ePassport vs Health Card

ePassport vs National Health Card

An ePassport and a national health card are both government-issued smart card credentials, but they serve almost entirely different purposes: the ePassportePassportApplicationPassport with embedded contactless chip.Click to view → identifies you at an international border; the health card identifies you to a healthcare provider. Their data models, security architectures, and use cases barely overlap — yet both may land in the same wallet.

Overview

ePassport (ICAO 9303ICAO 9303ComplianceICAO standard for ePassport chip data and security protocols.Click to view →) is a high-security travel document with an ISO 14443ISO 14443StandardStandard for contactless smart cards.Click to view → contactless chip carrying biometric data (facial image, fingerprints) and a digital signature from the issuing state's Country Signing Certification Authority (CSCA). Access to the chip requires the MRZ-derived BACBACApplicationePassport security using MRZ data.Click to view →/PACEPACEApplicationStrong ePassport authentication protocol.Click to view → session key, preventing covert skimming. The ePassport's security architecture is designed for border control scenarios: prove citizenship, prove identity, prove the document is genuine and unaltered.

National health cards (Germany's eGK, France's Vitale, UK's NHS number card, Taiwan's NHI card) identify the patient to healthcare providers for insurance eligibility, billing, and medical record linkage. The security requirements are much lighter than an ePassport: a card that can be skimmed or lost is a privacy concern, but it does not enable international illegal immigration or terrorism financing. Many health cards carry no cryptographic authentication capability — they are simple ISO 7816ISO 7816StandardPrimary standard for contact smart cards.Click to view → contact cards or even contactless memory cards containing insurance number, coverage dates, and name.

Key Differences

• Primary function: ePassport = international border identity; health card = healthcare insurance eligibility
• Biometric data: ePassport stores ICAO biometric data groups; health card typically stores no biometric data (patient photo is sometimes printed but not stored on chip)
• Cryptographic security: ePassport uses CSCA/DSC PKI + BAC/PACE; many health cards have no cryptographic authentication
• Access protection: ePassport requires MRZ optical scan for chip access; health card is typically readable without prior authentication by any authorised reader
• Portability: ePassport is valid at 195+ countries' borders; health card is valid only within its national or regional health system
• Data privacy sensitivity: Both contain sensitive data, but compromise of health card is primarily a privacy/fraud risk; compromise of ePassport is an identity and border security risk
• Issuing authority: ePassport issued by civil registry / immigration authority; health card issued by insurance fund or national health authority

Use Cases

ePassport handles:

• International border crossing
• eGate automated clearance at airports
• Consular and visa services

National health card handles:

• GP, hospital, and pharmacy visits — insurance eligibility check
• Electronic prescription generation and dispensing
• Referral and specialist booking
• Emergency medical data access (blood type, allergies in chip)

Verdict

ePassport and national health card are parallel credentials with no functional overlap in their primary use cases. A citizen may carry both, and both may be plastic cards with chips, but they operate in entirely separate systems. Countries exploring health card digitisation should study ePassport security architecture for inspiration on biometric storage and access control — but the full ePassport PKI stack is almost certainly overkill for routine healthcare eligibility verification. The right health card design balances patient privacy, ease of use at point of care, and fraud prevention at a cost appropriate to the healthcare system's budget.