Posts

RightPatient-ensures-patient-data-integrity-even-during-telehealth-visits

Telehealth Is Here to Stay – Ensure Patient Data Integrity While Using It

To put it bluntly, the coronavirus pandemic has been catastrophic for the entire world. The U.S. has been leading with the highest number of cases – 6,550,637 at this point. However, there has been a silver lining in the whole coronavirus pandemic – telehealth. Not only did it experience a meteoric rise in the U.S., but it also helped to flatten the curve – patients don’t have any risk of contracting the virus when they use telehealth. While the increased usage of telehealth demonstrates that it’s here to stay for the foreseeable future, healthcare providers must ensure that they are protecting patient data integrity during these visits. Let’s see how accurate patient identification can help.

RightPatient-ensures-patient-data-integrity-even-during-telehealth-visits

Telehealth’s rise

Telehealth isn’t anything new – it’s been in the healthcare space for quite some time now. Sadly, people were busy debating its pros and cons for years. However, 2020 will be remembered as the year of telehealth – its potential was showcased during the pandemic.

People praised its elimination of the physical barriers required for healthcare – people would be able to consult with their caregivers without having to worry about the novel coronavirus – a stable internet connection and a communication device are all they need. It enabled healthcare services to be continued at a time when social distancing was required – creating a win-win situation for all. Laws were relaxed regarding telehealth while providers and officials urged patients to use telehealth instead of coming for hospital visits. Quite naturally, the usage increased exponentially. Let’s take a look at an example – MUSC Health and its experience with telehealth. 

They used “virtual urgent care technology” – something that was initially created to provide patients with a way to be observed for non-critical cases, and converted that to screen potential COVID-19 patients. Moreover, they had the capabilities and resources to dramatically adapt tools to better fight the pandemic. They also enabled remote patient monitoring and a telesitter program as part of their approach, and they believe that telehealth is here to stay. Overall, healthcare providers in the past few months have observed that telehealth can be used to provide patient care while mitigating the risk of contracting COVID-19. 

Some stats regarding telehealth usage

The current stats are in line with the providers’ experiences with telehealth. McKinsey & Company stated that in 2019, a meager 11% of the U.S. patients were using telehealth. As of April 2020, 46% of the patients are using telehealth. Even healthcare providers witnessed around 50-175 times more patients using telehealth visits compared to the pre-pandemic period. However, one has to consider the risks associated with it just like with inpatient visits, for instance, patient data integrity, patient identification, and medical identity theft. 

RightPatient-ensures-proper-patient-identification-during-telehealth

Patient data integrity must be ensured

It’s quite natural that some of the issues plaguing conventional healthcare might be seen during telehealth visits as well. One of the biggest challenges is preventing medical identity theft. 

Healthcare data breaches have been occurring more than ever, where most of the stolen patient data is sold off to fraudsters. They then assume the identities of the victims and use their healthcare services. This leads not only to billing the victims for services they never used but also corrupts the patient data – because the fraudsters’ data is saved in the victims’ medical records. Thus, patient data integrity is compromised in the process.

Experts believe that the pandemic will lead to increased numbers of medical identity theft cases. This is because patient data is not adequately protected by the majority of caregivers due to budgetary issues. Moreover, with the pandemic causing arguably the worst financial crisis healthcare has ever faced, providers need to consider every option in order to survive.

RightPatient ensures patient data integrity – even during telehealth visits

While healthcare data breaches are inevitable, medical identity theft can be prevented. One of the reasons why medical identity theft has become a major threat is because there is no proper patient identity verification system in place to prevent these crimes. Most of the patient identification systems use credentials – something that can be stolen or transferred. 

Fortunately, RightPatient can help prevent medical identity theft. It uses the thing that fraudsters or hackers cannot steal – patients’ visual likeness. Using a photo-based search engine, RightPatient matches the photos of the selfie provided during appointment scheduling with the patient’s driver’s license. Fraudsters are red-flagged immediately, preventing medical identity theft in real-time.

During inpatient visits, all the patients need to do is look at the camera – the platform matches the photo it takes with the one it saved during registration. This creates a safe, hygienic, and touchless environment for everyone involved – something which became more crucial than ever due to the pandemic.

RightPatient helps maintain patient data integrity by ensuring that the accurate medical record is associated with the correct patient every time, preventing medical identity theft, and avoiding duplicate medical records. Try RightPatient now to see how it can help you enhance patient safety during these trying times.

Preventing-healthcare-identity-theft-is-possible-with-RightPatient

Data Breaches are Occurring During the Pandemic – Prevent Healthcare Identity Theft Now

Despite the relaxed rules and the U.S. slowly opening up, the COVID-19 crisis is still going strong. With no treatment found (as of yet), everyone is still feeling the effects of the coronavirus. However, there’s no doubt that the U.S. healthcare system has been affected more significantly than systems in other countries. For starters, the number of patients is overwhelming, the financial strain is unprecedented, not to mention the existing issues such as data breaches. When faced with so many impediments from all sides, how can providers prevent healthcare identity theft? Let’s explore some of the recent data breaches, how they lead to medical identity theft, and how a solution like RightPatient can protect patients and providers.

Preventing-healthcare-identity-theft-is-possible-with-RightPatient

Some recent cases

It’s not only healthcare providers – all types of healthcare organizations are being targeted by hackers.  Let’s review the healthcare organizations who became recent victims of data breaches.

Dynasplint Systems suffered a data breach that might have resulted in stolen health information. After an investigation, they identified that names, addresses, social security numbers, and other information might have been accessed or stolen. Over 102,800 people were affected.

Another healthcare organization, Pinnacle Clinical Research specializing in clinical trials, suffered a phishing attack. The breach consisted of clinical trial participants’ information. 

Mental Health Partners suffered a phishing attack as well – names, DOBs, social security numbers, among other information was potentially stolen.

How data breaches lead to healthcare identity theft

There are many other recent cases like the ones above. However, they have one thing in common – the hackers were after patient information. Any healthcare organization is a potential target for hackers. But why do hackers target them, especially for their patient information?

RightPatient-prevents-medical-ID-theft-even-if-data-is-breached

After stealing the patient information, the data is sold on the black market for high prices. Since healthcare in the U.S. is quite expensive, the demand is high for the stolen information – those why buy the data believe that it’s worth buying, as opposed to getting healthcare coverage for themselves. When these fraudsters use the victims’ information, they get access to healthcare services, expensive medical devices, and treatments, whereas the victims get fraudulently charged with the costs.

That’s not all – patient safety is jeopardized as well. When the fraudsters use the victims’ medical information, the patient data gets corrupted as the fraudsters’ information and preferences are recorded in the victims’ medical records. Unless such healthcare identity theft cases are rectified, the patient will be receiving improper treatment based on a medical record consisting of corrupted patient data. These cases lead to repeated lab tests, delays in treatment, as well as negative patient outcomes. Healthcare providers also face litigation costs due to medical identity theft cases. 

With the pandemic still raging across the world, one would think that medical identity theft would be the last thing caregivers are worried about. While data breaches are quite inevitable, steps can be taken by healthcare providers to ensure patient safety.

How to prevent healthcare identity theft cases

Ensure HIPAA compliance and safeguard PHI

One way of protecting patient information is by getting back to the source – data breaches. Anyone familiar with healthcare in the U.S. has heard of HIPAA. The law basically sets the groundwork for protecting patient information known as PHI (protected health information). However, it’s quite a comprehensive and multilayered law – even the biggest healthcare providers have a hard time ensuring compliance as the rules and regulations change frequently. 

Even during the start of the pandemic, some rules were relaxed to ensure faster healthcare delivery. The bottom line is that if providers ensure HIPAA compliance, put enough safeguards in place, detect security vulnerabilities using internal audits, and are well versed about data breaches, they can protect themselves better against cybersecurity attacks. That’s what HIPAA Ready does – it is a simple but powerful HIPAA compliance software that keeps all the HIPAA related information centralized, helps you conduct internal audits to detect vulnerabilities, and helps you set up HIPAA training sessions to keep your employees up to date on the latest changes.

Ensure patient identification

Responsible healthcare providers can go the extra mile and add an extra security measure that no fraudster can pass through – even in the cases of data breaches. That’s where RightPatient comes in.

It is a touchless patient identification platform that uses a photo-based search engine to ensure that the patients are who they say they are and not some fraudster. During hospital visits, the platform takes a photo of a patient during enrollment and locks the medical record with it. If a fraudster attempts to commit healthcare identity theft, the platform will red flag the individual, preventing medical identity theft in real-time.

RightPatient has been helping leading healthcare providers for years now, and with its touchless platform, it is the only sensible option in a post-COVID-19 world.

Try RightPatient now and be a responsible healthcare provider.

RightPatient-ensures-proper-patient-identification-for-providers

Proper Patient Identification Can Help Fight the Opioid Crisis

The opioid crisis has been a menace since it started. It spread like wildfire throughout the country, and everyone involved in healthcare is still struggling to keep the situation under control. PDMPs (prescription drug monitoring programs) have been set up in almost every state to monitor activities like prescribing, distributing, and using controlled substances such as opioids. These PDMPs help identify patients who might be prone to drug abuse and provides the hospitals with opportunities to prevent such scenarios.

RightPatient-ensures-proper-patient-identification-for-providers

If that is true, then why is the opioid crisis still a thing?

PDMPs are dependent on the data they are given to work with. They receive patient data like logs, records, patient profiles, and even counseling records. Thus, if the data is clean, then the PDMPs will work perfectly, and vice versa. Here lies the challenge – most of the data can be incomplete or unreliable, to begin with.

According to Injury Facts, the odds of a person dying from opioids are greater than dying from a motor vehicle collision. This has made opioid overdoses to be the fifth largest cause of deaths in the country. Everyone is on edge regarding the issue, and it is paramount that the data needed by PDMPs are accurate, valid. And consistent with the patients. Accurate patient data at all times can drastically reduce the opioid overdoses and bring the whole situation under control.

The biggest challenges – data quality and patient matching errors

Hospitals and health systems have been adapting EHR systems quite rapidly for the past few decades, which has helped digitize medical records. Even after all these years, proper patient identification is still a significant challenge for many. Much of the patient data have errors or are incomplete. Many of these can be traced back to duplicate medical records or overlays. According to a survey conducted by PDMP Training and Technical Assistance Center, the majority of the states are facing problems with patient records – 53% said that there are data quality issues.

Can proper patient identification be the answer?

Accurate patient matching is the only solution – something which can identify the accurate patients within seconds. RightPatient is just that – a biometric patient identification platform. It locks the patients’ medical records with their biometric data such as fingerprints or irises. After enrollment, the patient needs only to scan their biometrics, and the platform identifies the accurate EHR within seconds. Several health systems such as University Health Care System are using it and are reporting enhanced patient safety, improved revenue cycle, and reduced medical identity thefts. No longer can drug abusers come in and claim someone else’s identity – the system flags them within seconds. Health systems that are using RightPatient have dramatically reduced opioid issues within their premises. Since accurate patient record matching is the key, RightPatient is the perfect solution for the problem. Proper patient identification has never been easier and safer!

patient ID in healthcare

Our Top Posts on Patient ID in 2016

Our Top Posts on Patient ID in 2016

A look back at our most trafficked blog posts of 2016 and a few words on the state of patient ID in healthcare. (Photo courtesy of pixabay.com: http://bit.ly/2iUh8G9)

We work hard throughout the year to help our community stay informed of the latest news and information on the state of patient identification in healthcare. Our perspective is that the future of patient ID is the patient photo, and with good reason. The ECRI recently recommended that healthcare organizations use more standard means of patient identification, which should include patient photos with their electronic health records (EHR). In addition, many prominent healthcare providers have already implemented patient photo capture initiatives, pointing out that capturing a photo increases patient safety and helps augment effective patient provider communication.

Understanding that accurate patient ID in healthcare affects so many more downstream activities and is widely considered to be the “big bang” of effective and safe patient care, the urgency for hospitals and healthcare organizations to adopt more secure patient identification technology has never been stronger.

Healthcare providers should take note however that not all biometric patient identification solutions are equipped to address the challenges and complexities of ensuring ID accuracy across the entire care continuum which now includes a multitude of new touchpoints such as connected health devices, patient portals, telemedicine, home health, and more. Investing in a patient identification solution that simply provides the ability to accurately identify an individual when they are physically present at a medical facility is now considered short-sighted. Healthcare providers should now consider adopting patient ID technology that is easily scalable, and has the flexibility to capture and store a patient’s photo for accurate identification during any encounter along the care continuum.

In 2016, we wrote extensively about the impact of accurate identification on patient safety including several posts that extrapolate on the imperatives of capturing photos as part of the ID process. We also covered how technology has changed healthcare provider patient ID protocols, the growth and impact on patient ID of iris recognition on smart devices, the characteristics and limitations of patient ID biometric hardware, and much more.

After crunching the numbers, what were our most popular blog posts for 2016? Here is the list:

  1. Identify Unconscious, Unknown Patients with Biometric Identification Technology – Written in May, 2015 this entry was our most trafficked post in 2016. Understanding how biometric technology works in real-life scenarios can help shed light on its true ability to identify unconscious patients as quickly as possible. 
  2. The Difference Between 1:N, 1:1, and 1:Few and Why it Matters in Patient ID – Did you know that there are different biometric matching types depending on the type of hardware modality you deploy for patient ID in healthcare? Written in 2015, this post examines three biometric matching types – one-to-many, one-to-one, and one-to-few – providing a side to side comparison of each matching type capabilities and limitations and providing a recommendation of the only matching type that can truly prevent duplicates and protect patient medical identities.
  3. Removing the word “scan” from iris recognition healthcare biometrics – Our extensive experience deploying iris recognition biometrics around the world helped us to understand and advocate that the word “scan” be removed from any discussion of this technology. Learn more about our viewpoint in this post from 2015.
  4. In Your Face: Future of Federated Patient ID – As we mentioned earlier in this post, the future of patient ID in healthcare is the distinct ability for a provider to capture and store a patient’s photo that can be used for accurate identification at any point along the care continuum. This post, and a subsequent follow up article by our friends at HealthStandards effectively illustrates not only the importance of capturing a patient’s photo at registration but how that photo can be used with facial recognition biometrics for accurate identification no matter where a patient seeks care or data access.
  5. Why telemedicine needs accurate patient ID – Following in the footsteps of our assertion that modern patient identification strategies should be holistic and enable the ability to accurately ID patients at any point along the care continuum, this post covers why we feel accurate patient ID is just as important for connected health and telemedicine as it is for in-person visits.

2016 is a wrap. We observed a few positive advancements to improve patient identification in healthcare, but overall we remain concerned that the topic is often skirted in favor of bolder, more splashy initiatives (e.g. – MACRA, Blockchain, interoperability) which always seem to garner more attention. No doubt that these are important initiatives in the healthcare industry but as we have said many times before — accurate patient identification in healthcare arguably should have been the first problem solved before we tackled these other projects. However, factors at play make it perhaps one of the most difficult and complex healthcare issues to solve from a logistical, political, economical, privacy, and health data exchange perspective.

What did you feel was the most important patient identification advancement (or regression) during 2016? Please leave us a comment!

 

learn how to prevent medical identity theft in healthcare

How to Prevent Your Medical Information from Misuse

How to Prevent Your Medical Information from Misuse

Medical identity theft can seriously threaten your physical and financial health.

The following guest post on protecting your medical information from misuse was submitted by Christine DiGangi.

When it comes to personal information, your health records are about as personal as it gets. And while it may not seem as immediately damaging as someone hacking into your bank account, medical identity theft can seriously threaten your physical and financial health.

How a Thief Might Misuse Your Medical Information

Think of all the information you’ve handed over at a doctor’s office: Name, birth date, address, Social Security number, insurance information, family medical history — these are all things someone can use to impersonate you. This makes health care providers targets for hackers. What can they do with your medical data? Plenty. They can open fraudulent financial accounts, commit crimes (besides identity theft), file a fraudulent tax return (and get the refund), buy prescription drugs with your insurance (and maybe sell them, which goes back to the crime problem), claim federal benefits like Social Security, use your insurance to get medical care and countless other things, all in your name. The results of such fraud can end up on your criminal record, medical history or credit report.

Say someone got their hands on your medical information and they used it to get medical treatment. That person’s health data could end up in your medical history and affect your future care. What if that person maxed out your insurance coverage, leaving you without the coverage you need? What if medical expenses that person generated don’t get paid? That could result in a collection account on your credit report and cause your credit score to drop until you dispute the error or resolve the identity theft. There’s a lot at stake. We asked identity theft expert Adam Levin, co-founder of Credit.com and author of “Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves,” for his top tips on preventing your medical information from misuse. Here’s what he said.

You Don’t Have to Share Everything

A lot of people provide their Social Security number and other sensitive details to their healthcare provider without asking if it’s necessary, Levin said. Just because they ask for it doesn’t mean they need it.

“Find out how they intend to secure it,” Levin said. “Remember, they already have your medical insurance information and often require a credit card.”

When You Do Share Sensitive Information, Do It Carefully

Once you hand over your information, you no longer control it, so think about the way you’re providing your doctors with records. Levin said you should never send medical information to someone you don’t know unless you’re the one who contacted them.

“Know precisely to whom you are communicating and confirm that their requests are reasonable,” he said. “Remember, you should never send sensitive information by way of email or text. Only fax if you know who is standing next to the machine as you are faxing.”

Use Common-Sense Security

Lots of health care providers have gone digital, meaning you can access your records or pay your bills through an online account. While password security is important for all online accounts, it’s especially crucial when you’re setting your credentials for a medical website. And if you do end up with physical paperwork that includes details on your health, insurance or any other personally identifiable information, keep it in a safe place. If you want to discard it, use a cross-cutting shredder, Levin said.

More Resources on Medical Identity Theft

Until a fraud has been corrected (which can take months or even years), you may suffer some credit damage, which is another reason to try and prevent the fraud from happening and act quickly as soon as you detect it. While working toward a resolution, you’ll want to focus on what you can control, like practicing the safety tips we just described or improving other aspects of your credit. For example, you could work on making on-time payments and paying down debt, which are good things for your credit scores. If you’re having trouble accessing credit because of identity theft, getting a secured credit card might be able to help you keep your credit file active, because a secured card generally does not require a credit check.

Monitor your credit reports for unfamiliar collection accounts and other signs of identity theft, in addition to keeping an eye on your mail and insurance for bills regarding care you didn’t receive. The Federal Trade Commission has a guide on how to request and review your medical records for accuracy, as well as how to resolve identity theft.

How to Prevent Your Medical Information from MisuseChristine DiGangi is a reporter and the social media editor for Credit.com, covering a variety of personal finance topics. Her writing has been featured on USA Today, MSN, Yahoo! Finance and The New York Times International Weekly, among other outlets. You can find her on Twitter @writingbikes.

 

biometric patient ID in healthcare

Our Top Five Biometric Patient Identification Blog Posts of 2015

Our Top Five Biometric Patient Identification Blog Posts of 2015

Read through some of our most popular blog posts on biometric patient identification in healthcare during 2015

2015 was an important year of growth and innovation for RightPatient®. We started this blog two years ago to help educate the healthcare community on the importance of establishing secure, accurate patient identification in healthcare and to establish a trusted resource to help understand how the use of biometrics for patient ID has proven to be an important tool to help increase patient safety, eliminate duplicate medical records, improve revenue cycle management, and prevent medical identity theft and fraud. 

Throughout our journey, we have shared many important posts demonstrating how our hospital partners have successfully implemented biometrics for patient identification and provided real life examples of the post deployment benefits realized. Among the dozens of posts the RightPatient® team posted during 2015, the following posts were the most popular:

  1. Uniting Accurate Patient Identification with Secure Single Sign-On (SSO) to Improve Data Integrity in Healthcare: In an effort to help continue increasing patient data integrity in healthcare, we announced a new partnership with Healthcast,  the #1 ranked single sign-on solution (KLAS, 2014) to increase patient safety and secure access to patient data. 
  2. RightPatient® Prevents Healthcare Fraud at University Health SystemHealthcare fraud and medical identity theft are two rising concerns for healthcare organizations because they jeopardize patient safety, raise the cost of care, and could lead to non-reimbursable medical procedures. University Hospital in Augusta, GA recently was able to prevent healthcare fraud in their ER through the use of the RightPatient® with photo biometrics.
  3. Removing the Word “Scan” from Iris Recognition for Healthcare BiometricsFueled by Hollywood sensationalism, iris recognition biometric identification is often depicted as “scanning” a person’s eyes with visible light. The fact is, no visible light is used with iris recognition and instead of a “scan,” iris biometrics takes a high resolution digital photograph. 
  4. Identify Unconscious, Unknown Patients with Biometric Identification TechnologyThe difficulty to identify an unconscious or disoriented patient jeopardizes patient safety in healthcare. Biometric patient identification has emerged as a technology capable of identifying patients in these conditions, but did you know that not all biometric patient ID solutions have the ability to identify unconscious or disoriented patients? 
  5. Biometric Patient Identification Implementation Should Be Higher On The Priority ListDespite the fact that accurate patient identification affects so many downstream clinical and financial activities, hospitals and healthcare organizations are still not placing enough emphasis on evaluating implementation and use of this technology as a priority. 

We will continue to research and write educational and informational posts during 2016 about the rising use of biometrics for patient identification in healthcare including case studies and examples of how our technology is helping hospitals around the world to: eliminate duplicate medical records, prevent medical identity theft and fraud, increase patient data integrity, and improve patient safety. 2015 was a year of significant growth for RightPatient® as we continue working toward our mission to offer the most innovative and comprehensive patient identification solution that increases patient safety, reduces costs, improves the quality of care, and enhances the patient experience. 

Curious to know more about the use of biometric patient identification in healthcare? Is there a topic that you would like to learn more about? Drop us a message at: jtrader@rightpatient.com with your ideas and suggestions!

Thank you for being a part of our blog community!

RightPatient® Prevents Healthcare Fraud at University Health System

RightPatient® Prevents Healthcare Fraud at University Health System

Healthcare Fraud Jeopardizes Patient Safety and Raises the Cost of Care
Emergency Departments (ED) can be subjected to healthcare fraud from individuals without insurance seeking care, especially those with manageable chronic conditions. These patients often go to hospital EDs because they don’t have access to any source of care and in a large number of cases, attempt to defraud the healthcare system by providing different names, dates of birth, or other demographic information during registration.

Hospital patient access staff on alert for healthcare fraud often must strike a tricky balance of ensuring a patient receives timely care with the need to identify and prevent these individuals from illegally obtaining medical services that could raise liability and possibly harm the patient.

University-Health-Care-stopped-healthcare-fraud-in-the-ED-with-RightPatient

Through the use of photo biometrics, the University Health System was able to catch a patient attempting to commit healthcare fraud in the ED.

Patients who may be trying to defraud the system can raise the cost of care for all of us with most of the cost to treat these individuals passed on to insurance providers that raise premiums to subsidize care provided to the uninsured. It’s a persistent problem in healthcare that jeopardizes patient safety.

Medical Identity Theft and Healthcare Fraud are Persistent Patient Safety Problems in Healthcare
The National Health Care Anti-Fraud Association (NHCAA) estimates that the financial losses due to health care fraud are in the tens of billions of dollars each year. The Ponemon Institute released a study earlier this year that reported a 21.7% increase in medical identity theft cases since the previous year’s study.

A costly and often complex and time consuming issue to resolve, healthcare fraud and medical identity theft often financially decimate victims and healthcare institutions and can have a ripple effect that negatively impacts provider reputation. Add to that evolving patient expectations that healthcare providers are taking the necessary steps to protect their identities and ensure the privacy of their protected health information (PHI), and it’s clear that this is a festering problem in the industry that deserves immediate and swift preventative action.

Implementing Biometric Patient Identification to Identify Potential Healthcare Fraud

Through the use of photo biometrics, the University Health System was able to catch a patient attempting to commit healthcare fraud in the ED.

When University Health System staff sat down to address the problem of healthcare fraud and began to assess patient authentication technology options that had the potential to prevent it, they decided to deploy RightPatient® biometric patient identification as part of an overall strategy to increase patient safety, eliminate duplicate medical records, and prevent medical identity theft and fraud throughout their network. Using photo biometrics as their preferred modality, University launched the RightPatient® patient identification system in the summer of 2015 at both hospitals in their network and began registering patients and linking their unique biometric credentials to a single electronic health record (EHR).

Thusfar, the deployment has been a resounding success, with over 99% of patients opting in to ensure the safety and privacy of their PHI. University placed a great deal of emphasis to ensure their staff understood why the RightPatient® solution was implemented and meticulously trained patient access personnel on how to properly use the system prior to launch.

Their efforts paid off.

Recently, a patient was registered through the ED in the RightPatient® system, and then returned to the same ED days later claiming a different date of birth and a different last name. Following hospital registration protocol, the patient access representative took the patient’s photo with an iris camera and the RightPatient® system immediately flagged the patient’s medical record and instantly notified staff that the patient had previously enrolled with their biometric credentials already linked to another unique EHR. University staff then realized that the patient was attempting to assume another identity and took action to prevent it.

Even if this patient had enrolled in the RightPatient® biometric patient identification system at another location within University’s network, they still would have been flagged as a potential fraud case if they returned to a different facility due to the fact that RightPatient® seamlessly integrated with University’s Epic EHR system and can be used at any point along the care continuum, regardless of the patient’s physical location within the network (RightPatient® can even be used to authenticate an identity on patient portals and mHealth applications!).

Conclusion

The persistent and dangerous problem of medical identity theft and healthcare fraud is a direct threat to patient safety but also has repercussions that impact many other facets of care delivery. Implementing modern patient identification technologies that have the unique ability to prevent healthcare fraud should be a key goal for any medical facility set on improving safety, lowering liability, and raising the quality of care. The University Health System case clearly demonstrates that RightPatient® deters medical identity theft and healthcare fraud throughout the care continuum by linking a patient’s unique biometric credentials to one medical record.

Thank you to the staff at University for allowing us to share this story with our community!

 

RightPatient® Helps Hugh Chatham Memorial Hospital Fight Healthcare Fraud

RightPatient® Helps Hugh Chatham Memorial Hospital Fight Healthcare Fraud

RightPatient-for-patient-identification-prevents-healthcare-fraud

Hugh Chatham Memorial Hospital recently used photo biometrics to prevent healthcare fraud.

Prescription Drug Abuse

Eliminating fraud is a pressing issue in healthcare that continues to threaten patient safety. The FBI states on their Web site: “With no signs of slowing down, healthcare fraud is a rising threat, with national health care expenditures estimated to exceed $3 trillion in 2014 and spending continuing to outpace inflation.” On average, healthcare fraud accounts for 10% of our nation’s annual healthcare expenditure.

One form of healthcare fraud seen in emergency departments at hospitals around the country is individuals attempting to commit identity theft in order to obtain prescription medication. With approximately 8.76 million people in the U.S. abusing prescription medication and the lion’s share of those medications coming from a doctor’s prescription, medical facilities are proactively stepping up their efforts to implement stronger patient identification safeguards to ensure that the problem is addressed. After all, many patients may not understand the health dangers and risks of someone stealing your identity and inaccurate health data being attributed to your medical record – it is extremely dangerous and could result in serious injury, even death should a clinician act on incorrect protected health data (PHI) in your medical record. 

Just how bad is the problem of prescription drug abuse in the U.S.? Consider the fact that every day in the United States, 44 people die as a result of prescription opioid overdose. Fortunately, there are tools available to catch identity fraud at the point-of-service in hospitals before harm is done.

Using Photo Biometrics to Deter Healthcare Fraud

Hugh Chatham Memorial Hospital recently used photo biometrics to prevent healthcare fraud.

Hugh Chatham Memorial Hospital implemented the RightPatient® patient identity management solutionusing photo biometrics to help support patient safety, eliminate duplicate medical records, and prevent and deter medical identity theft. Recently, a patient arrived at the Hugh Chatham Memorial Hospital emergency room seeking treatment for an injury that according to the patient had just occurred in the prior hour. The patient signed in under a fraudulent name, date of birth, address, invalid marital status, a disconnected phone number, invalid employment status, fraudulent emergency contact, and an invalid social security number. The patient proceeded with registration, and signed all admission paperwork under the fraudulent information.

During the registration process, the registration clerk used the RightPatient® photo biometrics solution to enroll the patient since this was (according the patient) the first time they had ever been to the hospital. The RightPatient® system worked just as it was designed, sending the registration clerk an alert that indicated the patent had been previously enrolled and that their biometric credentials had already been linked to another unique electronic medical record, providing the medical record number the patient had been registered under.

The clerk was then able to access the medical record the patient had been previously registered under and after review, Hugh Chatham was able to see other visits for that same day in other clinic/practice locations. A decision was made to contact local authorities.

Thanks to the RightPatient® software and the efforts of this staff member, Hugh Chatham Memorial Hospital was able to securely identify the patient, avoid duplicate medical records, prevent identity theft and associated healthcare costs, and help maintain a safe environment for patients. 

Conclusion

Encouraging healthcare facilities to implement safeguards that ensure accurate patient authentication through technologies such as photo biometrics has been our mission since we founded RightPatient®. We will continue to share our success stories with others to help educate and inform in the overall effort to remove fraud and increase patient safety in healthcare.

Have a story on how the use of biometrics prevented a potential case of healthcare fraud? Please share it with us in the comments!

the use of biometrics to secure PHI access

Improving Patient Engagement with Secure PHI Access

Improving Patient Engagement with Secure PHI Access

The explosion of mHealth apps and patient portals for PHI access demands more modern patient and clinician identification technologies than user names and passwords.

The following guest post was submitted by Michael Trader, President and Co-Founder of RightPatient®

The rise of digital health tools for PHI access

Encouraging patients to take a more active and engaged role in their healthcare has been a key focus of healthcare providers in the wake of Meaningful Use requirements. What began as an industry mission with specific benchmarks and goals has since manifested into the actual use of myriad digital tools and platforms that are educating, engaging, and working to empower patients to increase accountability and responsibility for their own health and, when applicable, the health of their families. In fact, a recent HIMSS survey on how mobile apps and portals improve patient engagement indicated that on the provider side:

  • 73% of organizations used app-enabled patient portals to increase consumer participation in their overall health and wellness goals as well as meet relevant Stage 2 and Stage 3 Meaningful Use requirements under the Medicare and Medicaid EHR Incentive Programs.
  • Nearly half of those polled stated that “implementation of mobile services for access to information is a high priority at their organization.” Additionally, more than half – 57 percent – indicated that their facility implements a mobile technology policy, which often has a focus on mobile health security capabilities.
  • About one-third of polled healthcare organizations stated that they provide “organizational-specific apps” to the patient community.

(source: http://mhealthintelligence.com/news/how-mobile-health-apps-portals-improve-patient-engagement) 

One important facet in the goal to improve patient engagement is providing easier and faster access to personal health information (PHI). Manifested through Meaningful Use Stage 2, the benchmark is stated as:

Provide patients the ability to view online, download and transmit their health information within four business days of the information being available to the EP. (source: http://www.healthit.gov/providers-professionals/achieve-meaningful-use/core-measures-2/patient-ability-electronically-view-download-transmit-vdt-health-information

The idea is for healthcare providers to reach beyond traditional means of accessing PHI (think in person visits) and adopt digital health tools for easier, faster, and more convenient ways of accessing this data (think patient portals and provider mHealth apps). In concept, increasing the availability of tools and platforms to access PHI is a good thing — it caters to increasing patient demand to offer greater PHI accessibility through resources that offer more convenience and are in lockstep with the rise of the digital health movement. However, the explosion of digital tools for PHI access carries an inherent risk that patient identities will be compromised, stolen, or shared leading to a sharp increase in fraud and medical ID theft that poses a direct threat to not only patient safety and provider medical error liability, but also to the rising cost of healthcare. Not to mention the fact that the rising use of digital tools to access PHI compromises patient data integrity which is critical to maintain because of the ripple effect it has on the ability to provide accurate care along the continuum and the confidence it represents to successfully participate in health information exchanges (HIEs).  

Keep in mind that each time a perpetrator commits healthcare fraud or medical ID theft, the fallout of legal fees, settlement costs, and expenses to restore an identity are passed down to ALL patients in the form of higher fees for medical services. Therefore, collectively there is a pressing need to ensure that adoption of stricter and more secure methods of patient identification must run parallel to the rise in digital tools and platforms for safe access to PHI. Otherwise, patients may not be as willing to use these tools for fear of medical ID theft or unlawful access to their PHI data which directly compromises their safety, security, and privacy. 

Monetary damages are only the tip of the iceberg for healthcare organizations when discussing the impact of fraud and medical ID theft. It was been well documented that reputation can be negatively effected when patients perceive or a data breach confirms that healthcare providers are not taking the necessary action to increase PHI access security.

How can we correlate an increase in quality patient engagement with secure PHI access? Patient engagement is, without a doubt, a key linchpin to the success of healthcare’s triple aim. Simply stated, it is not possible for the healthcare industry to achieve the goals of lower costs, an enhanced patient experience, and improving population health in the absence of strong and sustainable patient engagement.

Securing PHI access for higher levels of patient engagement

Scour the internet for articles that cover patient willingness to use digital health IT tools to access PHI and you will discover that despite the industry wide effort to adopt tools that provide more convenient and faster access to medical data, few patients are actually doing so. In fact, a recent survey revealed that just 21% of respondents said they use the Web to access their health data. Meanwhile, 10% said they use e-mail and 40% view the data in person

The reason behind patient unwillingness to use mHealth tools and portals for PHI access runs the gamut from dissatisfaction with mobile health applications to challenges in finding and using instructions, data inaccuracy, and device malfunctions or data syncing issues. Furthermore, issues related to poor mHealth app and portal security have hampered more widespread adoption of these tools and stoked patient fears that their privacy could be compromised by using them.

Setting aside those with opinions that privacy can never exist in the healthcare industry, the link between patient confidence and trust that their identities and PHI are protected when using mHealth apps or patient portals is palatable and has a direct effect on their willingness to use these tools as part of their overall care.

First, it’s important to distinguish the difference between “privacy” and “security” as it applies to healthcare data. HIMSS does an excellent job of breaking down the differences:

“Privacy” is the right of an individual to make choices with respect to the collection, use and disclosure of their data; “security” is the safeguards – physical, administrative and technological – used to protect the confidentiality, integrity and availability of the data. Because the challenges are many, there is a tendency to focus on “security” in mHealth. Patient privacy cannot be achieved without adequate data safeguards; however secure devices do not necessarily preserve patient privacy.

One of the largest impediments to widespread adoption of mHealth tools, portals, and other digital health platforms is inadequate mobile security policies that fail to take into account the necessity of adopting more modern patient identification tools that are commensurate to the data they protect.  For example, most healthcare providers continue to use user name and passwords to protect patient identities when using mHealth tools and portals. While these may have once been permissible security protocols in the past, these identity verification methods are now considered antiquated and should be replaced. Even though user names and passwords have proven to no longer be secure enough to protect patient identities, almost all healthcare providers still rely on their use for mHealth apps and patient portals. 

Secure PHI access requires modern patient and clinician ID technology

If healthcare providers expect patients to adopt mHealth tools and patient portals as a more convenient way to access PHI, the implementation of stronger and more secure identification technology is critical. Most healthcare security experts agree that due to the large amount of PHI data moving across provider locations via mHealth apps and patient portals, stronger security is needed to prevent data breaches if a patient’s identity is compromised. Plus, the increasing complexity of mHealth apps and their distinct ability to sync PHI data across multiple devices raises important questions about how to properly protect patient privacy  to ensure HIPAA compliance for these new tools. 

Securing PHI access is not limited to patient interactions with mHealth tools or patient portals however. A sound strategy to secure mobile and remote access to this sensitive data is required not only for patients, but also for any clinician that has access to mobile technologies. A 2014 HIMSS Analytics Mobile device study reported that:

…approximately one-quarter of US hospitals (28 percent) reported that smartphones are in use at their organization. On average, 169 devices are deployed per hospital. In comparison, 24 percent of US hospitals reported that tablet computers are in use at their organization, with an average of 37 devices deployed per hospital. (source – https://capsite.himssanalytics.org/assets/Uploads/2014-Mobile-Essentials-Brief-TOC12914.pdf)

Healthcare organizations must plan to implement a technology that has the flexibility to be used for secure patient and clinician identification, usually through a strategic combination of a strong single sign-on (SSO) platform to establish strict identification checks and provide a concrete audit trail of data access history with an enterprise-wide patient ID solution to secure remote access to PHI from mHealth apps and patient portals. The modern identification technology of choice for many healthcare providers to meet the rising demand for tighter security to access PHI is biometrics.

Lack of a strong PHI access policy can also have a negative impact on provider reputation. In a recent report on medical identity theft by The Ponemon Institute, 79% of patients surveyed said it is “very important” for healthcare providers to ensure the privacy of health records and allow them to have direct control of their health records.  

Why biometrics?

The HIPAA Privacy Rule requires healthcare organizations to secure remote access to PHI data as a safeguard for patient privacy and to eliminate data breaches that can lead to fraud and medical identity theft. Once considered secure identification criteria, user names and passwords are now considered antiquated and unable to offer strong protection to secure PHI access largely due to the fact that:

  • Most patients don’t want to worry about memorizing a complex password and thus default to using a simplistic password that’s easily guessable.
  • Most patients use the same password for many accounts, resulting in one key that unlocks dozens (or hundreds) of doors.
  • Most patients don’t even keep their passwords in secret. Everything from Netflix accounts to bank accounts to web accounts to video game accounts are often shared between friends, family members, and even strangers.

The use of biometrics for individual identification poses a much more secure and flexible technology to address the pressing need for healthcare to adopt stricter PHI access security protocols. Why?

We have written extensively about the applicability of biometric patient identification to improve patient safety in healthcare. Biometrics relies on identifying patients and clinicians by who they are, rather than what they have (ID badges) or what they know (user names, passwords) which can be more easily stolen or shared. Biometric identification technology is a more secure method to identify patients in self-driven interactions by allowing them to use the camera or microphone on their smartphone or tablet and use facial or voice recognition biometrics for accurate authentication. Biometrics offers more flexibility and convenience because it has the ability to be implemented at patient touchpoints where user name and password entry would be cumbersome and inappropriate — home health settings for example.   

The use of biometrics for identification also offers a concrete PHI access audit trail, a more accurate tracking mechanism than user names or passwords which can easily be shared and often skew analytics because it’s impossible to determine the actual individual using the credentials. This is important because litigation often relies on these audit trails used in the defense of medical identity theft or healthcare fraud claims.

Conclusion

Participation in portals and the use of mHealth and other mobile apps to access PHI is a key catayst to increase patient engagement in healthcare. Patients must have the confidence in their healthcare provider that their PHI is easily accessible and protected with the strongest authentication security on the market that ensures their privacy and safety. User names and passwords are no longer sufficient authentication credentials to meet the expanding need to offer a more flexible, scalable, and more secure identification technology for mHealth apps and patient portals.

Equally important is protecting clinician access to sensitive PHI data. Protocols must be implemented that abandon user names and passwords in favor of technologies such as biometrics that are more secure, less susecptible to being stolen or shared, and leave a concrete PHI data access audit trail. 

Have questions about the use of biometrics for patient identification in healthcare? Feel free to leave a comment or question below. 

 

 

 

mhealth requires strict patient identificaiton

UCLA Breach Reinforces Importance to Protect Patient PHI

It’s probably unfair to say that the recent UCLA Medical Center data breach that potentially exposed the personal health information (PHI) of 4.5 million patients was a wake up call for the healthcare industry to implement tighter data security protocols. In fact, it wasn’t a wake up call at all.

Healthcare data breaches have proliferated over the last five plus years, and the Health and Human Services (HHS) public “wall of shame” list of healthcare data breaches involving 500 or more individuals is…well….let’s just say a tad crowded. Since HHS began the list in 2009, 1,265 breaches exposing the records of nearly 135 million people have made the list. Ouch. The UCLA data breach isn’t groundbreaking news, it is simply another chapter in the long novel of healthcare data breaches that have placed millions of patients at risk by exposing their PHI and in some cases, social security numbers and personal demographic information. 

Mhealth-requires-strict-patient-identificaiton-like-RightPatient

The recent UCLA data breach is a strong reminder that healthcare organizations should consider the use of biometrics such as facial or voice recognition to protect patient PHI on mobile devices and patient portals.

The UCLA breach also foreshadows rising demand for tighter security protocols to protect PHI from unauthorized access on patient portals, mobile devices, and other new touchpoints. This rise of additional patient touchpoints to access PHI has vaulted establishing tighter security controls into the spotlight beyond traditional means of authentication. History has shown that username/password-based security is inadequate on mobile devices, yet healthcare organizations continue to adopt technology that uses this method to authenticate patients. Considering the high stakes to protect patient PHI, the UCLA data breach wasn’t a wake up call – it moved the needle to protect patient PHI to Defcon 1. 

The HIPAA Privacy Rule mandates that healthcare organizations secure remote access to PHI data as a safeguard for patient privacy and to eliminate data breaches that can lead to fraud and medical identity theft. The introduction of touchpoints such as patient portals and mobile devices changes the dynamic of protecting patient PHI because it demands adopting strategies that include using modern patient identification systems yet many healthcare organizations continue to rely on antiquated security solutions.  

Healthcare organizations must now consider patient identification systems that can address accurate authentication at each and every touchpoint along the care continuum, far beyond simply implementing technology that covers patient ID at office visits. 

Accurate-patient-identification-enhances-PHI-security-RightPatient

Implementing accurate patient identification when accessing PHI from mobile devices and patient portals must balance strong security with convenience and speed, which is why technologies such as facial and voice biometrics are gaining popularity. The use of biometrics to protect patient PHI is a smart investment, especially if healthcare organizations deploy a solution that offers the flexibility to be used during hospital/office visits and on each and every touchpoint a patient now has the ability to utilize as a means to access health data. Biometric patient identification solutions offer stronger security than user names and passwords and have proven to be more efficient and convenient by eliminating the need and frustration to remember multiple login credentials.

As we experience a sharp rise in patient driven interactions within the healthcare system that offer more avenues for criminals and hackers to access PHI, it is critical that healthcare organizations implement modern identification solutions that have the ability to better protect this information. Biometrics to protect patient PHI is quickly gaining attention as a security solution that can serve this need. Although it’s impossible to determine whether or not biometrics could have helped prevent hackers from obtaining access to protected patient PHI in the UCLA data breach, the use of this technology can help to offer a secure layer of protection that can deter hackers from even attempting to try.