Hospital and Healthcare Facility Access Card Guide
Hospitals and large healthcare campuses routinely run access control on HID Prox, Kantech ioProx, LenelS2 OnGuard, or Honeywell Northern systems—sometimes all four on the same campus. American Key Cards supplies compatible proximity cards and key fobs for the 125 kHz formats most common in healthcare, programmed to your facility code, with no OEM dealer account required. For encrypted smart card formats such as HID iCLASS SE and Seos, no third party can supply functional replacements, and we say so plainly.
Why Healthcare Facilities Have Complex Access Control Environments
Health systems grow by acquisition and renovation rather than ground-up builds. The result is a patchwork: the cancer center installed in 2006 may run Honeywell Northern readers; the surgical wing renovated in 2014 runs HID iCLASS SE; the administrative building still uses Kantech ioProx. A director of facilities may be managing credentials for three or four incompatible reader families at once.
Ordering the wrong card format is the single most costly mistake in hospital credential management—a card that looks identical to the correct one but encodes the wrong protocol will not read. This guide covers each major format, how to identify which one your facility uses, what to order, and which formats cannot be sourced from any third-party supplier.
Format 1: HID Prox 26-Bit (H10301)
Standard 26-bit Wiegand (H10301) is the most common single access card format in North American healthcare facilities. It operates at 125 kHz, carries no encryption, and transmits an 8-bit facility code (0–255) and a 16-bit card number (0–65,535) to the access panel.
OEM HID part numbers include 1386 (ProxCard II), 1326 (clamshell), 1346 (ISOProx II), and 1586 (DuoProx II). Compatible readers include the HID MaxiProx 5375, ProxPro 5355, MiniProx 5365, and ProxPoint Plus 6005, as well as virtually every other 125 kHz Wiegand reader on the market.
American Key Cards supplies compatible H10301 cards and fobs programmed to your facility code.
For the full specification, see the HID Prox H10301 format page.
Security note: Standard 26-bit HID Prox cards are cloneable with widely available handheld duplicators. They are appropriate for general staff access and lower-security zones, not for pharmacy or areas where credential integrity is critical.
Format 2: Kantech ioProx (XSF / 26-Bit)
Kantech (a Johnson Controls brand) is one of the most commonly deployed access control systems in mid-size U.S. hospitals and medical office buildings. Their ioProx credential line uses a dual-encoded format: Kantech’s proprietary XSF (eXtended Secure Format) with a 64-bit codebase supporting over 4 billion unique codes, and standard 26-bit Wiegand (H10301) encoded on the same card simultaneously.
OEM ioProx part numbers include P10SHL (clamshell), P20WLM (key fob), P30DMG (printable ISO), and P40KEY (key tag). Compatible readers include the Kantech P225, P325, and P600 ioProx reader family.
American Key Cards supplies compatible ioProx cards and fobs, dual-encoded with both XSF and 26-bit Wiegand—drop-in replacements on EntraPass systems without software reconfiguration.
See the full Kantech ioProx format page for reader compatibility and how to identify your facility code on an existing card.
Security note: Kantech ioProx operates at 125 kHz without encryption. The XSF dual-encoding provides a larger code space than standard 26-bit but adds no cryptographic protection.
Format 3: LenelS2 OnGuard (26-Bit and 36-Bit L11601)
LenelS2 (a Carrier company) produces one of the most widely deployed enterprise access control platforms globally, and it is very common in large health systems and university medical centers. LenelS2 OnGuard supports both standard 26-bit H10301 proximity cards and the proprietary Lenel 36-bit L11601 format.
The L11601 format expands the facility code range from 0–255 (standard 26-bit) to 0–1023, which matters for large health systems with multiple campuses sharing a common credential infrastructure. OEM credentials include the L11601-series Lenel prox cards and Identiv 4020 L11601. The LenelS2 LNL-1300 and LNL-1320 intelligent readers accept both 26-bit and 36-bit formats; the system configuration determines which is active at each door.
American Key Cards supplies compatible cards and fobs for LenelS2 systems in both formats. Let us know your OnGuard panel model and facility code length so we can program the correct format.
Full details at the LenelS2 OnGuard format page.
Format 4: Honeywell Northern N10002 34-Bit
The Honeywell Northern N10002 34-bit format is common in healthcare facilities running Honeywell Pro-Watch software and the OmniProx reader family. The N10002 operates at 125 kHz with a 34-bit Wiegand frame, supporting facility codes and card numbers each from 0 to 65,535—a much larger space than standard 26-bit’s shared facility code constraint.
OEM credentials include PX4H, PX4H25, PVC425, and PVC425S, plus Identiv equivalents Identiv 4000 (clamshell) and Identiv 4010 (PVC ISO). Compatible readers include the Honeywell OmniProx PX4H and PX4H25.
American Key Cards programs compatible N10002 cards and fobs in ISO PVC and clamshell form factors. You will need your facility code and card number range from Pro-Watch records or installer documentation.
More information at the Honeywell Northern N10002 format page.
Format 5: HID iCLASS SE and Seos — What No Third Party Can Supply
Many hospitals and health systems deploy HID iCLASS SE (part numbers 3000, 3002, 3100, 3350) and HID Seos (part numbers 5005, 5006, 5266) on higher-security areas: pharmacy, controlled substance storage, data centers, and anywhere HIPAA-driven audit trails require verified identity.
These credentials operate at 13.56 MHz with AES-128 encryption and Secure Identity Objects (SIOs) cryptographically bound to the specific card chip. There is no publicly known successful cloning attack against iCLASS SE or Seos in their intended configuration.
American Key Cards cannot supply functional iCLASS SE or Seos replacements—and neither can any other third-party supplier. Replacements require re-enrollment through your system integrator using HID’s Trusted Identity Platform. We include this clearly because healthcare security managers ask often, and accurate information matters more than a sale we cannot make.
Comparison: Common Healthcare Access Card Formats
| Format | Frequency | Bit Width | Facility Code Range | Cloneable | AKC Can Supply |
|---|---|---|---|---|---|
| HID Prox H10301 | 125 kHz | 26-bit | 0–255 | Yes | Yes |
| Kantech ioProx XSF | 125 kHz | XSF + 26-bit | XSF: 4+ billion codes | Yes | Yes |
| LenelS2 26-bit H10301 | 125 kHz | 26-bit | 0–255 | Yes | Yes |
| LenelS2 36-bit L11601 | 125 kHz | 36-bit | 0–1023 | Yes | Yes |
| Honeywell N10002 | 125 kHz | 34-bit | 0–65,535 | Yes | Yes |
| HID iCLASS SE | 13.56 MHz | SIO-encoded | N/A (encrypted) | No | No |
| HID Seos | 13.56 MHz | SIO-encoded | N/A (encrypted) | No | No |
How to Identify Your Healthcare Facility’s Card Format
Start with an existing card label. HID cards typically print a 10-digit facility code and card number sequence. Kantech ioProx cards often carry “XSF” on the label or a part number such as P10SHL. Honeywell Northern cards may show PX4H or PVC425. Your access control software—EntraPass, OnGuard, Pro-Watch—will list the credential type for any enrolled cardholder, which is the most reliable source.
If you have only the reader model number, contact us at /contact/. We can usually identify the format from the model alone.
Ordering Compatible Healthcare Access Cards
For any 125 kHz proximity format in the table above, you need four things: your format name, your facility code, your desired card number range, and quantity and form factor (ISO PVC card, clamshell, or key fob).
American Key Cards is a U.S. supplier of compatible-by-specification access credentials. Our cards are not OEM products and are not affiliated with HID, Johnson Controls, Carrier, or Honeywell. They are programmed to the same format specification as the OEM card, using the facility code and card number you provide, and they work in the same readers. There are no OEM-channel minimums and no dealer account required.
To get started, reach out through the contact page with your format and facility code details. We will confirm availability, programming specs, and lead time before you commit to an order.
Frequently asked questions
What access card formats are most common in hospitals?
The most frequently deployed formats in U.S. healthcare settings are HID Prox 26-bit (H10301), Kantech ioProx (XSF / 26-bit), LenelS2 OnGuard with either standard 26-bit H10301 or the proprietary 36-bit L11601 format, and Honeywell Northern N10002 34-bit. Many larger health systems also deploy HID iCLASS SE or Seos smart cards on sensitive areas. The format in your facility depends on who installed the system and which access control platform your security team manages.
Can third-party suppliers replace HID iCLASS SE or Seos cards used in hospitals?
No. HID iCLASS SE and Seos credentials use AES encryption with Secure Identity Objects that are cryptographically bound to the specific card chip. No third party can clone, reproduce, or supply functional replacements for SE or Seos cards. Replacements require re-enrollment through your system integrator using HID's issuance platform. American Key Cards does not claim otherwise, and we will tell you clearly when a format is outside what we can supply.
What information do I need to order compatible hospital access cards?
For standard 125 kHz proximity formats, you need your facility code (sometimes called site code), the card number range you want programmed, and your reader brand and model. This information is typically on your existing card labels, in your access control software, or in the installer's commissioning records. Contact us if you cannot locate it—we can often identify the format from the reader model number.
Are standard 125 kHz proximity cards secure enough for a hospital environment?
Standard 125 kHz proximity cards (HID 26-bit, Kantech ioProx, Honeywell N10002) carry no encryption and can be cloned with commercially available tools. For general staff and visitor access in lower-risk zones, 125 kHz credentials are widely accepted in healthcare. For pharmacy, server rooms, executive areas, or anywhere HIPAA audit trails are required, most health system security teams deploy HID iCLASS SE or Seos smart cards, which cannot be cloned. AKC supplies compatible cards for the 125 kHz formats; we advise clients honestly when upgrading to smart card technology is the right answer.
