-identify' people: opening up another avenue for dataveillance.

'We do not think the e-envoy's office has taken this on board, ' he says. 'It could set standards, mandating systems for security, but it shows no signs of doing so. It just seems to be concerned with massaging away public concerns.'

Five things to know about smartcards

1.There are two types of smartcard.Memory cards simply store data - like a floppy disk.Microprocessor cards can add, delete and manipulate information, like a tiny computer.Cards can be read in two ways: contact cards must be inserted into a smartcard reader.Contactless cards have an antenna in them and communicate with a reader without physical contact.

2.Existing cards, using silicon technology, have capacity to store basic identification details, act as an access control mechanism or store details about recent prescriptions or appointments.An x-ray is beyond them.But non-silicon based technologies promise to overcome this constraint.

3.International standards cover the size of cards, their resistance to bending, alcohol and even sweat.Some cards would already last millions of years, used once a day (but they can still be lost down the back of the sofa).

4.Millions of smartcards are in use across Europe, but most are memory phone cards.France led the way in using smartcards to purchase goods, partly because of scandals affecting its credit and debit card systems.

5.France and Slovenia lead the way, using smartcards in their health systems to speed up insurance claims and provide professional access to confidential information.Scotland plans to introduce smartcards carrying medical histories.In England, private medical smartcard schemes have been piloted but abandoned due to low demand.The NHS is also running pilots, for example using smartcards to check the credentials of doctors.