Popular Tags
Loading...

Best practices for secure patient portals

Published: June 11, 2019 by Experian Health

The roll-out of patient portals has been a slow burn. While consumer finance, retail and other markets have given customers secure electronic access to their personal information for decades, healthcare has been playing catch-up. But thanks to regulatory pushes, such as the Promoting Interoperability and Meaningful Use programs and the Affordable Care Act, digitized health records are now the norm. Over half of healthcare consumers in the US use patient portals to access their health information at the click of a button – just as they do with their bank accounts or grocery deliveries.

Aside from the convenience factor, research suggests that when patients have access to their health records through patient portals, they experience better health outcomes, greater satisfaction levels, and improved communication with their provider. There’s a higher chance of spotting errors. Adherence to medications is increased, and care becomes more accessible for some otherwise hard-to-reach patients. For providers, this sense of ownership, transparency and connection contributes to elevated consumer loyalty and engagement.

As consumers embrace online portals to view their medical records and lab results, renew prescriptions, schedule appointments, and in some cases pay bills, they expect and assume their provider will keep that data secure. Providers must balance convenience and security.

Unfortunately, some patients remain unconvinced of their providers’ ability to get this balance right.

Patients worry about portal privacy and security

Despite the upsides, a quarter of patients with access to online portals in 2017 chose not to access them because of worries about privacy and security.

They’re right to be cautious: medical identities are said to be worth 20-50 times more than financial identities. It’s no wonder identity thieves are increasingly targeting the healthcare industry.

In 2018, the US Department of Health and Human Services’ Office for Civil Rights (OCR) reported 351 data breaches of 500 or more healthcare records, resulting in the exposure of more than 13 million patient records. Hackers are always on the lookout for vulnerabilities to exploit, with patient medical records, log-in credentials, passwords and other authentication credentials among their top five targets.

Without adequate IT security, your prized patient engagement tools – like patient portals – can become an open door for hackers.

As a provider, your job is to make it easy for patients to access and manage their own data, but hard for fraudsters to get their hands on sensitive data.​​​​​​​​​​​​​​

​​​​​​​How to keep patient portals secure

The good thing about being somewhat late to the party is that healthcare organizations can learn from other industries in how they have tackled online security challenges without creating too much of a burden for consumers.

Think about how consumers authenticate their accounts for financial services or even social media profiles. Typically, there’s an email to verify they are who they say they are, or a two-factor authentication process with a code sent to their cell phone. Most patient portals don’t have these layers of security.

At Experian Health, we recommend a multi-layered solution incorporating device recognition (especially important as more users access portals via cell phones and tablets), identity proofing and fraud management. Here are some examples:

  1. Sign-up screening

When someone enrolls in the portal, use identity proofing to ensure they are who they say they are. It’s particularly important to ask out-of-wallet questions, such as their city of birth, first car model, or previous address to make sure they’re not an imposter.

  1.     Log-in monitoring

Device intelligence will help you confirm the patient is using a cell phone or tablet your system recognizes, to minimize the risk of someone else accessing their account. This technology will tell you if the device is associated with previous fraudulent activities or potentially impersonating multiple patients. If a device fails to meet the risk threshold, identity proofing questions can be used to verify the user’s right to access the account.

  1. Additional checks on risky requests

Some patient portal activities, like downloading medical records and editing a patient’s profile, increase the risk. You’d want to add an extra layer of control here, such as additional out-of-wallet questions, to safeguard your patient’s data.

  1. Rapid response and damage containment

Given the sensitivity and richness of medical data, an attack on the portal can be devastating for patients and costly for providers. In the event of an attack, providers can put in place early warning systems to flag up which patients have been compromised and trigger rapid response measures to shut down the attack and prevent the damage from spreading.

  1. Promote interoperability

Physicians and care providers need to share information on patients in the course of providing good care. But how are they doing this? To keep that data secure and ensure it’s only seen by the right people, you can set up your systems to share data across different platforms in a safe and secure way.

Underlying all of this is the need to reassure your patients that you can be trusted with their data. Victoria Dames, Senior Director of Product Management, Experian Health, explains:

“Healthcare breaches are nothing new, and neither is hackers’ and identity thieves’ penchant for medical records. What is new, however, is the broad range of tools that organizations can now utilize to stop them from accessing that personal data. Give patients the peace of mind they deserve by taking advantage of up-to-date solutions that actually work in our ever-evolving tech climate.”

Learn more about how protect patient portals and encourage more patients to enjoy the full benefits of their patient portal, knowing that their sensitive personal details are safe.

Related Posts

Q&A: authenticating portal access with automation

Featured

Other blog posts in this series: Segmenting your patient population for the COVID-19 vaccine Engaging patient segments with convenient, secure scheduling solutions The patient portal can play an important role in COVID-19 vaccination efforts, allowing patients the ability to both schedule their vaccines and keep track of where they are in the process, at least for those vaccines that require more than one dose. We interviewed Victoria Dames, senior director of product management at Experian Health, about how providers can authenticate portal access with automation, while also protecting patient identities. As portal traffic increases, what are the authorization concerns? Many providers who are supporting the mass vaccination sites are leveraging their existing patient portals to schedule patients for the vaccine. As providers are now seeing individuals sign up for portals at scale it can difficult to ensure that the individuals being granted access to the portal are in fact who they say they are. That is a huge concern knowing the patient portal contains PHI that is commonly a target for fraudsters. What are the benefits of automating portal enrollment and access? Automation alleviates two things. First, it provides an industry-wide level of security and assurance. It provides the market standard for identity proofing before granting access to a patient record. Second, it alleviates a lot of the administrative burden put on provider staff. Automating portal enrollment allows staff to focus their attention on other, more important efforts. And, for portal enrollment at this magnitude, automation really is necessary. Providers are seeing individuals going back multiple times to the same portal, signing in more than once and sometimes with multiple log-ins, just to schedule an appointment for a vaccination. Our recent survey on patient access found that 54% of patients are concerned about security when accessing their personal details online. From a provider’s perspective, does having a system like this help with the objective of making patients feel more secure? One area where patient and provider views align is around the security of digital access solutions. The balance, though, between security and convenience can be a tough one to maintain. Moving quickly while maintaining security – and without adding undue friction – is a tall order, but it’s not optional. With the right tools and support, providers can safeguard patient data throughout the vaccination process with confidence and make the portal enrollment process as frictionless as possible. Interested in learning more about how Experian Health can help supercharge the COVID-19 vaccine management process?

Published: March 18, 2021 by Experian Health

Read More

What is a Unique Patient Identifier?

Data and Analytics

A healthcare network with streamlined data management provides an environment where duplicate or inaccurate information is detected and corrected.

Published: January 26, 2021 by Experian Health

Read More

2021 patient experience predictions

Collections Optimization

As 2020 draws to a close and headlines hint that the end might finally be in sight for the pandemic, the healthcare industry is considering COVID-19’s legacy. The sudden shift to contactless care, financial consequences of widespread social distancing measures and changing expectations of the patient experience have upended the world of healthcare and health IT – but which changes are here to stay? And what do these changes mean for the patient experience in 2021? We asked several leaders across Experian Health for their predictions in the areas of patient access, collections, and identity management, and here is a preview of what they had to say: “Patients will choose providers that give them control over their healthcare experience” Patients have more opportunity today than ever before to manage their healthcare experience from the comfort of their own home, whether that be through patient portals, online self-scheduling and registration or online payment tools. As lockdowns and social distancing prevented patients from presenting in person, providers were forced to offer patients with more options for self-service. Unsurprisingly, this was a move a lot of patients have been waiting for and many welcomed this new technology with open arms. Jason Kressel, senior vice president of consumer products and analytics at Experian Health, expects that, as patients become more accustomed to this level of self-service, more than half of consumers will change providers in favor of one that offers premium digital healthcare services: “Providers who can meet patients where they are—through web-based services and via their mobile devices—will have the most success with retaining and attracting patients.” Online self-scheduling can put patients in the driver seat while also avoiding unnecessary contact while many remain cautious about on-site visits. With access issues removed, the patient experience will improve, in turn improving health outcomes (and providers’ bottom lines!). “With hospital finances on shaky ground, collections will be a top priority for survival” As COVID-related unemployment leads to an unstable insurance landscape, many providers are worried about maintaining effective collections processes, and they cannot afford to spend time chasing payments. Guarding against uncompensated care and tightening up the collections process will be essential. Automated collections software can help collections teams focus their efforts on patients who are most likely to pay, while also helping patients manage their financial obligations with as little stress as possible. Providers can also quickly determine which patients qualify for financial assistance, helping them get them on the right payment pathway for their circumstance without delay. Not only will this provide a much better patient financial experience, it’ll prevent “lost coverage” and allow providers to collect a larger portion of dollars owed. “The surge in portal usage means providers need to watch out for fraudsters” What does the rapid growth in portal uptake mean for data security? The speedy rollout of telehealth and other digital services has exposed security concerns for many providers, who fear a rise in fraudulent activity in 2021 as cybercriminals sniff out opportunities to steal patient data. To protect patient information and avoid costly reputational damage, providers must adopt more sophisticated identity management solutions. By combining cutting edge identity proofing, risk-based authentication and knowledge-based questions, providers can more easily verify a patient’s identity when they log on to their portal, greatly eliminating the risk of fraud. Interested in learning more about other trends that could affect the patient experience moving forward?

Published: December 8, 2020 by Experian Health

Read More

Categories

Tags

care coordination care management claims claims and contract management CMS collections compliance consumer data consumerism contract management Coverage Discovery COVID-19 Data and Analytics denials management eCare NEXT fraud identity management identity proofing identity theft medical identity theft Medicare online patient scheduling patient access Patient Collections patient engagement patient estimates patient experience patient identity patient identity theft patient payment patient portal patient responsibility patient satisfaction patient schedule price transparency reimbursement revenue cycle Revenue Cycle Management self-pay self-pay collections social determinants of health Universal Identity Manager universal patient identifier value-based care value-based reimbursement

Subscription title JR New new

Description This is a test

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Archives

Subscription title

Description
Subscribe

Search Test

Legacy Button