Augusta, GA based University Health Care implemented photo biometrics for patient ID to increase patient safety.
The following post was submitted by Brad Marshall, Enterprise Development Consultant with RightPatient®
Biometric Patient ID No Longer a Movie Prop
It wasn’t so long ago that the term “biometric patient ID” wasn’t even in the lexicon of healthcare providers as a reliable means to improve patient safety, eliminate duplicate medical records, prevent medical ID theft, and increase patient data integrity. In fact, just a few years ago, many providers had never even heard of biometrics used to accurately identify patients and those that did know about the technology could only relate to what they had seen on the movie screen or read in a science fantasy novel.
Today, the use of biometrics for patient ID in healthcare has sharply risen as more healthcare organizations realize the technology’s potential to better protect individuals from the perils of misidentification and better understand the ability of select biometric patient ID solutions to be seamlessly integrated into EHR workflow.
However, what stands as a true testament to the rising use of biometrics for patient identification in healthcare is the ability of the technology to demonstrate realized return on investment (ROI) against the goals set forth prior to implementation. In other words, the true “proof in the pudding” of biometrics for patient ID can be benchmarked through multiple objectives — how significant was the reduction in duplicate medical records and chart corrections? What percentage of patients are opting into the biometric patient ID system? Has investment in biometrics for patient ID streamlined patient registration? Is the technology effective in reducing cases of fraud and medical ID theft?
University Health Deploys Photo Biometrics for Patient ID
In most cases, biometric patient identification deployments must mature to a certain level in order to measure the impact on improving patient safety and the additional aforementioned goals and objectives. In other words, beyond restricting medical ID theft and healthcare fraud at the point of service, it’s impractical to expect immediate results after deploying biometrics for patient ID. The system must be in place for a certain period of time before healthcare providers can expect to reap additional benefits — categories such as patient acceptance and enrollment and reduction of duplicate medical records for example.
Augusta, GA based University Health Care System is a classic example of a healthcare organization that had clear goals and objectives in mind prior to implementing biometrics for patient ID and are now realizing benefits from their choice of photo biometrics over other hardware alternatives. University Health officials have been pleased of the simplicity of photo biometrics where patients take their photo and are instantly identified followed by the retrival of their correct medical record in the Epic EHR system. With over 99% of patients choosing to enroll in the biometric patient ID solution, University quickly amassed a database of 50,000 patients to participate and the numbers keep increasing each day.
Perhaps equally important is the fact that since implementing RightPatient®, University Health has seen nearly a 30% decrease in chart corrections, defined as the health information management (HIM) department’s need to go back into a chart and correct any data entry errors during the patient registration process. RightPatient® has also been instrumental to eliminate write–offs directly related to patient fraud — in one case a patient attempted to commit healthcare fraud by using multiple aliases in the ED to illegally obtain prescription drugs. Photo biometrics quickly caught the patient by revealing they had previously enrolled under a separate identity and University Health officials were able to quickly notify on-site authorities who sprang into action.
Conclusion
University Health made a conscious choice to implement photo biometrics for patient ID after carefully evaluating the characteristics and limitations of fingerprint and palm vein. They concluded that photo biometrics was the most accurate, hygienic, and versatile solution available with strong potential for future deployment at additional patient touchpoints including mobile devices, patient portals, and telehealth — touchpoints along the care continuum that fingerprint and palm vein just do not have the ability to address.
Learn more about University Health’s use of photo biometrics for patient ID and stay tuned for more posts on what benefits our end users realize after investing in photo biometrics for patient ID.
Brad Marshall is an Enterprise Development Consultant with RightPatient®. With several years of experience implementing both large and small scale biometric patient identification projects in healthcare, Brad works closely with key hospital executives and front line staff to ensure project success.
https://www.rightpatient.com/wp-content/uploads/2014/08/University-Health-Reaps-Benefits-of-Photo-Biometrics.jpg267300John Traderhttps://www.rightpatient.com/wp-content/uploads/2021/04/RightPatient-Logoup.pngJohn Trader2016-08-17 20:00:362020-08-10 09:26:43University Health Reaps Benefits of Photo Biometrics for Patient ID
It’s difficult to call telemedicine the shiny new object in healthcare, mostly because it’s origin can be traced back to the first half of the 20th century. In fact, the first people to use video communication for medical purposes were clinicians at the University of Nebraska who in 1959 established a two-way television setup to transmit information to medical students across campus, and five years later linked with a state hospital to perform video consultations. (source: http://evisit.com/history-of-telemedicine/)
The rising use of telemedicine services in healthcare demands a more holistic approach to accurate patient identification.
Since then, telemedicine has rapidly evolved as a trusted source of care, particularly for patients living in rural areas who traditionally have limited access to healthcare, and the industry is expected to reach 7 million patients worldwide by 2018, fueling an 18 percent growth rate by 2020. This is good news for a wide swath of key players in healthcare, especially providers who are already laser focused on advancing healthcare’s “triple aim” – improving the patient experience, improving population health, and reducing the per capita cost of care, plus telemedicine has proven to be a strong tool to increase patient engagement. Patients stand to benefit handsomely from advances in telemedicine too for its convenience and accessibility, quickly latching on to the “care when and where you want it” mantra of the technology.
Yet, for all it’s convenience and increased accessibility, healthcare providers should take caution on procedures in place to identify patient identities prior to administering telemedicine services. Advances in telemedicine combined with an influx of newly insured patients under The Affordable Care Act have undoubtedly spawned opportunities for patients to commit fraud by stealing or swapping identities to receive services they aren’t eligible for. Undoubtedly the issue of limited reimbursement continues to be a major barrier to the expansion of telehealth — shouldn’t providers pay more attention to adopting technology that establishes a concrete and indisputable audit trail for telemedicine services?
What can telemedicine healthcare providers do to increase patient identification accuracy and adopt a strategy that has the capability to address the need to ensure a patient is who they claim to be?
Telemedicine patient ID laws murky, differ from state to state
As is the case with administering a lot of other digital health tools in healthcare, rules and regulations are fragmented and differ from state to state. Some states like Maryland, Virginia, and New Mexicohave laws and regulations that facilitate the greater use of telemedicineyet others such as Texas are actively seeking to pass laws that restrict telemedicine services to only those patients who have previously seen a doctor.
Regulating telemedicine is a tricky endeavor in healthcare. Most healthcare providers (especially those in medically underserved, rural communities) want to see the expansion of telemedicine because of the potential gains in individual and population health plus increasing the convenience of healthcare delivery helps build patient loyalty and speciality physician access. Think about how much good will is built with chronically ill patients who don’t have to make a painful journey to the doctor’s office to receive care!
However, the potential risks of fraud and medical identity theft by telemedicine patients because of the apparent ease of assuming another person’s identity threatens to jeopardize patient safety and compromise patient data integrity which is essential to maintain in an era of increased interoperability and data sharing. Perhaps Alison Diana, formerly of Information Week, summed it up best by saying: “With multiple organizations providing their well-meaning suggestions, states following their own rules, and insurers taking various strategies, telehealth adoption is hampered by fear, uncertainty, and doubt.”
What’s clear is that telemedicine is yet another tool in a provider’s toolbox that deserves the same patient identification scrutiny and caution given to a face-to-face encounter. Health data security is an issue in healthcare that has evolved beyond brick and mortar identification scenarios and expanded to any point along the care continuum where a patient has access to data or care services. As President and CEO Russell Branzell and Board Chair Charles Christian of CHIME said, “As data exchange increases among providers, patient data matching errors and mismatches will become exponentially more dangerous and costly.” (source: http://www.globalmed.com/telehealthanswers/telehealth-data-security-and-a-national-patient-id/)
With the number of employers increasing employee telemedicine service offerings and the number of people now eligible for these services now estimated to be in the tens of millions, the healthcare industry has a vested interest to ensure 100% accurate patient identification.
Holistic patient identification is the new norm
The digital age of medicine has created a host of new patient touchpoints along the care continuum that require healthcare providers to reassess their patient identification policies to ensure that patients are safe, treatment is accurate, protected health information is attributed to the correct medical record and fraud does not cause medical errors that could increase provider liabilities. The conundrum for healthcare providers is identifying a patient identification technology that has the capability to provide accurate patient identification no matter where a patient is along that care continuum and can flexibly be used at ANY touchpoint, regardless if it’s virtual or physical.
What’s interesting about the explosion of these new patient touchpoints and accessibility is that provider focus (justifiably) is usually targeted on technology, compliance, and reimbursement — all important components to ensure success. For example, articles prognosticating about what telemedicine needs to succeed rarely address adopting stricter patient identification technology to protect both patient and provider. However, our field research demonstrates that healthcare providers are increasingly paying closer attention to perhaps the most essential element of any digital health tool, the absolute necessity of ensuring accurate patient identification prior to administering care.
When it comes to accurate patient identification, telemedicine should not be treated any differently than, say, access to a patient portal or a physical trip to a doctor’s office. Holistic patient identification accuracy protocols that have the flexibility to be used in different capacities but ultimately to achieve the same purpose — ensuring patient identification accuracy and patient data integrity no matter when or where a patient seeks access to medical information or services.
Photo biometrics a perfect fit for patient ID in telemedicine
One patient identification technology surging to meet the demand for holistic patient identification in healthcare is biometrics. The use of biometrics for accurate patient identification in healthcare offers immediate, sustainable benefits (increases in patient safety, reductions of duplicate medical records, elimination of fraud) but what often goes unnoticed are broader, tangential advantages that can be applied to new patient touchpoints along the care continuum.
For example, a healthcare provider using photo biometrics for patient identification in healthcare can ensure accurate patient identification at the point of service then have the ability to verify that same patient’s identity through a portal, or prior to a telemedicine session using facial recognition. Hospital re-admission reduction provides an excellent example of a tangential benefit biometrics delivers to the healthcare industry. By ensuring the accuracy of a patient’s identity during a home health visit or telemedicine session (key components to reduce re-admits), healthcare providers can administer accurate, timely patient care that helps reduce the possibility of a re-admission which significantly adds to the cost of care and can result in Medicare reimbursement reductions.
Biometrics for patient identification offers another distinct advantage to telemedicine — an indisputable audit trail. Healthcare providers can rest assured that they now have a concrete list showing which patient accessed telemedicine services and what day and time they received the services. In this era of shifting regulations and evolving legislation, healthcare providers who implement photo biometrics for patient identification are at a distinct advantage over those that may rely on more antiquated methods to verify patient identities.
Although the use of photo biometrics for holistic patient identification across the care continuum is a new concept in healthcare, more providers understand its value and are exploring the use of this technology.
Is patient identification for telemedicine services a concern for you? What specific challenges do you face?
The following guest post was written by Michael Trader, Co-Founder and President of RightPatient®
The Patient ID Problem
The recurring and complex issue of how to establish and maintain accurate patient identification in healthcare and how to establish a federated patient identity is getting a lot of attention these days. Accurate patient identification in healthcare is a topic that has always garnered attention and concern, but perhaps it has gained momentum and urgency due to the rapid digitization of the industry and the concerted push for interoperability and national health information exchange to improve individual and population health. The push for increased interoperability could make patient data matching errors and mismatches exponentially more problematic and dangerous and it is widely believed that inadequate patient identification continues to jeopardize patient safety and artificially inflate the cost of care.
Can the use of facial recognition biometrics help establish a federated patient identity credential in healthcare?
Opinions on the most effective patient identification and patient matching strategies run the gamut. Some say standardizing patient demographic data will help, others feel that establishing a national patient identifier is the answer to the problem. What’s clear is that in the absence of any broad improvements to patient identification, the goal of establishing longitudinal patient records reflecting a patient’s experience across the care continuum, payers, geographic locations, and stages of life, will remain elusive.
One idea that is catching on with healthcare providers to help improve patient identification in healthcare is capturing a photo during registration that is linked to a unique electronic medical record.
Use of Patient Photos Increasing
Nearly 2.3 million people were victims of medical identity theft in 2014, according to the “Fifth Annual Study on Medical Identity Theft” released earlier this year by the Medical Identity Fraud Alliance (MIFA), an industry trade association of healthcare providers, payers and service providers – a 21% increase over the 2013 number of 1.8 million. Medical identity theft and healthcare fraud continue to be a pervasive problem throughout the industry and in the absence of a solution, the problem is only going to get worse as millions more Americans are brought into the healthcare fold through Obamacare.
To help fight the increase in medical identity theft and to ensure a patient’s identity is accurately verified at each step along the care continuum, many healthcare facilities are capturing a patient’s photo at registration and linking that to a unique electronic medical record. The idea is an attempt to protect patient privacy, ensure accurate insurance benefits and subsequent reimbursement, and connect a face with a name, providing another option for identification besides date of birth. The idea is catching on quickly and many are embracing the use of patient photos to increase security and improve patient safety, but what often goes unrealized is the potential for a patient photo to be leveraged as a unique identification credential across the entire care continuum.
Leveraging Patient Photos for a Federated Identity Across the Care Continuum
Whenever we hear the words “patient identification” most of us envision sitting across a registration desk at a hospital or doctor’s office providing demographic data and our driver’s license and/or insurance card. However, patient identification in healthcare has evolved to now include accurate identification at each and every patient touchpoint along the care continuum including patient portals, mhealth apps, telehealth, and home health just to name a few. One of the smartest strategies to ensure accurate patient identification at any point along the care continuum is to capture a patient’s photo at registration and then leverage that photo along the care continuum through biometric facial recognition technology.
Let’s take patient portals for example. Most of us know that Meaningful Use Stage 2 mandates that healthcare providers provide patients the ability to electronically view, download, and transmit health information. The most popular means to that end is the increasing use of patient portals yet many providers rely on antiquated identification protocols such as user names and passwords to protect access to this personal health information (PHI). The problem is relying on user names, passwords, and/or personal identification numbers (PINs) is risky and could potentially open the door to third party data breaches which are decimating the industry and exposing millions of patients’ PHI.
As an alternative to using user names and passwords, consider a healthcare organization that captures a patient’s photo during registration. Not only is that photo visible to patient registration staff and clinicians at each episode along the care continuum as a second form of multi-factor authentication, but if a patient signs into a patient portal and the hospital has deployed facial recognition identification to authorize a patient’s identity prior to logging in, the hospital has just successfully leveraged that photo as an identification credential for access to their PHI. Same goes for mHealth apps. Biometric patient identification providers that offer the value and flexibility of facial recognition authentication can also help third party developers and healthcare providers add this technology to off-the-shelf (OTS) or custom mHealth apps as a more secure way of identifying patients with the ability to work with any standard camera.
Coupled with the fact that 80% of patients are open to healthcare interactions on smart devices but remain highly sensitive to sharing health data, facial recognition biometrics for accurate identification has already proven itself as a more secure alternative than user names and passwords not to mention the fact that 69% of 16 -24 year olds recently polled indicated they believe biometrics will be faster and easier than passwords and PINs and half foresee the death of passwords by the year 2020.
Writing on the Wall?
With predictions that 50% of smartphones sold by 2019 will have a fingerprint sensor and over a billion biometric mobile devices will ship worldwide by the year 2020 (all equipped with cameras sophisticated enough to use facial recognition), the evolution of patient identification in healthcare is tilting more towards the use of biometrics to replace user names, passwords, and PINs as the preferred method of authentication due to it’s increased security and the flexibility to apply the technology for accurate identification at more patient touchpoints borne from the rapid digitization of the industry. Considering the fact that 41% of consumers stress over smartphone mobile security and biometrics are already overtaking passwords as the de facto identification credential on smartphones, could this be the perfect storm for a rise in the use of facial recognition for accurate patient identification?
Responsible approaches to improving patient identification in healthcare must now include addressing accuracy at any touchpoint where a patient can now access PHI. The advent of facial recognition as a unique identifier in a singular or multi-factor environment is a smart answer to the challenge of ensuring a patient receives accurate care throughout the continuum no matter if they are physically present or accessing services from cyberspace.
Since more patients expect providers to ensure privacy and protect their PHI, is it time to more closely examine implementation of a patient identification solution that leverages biometric facial recognition?
Michael Trader is President and Co-Founder of RightPatient®. Michael is responsible for overseeing business development and marketing activities, government outreach, and for providing senior leadership on business and policy issues.
https://www.rightpatient.com/wp-content/uploads/2015/10/RightPatient-for-accurate-patient-identification-in-healthcare.jpg445800John Traderhttps://www.rightpatient.com/wp-content/uploads/2021/04/RightPatient-Logoup.pngJohn Trader2015-10-07 20:52:162023-06-13 06:44:07In Your Face: The Future of Federated Patient Identification
The explosion of mHealth apps and patient portals for PHI access demands more modern patient and clinician identification technologies than user names and passwords.
The following guest post was submitted by Michael Trader, President and Co-Founder of RightPatient®
The rise of digital health tools for PHI access
Encouraging patients to take a more active and engaged role in their healthcare has been a key focus of healthcare providers in the wake of Meaningful Use requirements. What began as an industry mission with specific benchmarks and goals has since manifested into the actual use of myriad digital tools and platforms that are educating, engaging, and working to empower patients to increase accountability and responsibility for their own health and, when applicable, the health of their families. In fact, a recent HIMSS survey on how mobile apps and portals improve patient engagement indicated that on the provider side:
73% of organizations used app-enabled patient portals to increase consumer participation in their overall health and wellness goals as well as meet relevant Stage 2 and Stage 3 Meaningful Use requirements under the Medicare and Medicaid EHR Incentive Programs.
Nearly half of those polled stated that “implementation of mobile services for access to information is a high priority at their organization.” Additionally, more than half – 57 percent – indicated that their facility implements a mobile technology policy, which often has a focus on mobile health security capabilities.
About one-third of polled healthcare organizations stated that they provide “organizational-specific apps” to the patient community.
One important facet in the goal to improve patient engagement is providing easier and faster access to personal health information (PHI). Manifested through Meaningful Use Stage 2, the benchmark is stated as:
The idea is for healthcare providers to reach beyond traditional means of accessing PHI (think in person visits) and adopt digital health tools for easier, faster, and more convenient ways of accessing this data (think patient portals and provider mHealth apps). In concept, increasing the availability of tools and platforms to access PHI is a good thing — it caters to increasing patient demand to offer greater PHI accessibility through resources that offer more convenience and are in lockstep with the rise of the digital health movement. However, the explosion of digital tools for PHI access carries an inherent risk that patient identities will be compromised, stolen, or shared leading to a sharp increase in fraud and medical ID theft that poses a direct threat to not only patient safety and provider medical error liability, but also to the rising cost of healthcare. Not to mention the fact that the rising use of digital tools to access PHI compromises patient data integrity which is critical to maintain because of the ripple effect it has on the ability to provide accurate care along the continuum and the confidence it represents to successfully participate in health information exchanges (HIEs).
Keep in mind that each time a perpetrator commits healthcare fraud or medical ID theft, the fallout of legal fees, settlement costs, and expenses to restore an identity are passed down to ALL patients in the form of higher fees for medical services. Therefore, collectively there is a pressing need to ensure that adoption of stricter and more secure methods of patient identification must run parallel to the rise in digital tools and platforms for safe access to PHI. Otherwise, patients may not be as willing to use these tools for fear of medical ID theft or unlawful access to their PHI data which directly compromises their safety, security, and privacy.
Monetary damages are only the tip of the iceberg for healthcare organizations when discussing the impact of fraud and medical ID theft. It was been well documented that reputation can be negatively effected when patients perceive or a data breach confirms that healthcare providers are not taking the necessary action to increase PHI access security.
How can we correlate an increase in quality patient engagement with secure PHI access? Patient engagement is, without a doubt, a key linchpin to the success of healthcare’s triple aim. Simply stated, it is not possible for the healthcare industry to achieve the goals of lower costs, an enhanced patient experience, and improving population health in the absence of strong and sustainable patient engagement.
Securing PHI access for higher levels of patient engagement
Scour the internet for articles that cover patient willingness to use digital health IT tools to access PHI and you will discover that despite the industry wide effort to adopt tools that provide more convenient and faster access to medical data, few patients are actually doing so. In fact, a recent survey revealed that just 21% of respondents said they use the Web to access their health data. Meanwhile, 10% said they use e-mail and 40% view the data in person.
The reason behind patient unwillingness to use mHealth tools and portals for PHI access runs the gamut from dissatisfaction with mobile health applicationsto challenges in finding and using instructions, data inaccuracy, and device malfunctions or data syncing issues. Furthermore, issues related to poor mHealth app and portal securityhave hampered more widespread adoption of these tools and stoked patient fears that their privacy could be compromised by using them.
Setting aside those with opinions that privacy can never exist in the healthcare industry, the link between patient confidence and trust that their identities and PHI are protected when using mHealth apps or patient portals is palatable and has a direct effect on their willingness to use these tools as part of their overall care.
First, it’s important to distinguish the difference between “privacy” and “security” as it applies to healthcare data. HIMSS does an excellent job of breaking down the differences:
“Privacy” is the right of an individual to make choices with respect to the collection, use and disclosure of their data; “security” is the safeguards – physical, administrative and technological – used to protect the confidentiality, integrity and availability of the data. Because the challenges are many, there is a tendency to focus on “security” in mHealth. Patient privacy cannot be achieved without adequate data safeguards; however secure devices do not necessarily preserve patient privacy.
One of the largest impediments to widespread adoption of mHealth tools, portals, and other digital health platforms is inadequate mobile security policies that fail to take into account the necessity of adopting more modern patient identification tools that are commensurate to the data they protect. For example, most healthcare providers continue to use user name and passwords to protect patient identities when using mHealth tools and portals. While these may have once been permissible security protocols in the past, these identity verification methods are now considered antiquated and should be replaced. Even though user names and passwords have proven to no longer be secure enough to protect patient identities, almost all healthcare providers still rely on their use for mHealth apps and patient portals.
Secure PHI access requires modern patient and clinician ID technology
If healthcare providers expect patients to adopt mHealth tools and patient portals as a more convenient way to access PHI, the implementation of stronger and more secure identification technology is critical. Most healthcare security experts agree that due to the large amount of PHI data moving across provider locations via mHealth apps and patient portals, stronger security is needed to prevent data breaches if a patient’s identity is compromised. Plus, the increasing complexity of mHealth apps and their distinct ability to sync PHI data across multiple devices raises important questions about how to properly protect patient privacy to ensure HIPAA compliance for these new tools.
Securing PHI access is not limited to patient interactions with mHealth tools or patient portals however. A sound strategy to secure mobile and remote access to this sensitive data is required not only for patients, but also for any clinician that has access to mobile technologies. A 2014 HIMSS Analytics Mobile device study reported that:
…approximately one-quarter of US hospitals (28 percent) reported that smartphones are in use at their organization. On average, 169 devices are deployed per hospital. In comparison, 24 percent of US hospitals reported that tablet computers are in use at their organization, with an average of 37 devices deployed per hospital. (source – https://capsite.himssanalytics.org/assets/Uploads/2014-Mobile-Essentials-Brief-TOC12914.pdf)
Healthcare organizations must plan to implement a technology that has the flexibility to be used for secure patient and clinician identification, usually through a strategic combination of a strong single sign-on (SSO) platform to establish strict identification checks and provide a concrete audit trail of data access history with an enterprise-wide patient ID solution to secure remote access to PHI from mHealth apps and patient portals. The modern identification technology of choice for many healthcare providers to meet the rising demand for tighter security to access PHI is biometrics.
Lack of a strong PHI access policy can also have a negative impact on provider reputation. In a recent report on medical identity theft by The Ponemon Institute, 79% of patients surveyed said it is “very important” for healthcare providers to ensure the privacy of health records and allow them to have direct control of their health records.
Why biometrics?
The HIPAA Privacy Rule requires healthcare organizations to secure remote access to PHI data as a safeguard for patient privacy and to eliminate data breaches that can lead to fraud and medical identity theft. Once considered secure identification criteria, user names and passwords are now considered antiquated and unable to offer strong protection to secure PHI access largely due to the fact that:
Most patients don’t want to worry about memorizing a complex password and thus default to using a simplistic password that’s easily guessable.
Most patients use the same password for many accounts, resulting in one key that unlocks dozens (or hundreds) of doors.
Most patients don’t even keep their passwords in secret. Everything from Netflix accounts to bank accounts to web accounts to video game accounts are often shared between friends, family members, and even strangers.
The use of biometrics for individual identification poses a much more secure and flexible technology to address the pressing need for healthcare to adopt stricter PHI access security protocols. Why?
We have written extensively about the applicability of biometric patient identification to improve patient safety in healthcare. Biometrics relies on identifying patients and clinicians by who they are, rather than what they have (ID badges) or what they know (user names, passwords) which can be more easily stolen or shared. Biometric identification technology is a more secure method to identify patients in self-driven interactions by allowing them to use the camera or microphone on their smartphone or tablet and use facial or voice recognition biometrics for accurate authentication. Biometrics offers more flexibility and convenience because it has the ability to be implemented at patient touchpoints where user name and password entry would be cumbersome and inappropriate — home health settings for example.
The use of biometrics for identification also offers a concrete PHI access audit trail, a more accurate tracking mechanism than user names or passwords which can easily be shared and often skew analytics because it’s impossible to determine the actual individual using the credentials. This is important because litigation often relies on these audit trails used in the defense of medical identity theft or healthcare fraud claims.
Conclusion
Participation in portals and the use of mHealth and other mobile apps to access PHI is a key catayst to increase patient engagement in healthcare. Patients must have the confidence in their healthcare provider that their PHI is easily accessible and protected with the strongest authentication security on the market that ensures their privacy and safety. User names and passwords are no longer sufficient authentication credentials to meet the expanding need to offer a more flexible, scalable, and more secure identification technology for mHealth apps and patient portals.
Equally important is protecting clinician access to sensitive PHI data. Protocols must be implemented that abandon user names and passwords in favor of technologies such as biometrics that are more secure, less susecptible to being stolen or shared, and leave a concrete PHI data access audit trail.
Have questions about the use of biometrics for patient identification in healthcare? Feel free to leave a comment or question below.
It’s probably unfair to say that the recent UCLA Medical Center data breach that potentially exposed the personal health information (PHI) of 4.5 million patients was a wake up call for the healthcare industry to implement tighter data security protocols. In fact, it wasn’t a wake up call at all.
Healthcare data breaches have proliferated over the last five plus years, and the Health and Human Services (HHS) public “wall of shame” list of healthcare data breaches involving 500 or more individuals is…well….let’s just say a tad crowded. Since HHS began the list in 2009, 1,265 breaches exposing the records of nearly 135 million people have made the list. Ouch. The UCLA data breach isn’t groundbreaking news, it is simply another chapter in the long novel of healthcare data breaches that have placed millions of patients at risk by exposing their PHI and in some cases, social security numbers and personal demographic information.
The recent UCLA data breach is a strong reminder that healthcare organizations should consider the use of biometrics such as facial or voice recognition to protect patient PHI on mobile devices and patient portals.
The UCLA breach also foreshadows rising demand for tighter security protocols to protect PHI from unauthorized access on patient portals, mobile devices, and other new touchpoints. This rise of additional patient touchpoints to access PHI has vaulted establishing tighter security controls into the spotlight beyond traditional means of authentication. History has shown that username/password-based security is inadequate on mobile devices, yet healthcare organizations continue to adopt technology that uses this method to authenticate patients. Considering the high stakes to protect patient PHI, the UCLA data breach wasn’t a wake up call – it moved the needle to protect patient PHI to Defcon 1.
The HIPAA Privacy Rule mandates that healthcare organizations secure remote access to PHI data as a safeguard for patient privacy and to eliminate data breaches that can lead to fraud and medical identity theft. The introduction of touchpoints such as patient portals and mobile devices changes the dynamic of protecting patient PHI because it demands adopting strategies that include using modern patient identification systems yet many healthcare organizations continue to rely on antiquated security solutions.
Healthcare organizations must now consider patient identification systems that can address accurate authentication at each and every touchpoint along the care continuum, far beyond simply implementing technology that covers patient ID at office visits.
Implementing accurate patient identification when accessing PHI from mobile devices and patient portals must balance strong security with convenience and speed, which is why technologies such as facial and voice biometrics are gaining popularity. The use of biometrics to protect patient PHI is a smart investment, especially if healthcare organizations deploy a solution that offers the flexibility to be used during hospital/office visits and on each and every touchpoint a patient now has the ability to utilize as a means to access health data. Biometric patient identification solutions offer stronger security than user names and passwords and have proven to be more efficient and convenient by eliminating the need and frustration to remember multiple login credentials.
As we experience a sharp rise in patient driven interactions within the healthcare system that offer more avenues for criminals and hackers to access PHI, it is critical that healthcare organizations implement modern identification solutions that have the ability to better protect this information. Biometrics to protect patient PHI is quickly gaining attention as a security solution that can serve this need. Although it’s impossible to determine whether or not biometrics could have helped prevent hackers from obtaining access to protected patient PHI in the UCLA data breach, the use of this technology can help to offer a secure layer of protection that can deter hackers from even attempting to try.
