Posts

patient ID in healthcare

Our Top Posts on Patient ID in 2016

patient ID in healthcare

A look back at our most trafficked blog posts of 2016 and a few words on the state of patient ID in healthcare. (Photo courtesy of pixabay.com: http://bit.ly/2iUh8G9)

We work hard throughout the year to help our community stay informed of the latest news and information on the state of patient identification in healthcare. Our perspective is that the future of patient ID is the patient photo, and with good reason. The ECRI recently recommended that healthcare organizations use more standard means of patient identification, which should include patient photos with their electronic health records (EHR). In addition, many prominent healthcare providers have already implemented patient photo capture initiatives, pointing out that capturing a photo increases patient safety and helps augment effective patient provider communication.

Understanding that accurate patient ID in healthcare affects so many more downstream activities and is widely considered to be the “big bang” of effective and safe patient care, the urgency for hospitals and healthcare organizations to adopt more secure patient identification technology has never been stronger.

Healthcare providers should take note however that not all biometric patient identification solutions are equipped to address the challenges and complexities of ensuring ID accuracy across the entire care continuum which now includes a multitude of new touchpoints such as connected health devices, patient portals, telemedicine, home health, and more. Investing in a patient identification solution that simply provides the ability to accurately identify an individual when they are physically present at a medical facility is now considered short-sighted. Healthcare providers should now consider adopting patient ID technology that is easily scalable, and has the flexibility to capture and store a patient’s photo for accurate identification during any encounter along the care continuum.

In 2016, we wrote extensively about the impact of accurate identification on patient safety including several posts that extrapolate on the imperatives of capturing photos as part of the ID process. We also covered how technology has changed healthcare provider patient ID protocols, the growth and impact on patient ID of iris recognition on smart devices, the characteristics and limitations of patient ID biometric hardware, and much more.

After crunching the numbers, what were our most popular blog posts for 2016? Here is the list:

  1. Identify Unconscious, Unknown Patients with Biometric Identification Technology – Written in May, 2015 this entry was our most trafficked post in 2016. Understanding how biometric technology works in real-life scenarios can help shed light on its true ability to identify unconscious patients as quickly as possible. 
  2. The Difference Between 1:N, 1:1, and 1:Few and Why it Matters in Patient ID – Did you know that there are different biometric matching types depending on the type of hardware modality you deploy for patient ID in healthcare? Written in 2015, this post examines three biometric matching types – one-to-many, one-to-one, and one-to-few – providing a side to side comparison of each matching type capabilities and limitations and providing a recommendation of the only matching type that can truly prevent duplicates and protect patient medical identities.
  3. Removing the word “scan” from iris recognition healthcare biometrics – Our extensive experience deploying iris recognition biometrics around the world helped us to understand and advocate that the word “scan” be removed from any discussion of this technology. Learn more about our viewpoint in this post from 2015.
  4. In Your Face: Future of Federated Patient ID – As we mentioned earlier in this post, the future of patient ID in healthcare is the distinct ability for a provider to capture and store a patient’s photo that can be used for accurate identification at any point along the care continuum. This post, and a subsequent follow up article by our friends at HealthStandards effectively illustrates not only the importance of capturing a patient’s photo at registration but how that photo can be used with facial recognition biometrics for accurate identification no matter where a patient seeks care or data access.
  5. Why telemedicine needs accurate patient ID – Following in the footsteps of our assertion that modern patient identification strategies should be holistic and enable the ability to accurately ID patients at any point along the care continuum, this post covers why we feel accurate patient ID is just as important for connected health and telemedicine as it is for in-person visits.

2016 is a wrap. We observed a few positive advancements to improve patient identification in healthcare, but overall we remain concerned that the topic is often skirted in favor of bolder, more splashy initiatives (e.g. – MACRA, Blockchain, interoperability) which always seem to garner more attention. No doubt that these are important initiatives in the healthcare industry but as we have said many times before — accurate patient identification in healthcare arguably should have been the first problem solved before we tackled these other projects. However, factors at play make it perhaps one of the most difficult and complex healthcare issues to solve from a logistical, political, economical, privacy, and health data exchange perspective.

What did you feel was the most important patient identification advancement (or regression) during 2016? Please leave us a comment!

 

learn how to prevent medical identity theft in healthcare

How to Prevent Your Medical Information from Misuse

learn how to prevent medical identity theft in healthcare

Medical identity theft can seriously threaten your physical and financial health.

The following guest post on protecting your medical information from misuse was submitted by Christine DiGangi.

When it comes to personal information, your health records are about as personal as it gets. And while it may not seem as immediately damaging as someone hacking into your bank account, medical identity theft can seriously threaten your physical and financial health.

How a Thief Might Misuse Your Medical Information

Think of all the information you’ve handed over at a doctor’s office: Name, birth date, address, Social Security number, insurance information, family medical history — these are all things someone can use to impersonate you. This makes health care providers targets for hackers. What can they do with your medical data? Plenty. They can open fraudulent financial accounts, commit crimes (besides identity theft), file a fraudulent tax return (and get the refund), buy prescription drugs with your insurance (and maybe sell them, which goes back to the crime problem), claim federal benefits like Social Security, use your insurance to get medical care and countless other things, all in your name. The results of such fraud can end up on your criminal record, medical history or credit report.

Say someone got their hands on your medical information and they used it to get medical treatment. That person’s health data could end up in your medical history and affect your future care. What if that person maxed out your insurance coverage, leaving you without the coverage you need? What if medical expenses that person generated don’t get paid? That could result in a collection account on your credit report and cause your credit score to drop until you dispute the error or resolve the identity theft. There’s a lot at stake. We asked identity theft expert Adam Levin, co-founder of Credit.com and author of “Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves,” for his top tips on preventing your medical information from misuse. Here’s what he said.

You Don’t Have to Share Everything

A lot of people provide their Social Security number and other sensitive details to their healthcare provider without asking if it’s necessary, Levin said. Just because they ask for it doesn’t mean they need it.

“Find out how they intend to secure it,” Levin said. “Remember, they already have your medical insurance information and often require a credit card.”

When You Do Share Sensitive Information, Do It Carefully

Once you hand over your information, you no longer control it, so think about the way you’re providing your doctors with records. Levin said you should never send medical information to someone you don’t know unless you’re the one who contacted them.

“Know precisely to whom you are communicating and confirm that their requests are reasonable,” he said. “Remember, you should never send sensitive information by way of email or text. Only fax if you know who is standing next to the machine as you are faxing.”

Use Common-Sense Security

Lots of health care providers have gone digital, meaning you can access your records or pay your bills through an online account. While password security is important for all online accounts, it’s especially crucial when you’re setting your credentials for a medical website. And if you do end up with physical paperwork that includes details on your health, insurance or any other personally identifiable information, keep it in a safe place. If you want to discard it, use a cross-cutting shredder, Levin said.

More Resources on Medical Identity Theft

Until a fraud has been corrected (which can take months or even years), you may suffer some credit damage, which is another reason to try and prevent the fraud from happening and act quickly as soon as you detect it. While working toward a resolution, you’ll want to focus on what you can control, like practicing the safety tips we just described or improving other aspects of your credit. For example, you could work on making on-time payments and paying down debt, which are good things for your credit scores. If you’re having trouble accessing credit because of identity theft, getting a secured credit card might be able to help you keep your credit file active, because a secured card generally does not require a credit check.

Monitor your credit reports for unfamiliar collection accounts and other signs of identity theft, in addition to keeping an eye on your mail and insurance for bills regarding care you didn’t receive. The Federal Trade Commission has a guide on how to request and review your medical records for accuracy, as well as how to resolve identity theft.

learn more about how to prevent medical identity theft in healthcareChristine DiGangi is a reporter and the social media editor for Credit.com, covering a variety of personal finance topics. Her writing has been featured on USA Today, MSN, Yahoo! Finance and The New York Times International Weekly, among other outlets. You can find her on Twitter @writingbikes.

 

biometric patient ID in healthcare

Our Top Five Biometric Patient Identification Blog Posts of 2015

biometric patient identification in healthcare

Read through some of our most popular blog posts on biometric patient identification in healthcare during 2015

2015 was an important year of growth and innovation for RightPatient®. We started this blog two years ago to help educate the healthcare community on the importance of establishing secure, accurate patient identification in healthcare and to establish a trusted resource to help understand how the use of biometrics for patient ID has proven to be an important tool to help increase patient safety, eliminate duplicate medical records, improve revenue cycle management, and prevent medical identity theft and fraud. 

Throughout our journey, we have shared many important posts demonstrating how our hospital partners have successfully implemented biometrics for patient identification and provided real life examples of the post deployment benefits realized. Among the dozens of posts the RightPatient® team posted during 2015, the following posts were the most popular:

  1. Uniting Accurate Patient Identification with Secure Single Sign-On (SSO) to Improve Data Integrity in Healthcare: In an effort to help continue increasing patient data integrity in healthcare, we announced a new partnership with Healthcast,  the #1 ranked single sign-on solution (KLAS, 2014) to increase patient safety and secure access to patient data. 
  2. RightPatient® Prevents Healthcare Fraud at University Health SystemHealthcare fraud and medical identity theft are two rising concerns for healthcare organizations because they jeopardize patient safety, raise the cost of care, and could lead to non-reimbursable medical procedures. University Hospital in Augusta, GA recently was able to prevent healthcare fraud in their ER through the use of the RightPatient® with photo biometrics.
  3. Removing the Word “Scan” from Iris Recognition for Healthcare BiometricsFueled by Hollywood sensationalism, iris recognition biometric identification is often depicted as “scanning” a person’s eyes with visible light. The fact is, no visible light is used with iris recognition and instead of a “scan,” iris biometrics takes a high resolution digital photograph. 
  4. Identify Unconscious, Unknown Patients with Biometric Identification TechnologyThe difficulty to identify an unconscious or disoriented patient jeopardizes patient safety in healthcare. Biometric patient identification has emerged as a technology capable of identifying patients in these conditions, but did you know that not all biometric patient ID solutions have the ability to identify unconscious or disoriented patients? 
  5. Biometric Patient Identification Implementation Should Be Higher On The Priority ListDespite the fact that accurate patient identification affects so many downstream clinical and financial activities, hospitals and healthcare organizations are still not placing enough emphasis on evaluating implementation and use of this technology as a priority. 

We will continue to research and write educational and informational posts during 2016 about the rising use of biometrics for patient identification in healthcare including case studies and examples of how our technology is helping hospitals around the world to: eliminate duplicate medical records, prevent medical identity theft and fraud, increase patient data integrity, and improve patient safety. 2015 was a year of significant growth for RightPatient® as we continue working toward our mission to offer the most innovative and comprehensive patient identification solution that increases patient safety, reduces costs, improves the quality of care, and enhances the patient experience. 

Curious to know more about the use of biometric patient identification in healthcare? Is there a topic that you would like to learn more about? Drop us a message at: jtrader@rightpatient.com with your ideas and suggestions!

Thank you for being a part of our blog community!

biometric patient identification prevents healthcare fraud

RightPatient® Prevents Healthcare Fraud at University Health System

RightPatient® Prevents Healthcare Fraud at University Health System

Through the use of photo biometrics, the University Health System was able to catch a patient attempting to commit healthcare fraud in the ED.

Healthcare Fraud Jeopardizes Patient Safety and Raises the Cost of Care

Emergency Departments (ED) can be subjected to healthcare fraud from individuals without insurance seeking care, especially those with manageable chronic conditions. These patients often go to hospital EDs because they don’t have access to any source of care and in a large number of cases, attempt to defraud the healthcare system by providing different names, dates of birth, or other demographic information during registration. 

Hospital patient access staff on alert for healthcare fraud often must strike a tricky balance of ensuring a patient receives timely care with the need to identify and prevent these individuals from illegally obtaining medical services that could raise liability and possibly harm the patient.

Patients who may be trying to defraud the system can raise the cost of care for all of us with most of the cost to treat these individuals passed on to insurance providers that raise premiums to subsidize care provided to the uninsured. It’s a persistent problem in healthcare that jeopardizes patient safety.

Medical Identity Theft and Healthcare Fraud are Persistent Patient Safety Problems in Healthcare

The National Health Care Anti-Fraud Association (NHCAA) estimates that the financial losses due to health care fraud are in the tens of billions of dollars each year. The Ponemon Institute released a study earlier this year that reported a 21.7% increase in medical identity theft cases since the previous year’s study.

A costly and often complex and time consuming issue to resolve, healthcare fraud and medical identity theft often financially decimate victims and healthcare institutions and can have a ripple effect that negatively impacts provider reputation. Add to that evolving patient expectations that healthcare providers are taking the necessary steps to protect their identities and ensure the privacy of their protected health information (PHI), and it’s clear that this is a festering problem in the industry that deserves immediate and swift preventative action.

Implementing Biometric Patient Identification to Identify Potential Healthcare Fraud

When University Health System staff sat down to address the problem of healthcare fraud and began to assess patient authentication technology options that had the potential to prevent it, they decided to deploy RightPatient® biometric patient identification as part of an overall strategy to increase patient safety, eliminate duplicate medical records, and prevent medical identity theft and fraud throughout their network. Using photo biometrics as their preferred modality, University launched the RightPatient® patient identification system in the summer of 2015 at both hospitals in their network and began registering patients and linking their unique biometric credentials to a single electronic health record (EHR).

Thusfar, the deployment has been a resounding success, with over 99% of patients opting in to ensure the safety and privacy of their PHI. University placed a great deal of emphasis to ensure their staff understood why the RightPatient® solution was implemented and meticulously trained patient access personnel on how to properly use the system prior to launch.

Their efforts paid off.

Recently, a patient was registered through the ED in the RightPatient® system, and then returned to the same ED days later claiming a different date of birth and a different last name. Following hospital registration protocol, the patient access representative took the patient’s photo with an iris camera and the RightPatient® system immediately flagged the patient’s medical record and instantly notified staff that the patient had previously enrolled with their biometric credentials already linked to another unique EHR. University staff then realized that the patient was attempting to assume another identity and took action to prevent it.

Even if this patient had enrolled in the RightPatient® biometric patient identification system at another location within University’s network, they still would have been flagged as a potential fraud case if they returned to a different facility due to the fact that RightPatient® seamlessly integrated with University’s Epic EHR system and can be used at any point along the care continuum, regardless of the patient’s physical location within the network (RightPatient® can even be used to authenticate an identity on patient portals and mHealth applications!).

Conclusion

The persistent and dangerous problem of medical identity theft and healthcare fraud is a direct threat to patient safety but also has repercussions that impact many other facets of care delivery. Implementing modern patient identification technologies that have the unique ability to prevent healthcare fraud should be a key goal for any medical facility set on improving safety, lowering liability, and raising the quality of care. The University Health System case clearly demonstrates that RightPatient® deters medical identity theft and healthcare fraud throughout the care continuum by linking a patient’s unique biometric credentials to one medical record.

Thank you to the staff at University for allowing us to share this story with our community!

photo biometrics stopped healthcare fraud

RightPatient® Helps Hugh Chatham Memorial Hospital Fight Healthcare Fraud

photo biometrics for patient identification prevents healthcare fraud

Hugh Chatham Memorial Hospital recently used photo biometrics to prevent healthcare fraud.

Prescription Drug Abuse 

Eliminating fraud is a pressing issue in healthcare that continues to threaten patient safety. The FBI states on their Web site: “With no signs of slowing down, healthcare fraud is a rising threat, with national health care expenditures estimated to exceed $3 trillion in 2014 and spending continuing to outpace inflation.” (source:  https://www.fbi.gov/about-us/investigate/white_collar/health-care-fraud). On average, healthcare fraud accounts for 10% of our nation’s annual healthcare expenditure.

One form of healthcare fraud seen in emergency departments at hospitals around the country is individuals attempting to commit identity theft in order to obtain prescription medication.With approximately 8.76 million people in the U.S. abusing prescription medication (source: https://www.columbusrecoverycenter.com/prescription-drug-abuse-in-america/) and the lion’s share of those medications coming from a doctor’s prescription, medical facilities are proactively stepping up their efforts to implement stronger patient identification safeguards to ensure that the problem is addressed. After all, many patients may not understand the health dangers and risks of someone stealing your identity and inaccurate health data being attributed to your medical record – it is extremely dangerous and could result in serious injury, even death should a clinician act on incorrect protected health data (PHI) in your medical record. 

Just how bad is the problem of prescription drug abuse in the U.S.? Consider the fact that every day in the United States, 44 people die as a result of prescription opioid overdose. Fortunately, there are tools available to catch identity fraud at the point-of-service in hospitals before harm is done.

Using Photo Biometrics to Deter Healthcare Fraud

Hugh Chatham Memorial Hospital implemented the RightPatient® patient identity management solution using photo biometrics to help support patient safety, eliminate duplicate medical records, and prevent and deter medical identity theft. Recently, a patient arrived at the Hugh Chatham Memorial Hospital emergency room seeking treatment for an injury that according to the patient had just occurred in the prior hour. The patient signed in under a fraudulent name, date of birth, address, invalid marital status, a disconnected phone number, invalid employment status, fraudulent emergency contact, and an invalid social security number. The patient proceeded with registration, and signed all admission paperwork under the fraudulent information.

During the registration process, the registration clerk used the RightPatient® photo biometrics solution to enroll the patient since this was (according the patient) the first time they had ever been to the hospital. The RightPatient® system worked just as it was designed, sending the registration clerk an alert that indicated the patent had been previously enrolled and that their biometric credentials had already been linked to another unique electronic medical record, providing the medical record number the patient had been registered under.

The clerk was then able to access the medical record the patient had been previously registered under and after review, Hugh Chatham was able to see other visits for that same day in other clinic/practice locations. A decision was made to contact local authorities.

Thanks to the RightPatient® software and the efforts of this staff member, Hugh Chatham Memorial Hospital was able to securely identify the patient, avoid duplicate medical records, prevent identity theft and associated healthcare costs, and help maintain a safe environment for patients. 

Conclusion

Encouraging healthcare facilities to implement safeguards that ensure accurate patient authentication through technologies such as photo biometrics has been our mission since we founded RightPatient®. We will continue to share our success stories with others to help educate and inform in the overall effort to remove fraud and increase patient safety in healthcare.

Have a story on how the use of biometrics prevented a potential case of healthcare fraud? Please share it with us in the comments!

the use of biometrics to secure PHI access

Improving Patient Engagement with Secure PHI Access

the use of biometrics to secure PHI access

The explosion of mHealth apps and patient portals for PHI access demands more modern patient and clinician identification technologies than user names and passwords.

The following guest post was submitted by Michael Trader, President and Co-Founder of RightPatient®

The rise of digital health tools for PHI access

Encouraging patients to take a more active and engaged role in their healthcare has been a key focus of healthcare providers in the wake of Meaningful Use requirements. What began as an industry mission with specific benchmarks and goals has since manifested into the actual use of myriad digital tools and platforms that are educating, engaging, and working to empower patients to increase accountability and responsibility for their own health and, when applicable, the health of their families. In fact, a recent HIMSS survey on how mobile apps and portals improve patient engagement indicated that on the provider side:

  • 73% of organizations used app-enabled patient portals to increase consumer participation in their overall health and wellness goals as well as meet relevant Stage 2 and Stage 3 Meaningful Use requirements under the Medicare and Medicaid EHR Incentive Programs.
  • Nearly half of those polled stated that “implementation of mobile services for access to information is a high priority at their organization.” Additionally, more than half – 57 percent – indicated that their facility implements a mobile technology policy, which often has a focus on mobile health security capabilities.
  • About one-third of polled healthcare organizations stated that they provide “organizational-specific apps” to the patient community.

(source: http://mhealthintelligence.com/news/how-mobile-health-apps-portals-improve-patient-engagement) 

One important facet in the goal to improve patient engagement is providing easier and faster access to personal health information (PHI). Manifested through Meaningful Use Stage 2, the benchmark is stated as:

Provide patients the ability to view online, download and transmit their health information within four business days of the information being available to the EP. (source: http://www.healthit.gov/providers-professionals/achieve-meaningful-use/core-measures-2/patient-ability-electronically-view-download-transmit-vdt-health-information

The idea is for healthcare providers to reach beyond traditional means of accessing PHI (think in person visits) and adopt digital health tools for easier, faster, and more convenient ways of accessing this data (think patient portals and provider mHealth apps). In concept, increasing the availability of tools and platforms to access PHI is a good thing — it caters to increasing patient demand to offer greater PHI accessibility through resources that offer more convenience and are in lockstep with the rise of the digital health movement. However, the explosion of digital tools for PHI access carries an inherent risk that patient identities will be compromised, stolen, or shared leading to a sharp increase in fraud and medical ID theft that poses a direct threat to not only patient safety and provider medical error liability, but also to the rising cost of healthcare. Not to mention the fact that the rising use of digital tools to access PHI compromises patient data integrity which is critical to maintain because of the ripple effect it has on the ability to provide accurate care along the continuum and the confidence it represents to successfully participate in health information exchanges (HIEs).  

Keep in mind that each time a perpetrator commits healthcare fraud or medical ID theft, the fallout of legal fees, settlement costs, and expenses to restore an identity are passed down to ALL patients in the form of higher fees for medical services. Therefore, collectively there is a pressing need to ensure that adoption of stricter and more secure methods of patient identification must run parallel to the rise in digital tools and platforms for safe access to PHI. Otherwise, patients may not be as willing to use these tools for fear of medical ID theft or unlawful access to their PHI data which directly compromises their safety, security, and privacy. 

Monetary damages are only the tip of the iceberg for healthcare organizations when discussing the impact of fraud and medical ID theft. It was been well documented that reputation can be negatively effected when patients perceive or a data breach confirms that healthcare providers are not taking the necessary action to increase PHI access security.

How can we correlate an increase in quality patient engagement with secure PHI access? Patient engagement is, without a doubt, a key linchpin to the success of healthcare’s triple aim. Simply stated, it is not possible for the healthcare industry to achieve the goals of lower costs, an enhanced patient experience, and improving population health in the absence of strong and sustainable patient engagement.

Securing PHI access for higher levels of patient engagement

Scour the internet for articles that cover patient willingness to use digital health IT tools to access PHI and you will discover that despite the industry wide effort to adopt tools that provide more convenient and faster access to medical data, few patients are actually doing so. In fact, a recent survey revealed that just 21% of respondents said they use the Web to access their health data. Meanwhile, 10% said they use e-mail and 40% view the data in person

The reason behind patient unwillingness to use mHealth tools and portals for PHI access runs the gamut from dissatisfaction with mobile health applications to challenges in finding and using instructions, data inaccuracy, and device malfunctions or data syncing issues. Furthermore, issues related to poor mHealth app and portal security have hampered more widespread adoption of these tools and stoked patient fears that their privacy could be compromised by using them.

Setting aside those with opinions that privacy can never exist in the healthcare industry, the link between patient confidence and trust that their identities and PHI are protected when using mHealth apps or patient portals is palatable and has a direct effect on their willingness to use these tools as part of their overall care.

First, it’s important to distinguish the difference between “privacy” and “security” as it applies to healthcare data. HIMSS does an excellent job of breaking down the differences:

“Privacy” is the right of an individual to make choices with respect to the collection, use and disclosure of their data; “security” is the safeguards – physical, administrative and technological – used to protect the confidentiality, integrity and availability of the data. Because the challenges are many, there is a tendency to focus on “security” in mHealth. Patient privacy cannot be achieved without adequate data safeguards; however secure devices do not necessarily preserve patient privacy. (source: http://www.himss.org/ResourceLibrary/GenResourceDetail.aspx?ItemNumber=30406

One of the largest impediments to widespread adoption of mHealth tools, portals, and other digital health platforms is inadequate mobile security policies that fail to take into account the necessity of adopting more modern patient identification tools that are commensurate to the data they protect.  For example, most healthcare providers continue to use user name and passwords to protect patient identities when using mHealth tools and portals. While these may have once been permissible security protocols in the past, these identity verification methods are now considered antiquated and should be replaced. Even though user names and passwords have proven to no longer be secure enough to protect patient identities, almost all healthcare providers still rely on their use for mHealth apps and patient portals. 

Secure PHI access requires modern patient and clinician ID technology

If healthcare providers expect patients to adopt mHealth tools and patient portals as a more convenient way to access PHI, the implementation of stronger and more secure identification technology is critical. Most healthcare security experts agree that due to the large amount of PHI data moving across provider locations via mHealth apps and patient portals, stronger security is needed to prevent data breaches if a patient’s identity is compromised. Plus, the increasing complexity of mHealth apps and their distinct ability to sync PHI data across multiple devices raises important questions about how to properly protect patient privacy  to ensure HIPAA compliance for these new tools. 

Securing PHI access is not limited to patient interactions with mHealth tools or patient portals however. A sound strategy to secure mobile and remote access to this sensitive data is required not only for patients, but also for any clinician that has access to mobile technologies. A 2014 HIMSS Analytics Mobile device study reported that:

…approximately one-quarter of US hospitals (28 percent) reported that smartphones are in use at their organization. On average, 169 devices are deployed per hospital. In comparison, 24 percent of US hospitals reported that tablet computers are in use at their organization, with an average of 37 devices deployed per hospital. (source – https://capsite.himssanalytics.org/assets/Uploads/2014-Mobile-Essentials-Brief-TOC12914.pdf)

Healthcare organizations must plan to implement a technology that has the flexibility to be used for secure patient and clinician identification, usually through a strategic combination of a strong single sign-on (SSO) platform to establish strict identification checks and provide a concrete audit trail of data access history with an enterprise-wide patient ID solution to secure remote access to PHI from mHealth apps and patient portals. The modern identification technology of choice for many healthcare providers to meet the rising demand for tighter security to access PHI is biometrics.

Lack of a strong PHI access policy can also have a negative impact on provider reputation. In a recent report on medical identity theft by The Ponemon Institute, 79% of patients surveyed said it is “very important” for healthcare providers to ensure the privacy of health records and allow them to have direct control of their health records.  

Why biometrics?

The HIPAA Privacy Rule requires healthcare organizations to secure remote access to PHI data as a safeguard for patient privacy and to eliminate data breaches that can lead to fraud and medical identity theft. Once considered secure identification criteria, user names and passwords are now considered antiquated and unable to offer strong protection to secure PHI access largely due to the fact that:

  • Most patients don’t want to worry about memorizing a complex password and thus default to using a simplistic password that’s easily guessable.
  • Most patients use the same password for many accounts, resulting in one key that unlocks dozens (or hundreds) of doors.
  • Most patients don’t even keep their passwords in secret. Everything from Netflix accounts to bank accounts to web accounts to video game accounts are often shared between friends, family members, and even strangers.

The use of biometrics for individual identification poses a much more secure and flexible technology to address the pressing need for healthcare to adopt stricter PHI access security protocols. Why?

We have written extensively about the applicability of biometric patient identification to improve patient safety in healthcare. Biometrics relies on identifying patients and clinicians by who they are, rather than what they have (ID badges) or what they know (user names, passwords) which can be more easily stolen or shared. Biometric identification technology is a more secure method to identify patients in self-driven interactions by allowing them to use the camera or microphone on their smartphone or tablet and use facial or voice recognition biometrics for accurate authentication. Biometrics offers more flexibility and convenience because it has the ability to be implemented at patient touchpoints where user name and password entry would be cumbersome and inappropriate — home health settings for example.   

The use of biometrics for identification also offers a concrete PHI access audit trail, a more accurate tracking mechanism than user names or passwords which can easily be shared and often skew analytics because it’s impossible to determine the actual individual using the credentials. This is important because litigation often relies on these audit trails used in the defense of medical identity theft or healthcare fraud claims.

Conclusion

Participation in portals and the use of mHealth and other mobile apps to access PHI is a key catayst to increase patient engagement in healthcare. Patients must have the confidence in their healthcare provider that their PHI is easily accessible and protected with the strongest authentication security on the market that ensures their privacy and safety. User names and passwords are no longer sufficient authentication credentials to meet the expanding need to offer a more flexible, scalable, and more secure identification technology for mHealth apps and patient portals.

Equally important is protecting clinician access to sensitive PHI data. Protocols must be implemented that abandon user names and passwords in favor of technologies such as biometrics that are more secure, less susecptible to being stolen or shared, and leave a concrete PHI data access audit trail. 

Have questions about the use of biometrics for patient identification in healthcare? Feel free to leave a comment or question below. 

 

 

 

mhealth requires strict patient identificaiton

UCLA Breach Reinforces Importance to Protect Patient PHI

mhealth requires strict patient identificaiton

The recent UCLA data breach is a strong reminder that healthcare organizations should consider the use of biometrics such as facial or voice recognition to protect patient PHI on mobile devices and patient portals.

It’s probably unfair to say that the recent UCLA Medical Center data breach that potentially exposed the personal health information (PHI) of 4.5 million patients was a wake up call for the healthcare industry to implement tighter data security protocols. In fact, it wasn’t a wake up call at all.

Healthcare data breaches have proliferated over the last five plus years, and the Health and Human Services (HHS) public “wall of shame” list of healthcare data breaches involving 500 or more individuals is…well….let’s just say a tad crowded. Since HHS began the list in 2009, 1,265 breaches exposing the records of nearly 135 million people have made the list. Ouch. The UCLA data breach isn’t groundbreaking news, it is simply another chapter in the long novel of healthcare data breaches that have placed millions of patients at risk by exposing their PHI and in some cases, social security numbers and personal demographic information. 

The UCLA breach also foreshadows rising demand for tighter security protocols to protect PHI from unauthorized access on patient portals, mobile devices, and other new touchpoints. This rise of additional patient touchpoints to access PHI has vaulted establishing tighter security controls into the spotlight beyond traditional means of authentication. History has shown that username/password-based security is inadequate on mobile devices, yet healthcare organizations continue to adopt technology that uses this method to authenticate patients. Considering the high stakes to protect patient PHI, the UCLA data breach wasn’t a wake up call – it moved the needle to protect patient PHI to Defcon 1. 

The HIPAA Privacy Rule mandates that healthcare organizations secure remote access to PHI data as a safeguard for patient privacy and to eliminate data breaches that can lead to fraud and medical identity theft. The introduction of touchpoints such as patient portals and mobile devices changes the dynamic of protecting patient PHI because it demands adopting strategies that include using modern patient identification systems yet many healthcare organizations continue to rely on antiquated security solutions.  

Healthcare organizations must now consider patient identification systems that can address accurate authentication at each and every touchpoint along the care continuum, far beyond simply implementing technology that covers patient ID at office visits. 

Implementing accurate patient identification when accessing PHI from mobile devices and patient portals must balance strong security with convenience and speed, which is why technologies such as facial and voice biometrics are gaining popularity. The use of biometrics to protect patient PHI is a smart investment, especially if healthcare organizations deploy a solution that offers the flexibility to be used during hospital/office visits and on each and every touchpoint a patient now has the ability to utilize as a means to access health data. Biometric patient identification solutions offer stronger security than user names and passwords and have proven to be more efficient and convenient by eliminating the need and frustration to remember multiple login credentials.

As we experience a sharp rise in patient driven interactions within the healthcare system that offer more avenues for criminals and hackers to access PHI, it is critical that healthcare organizations implement modern identification solutions that have the ability to better protect this information. Biometrics to protect patient PHI is quickly gaining attention as a security solution that can serve this need. Although it’s impossible to determine whether or not biometrics could have helped prevent hackers from obtaining access to protected patient PHI in the UCLA data breach, the use of this technology can help to offer a secure layer of protection that can deter hackers from even attempting to try.

 

the use of biometrics for patient identification is increasing in the healthcare industry

Fortune Magazine Article Highlights Growing Use of Biometrics for Patient Identification

the use of biometrics for patient identification is increasing in the healthcare industry

A patient has their photo captured with an iris recognition camera at a hospital that has deployed biometrics for patient identification.

Excellent article in Fortune magazine today written by Laura Shin that addresses the topic of healthcare data breaches and whether or not the increasing use of biometrics for patient identification will add a layer of protection to help thwart hackers in the future and eliminate medical identity theft and healthcare fraud. 

We are grateful that Laura included us in her research for the article, mentioning our work with implementing iris biometrics for patient identification at Novant Health’s Clemmons Medical Center location and a specific case of when a father brought his son into their facility, pointing out that: Read more