Identity Management

This article discusses how healthcare organizations can prevent medical fraud and ensure eligibility integrity.

New data reveals that the number of healthcare data breaches continues to climb, causing financial and reputational damage to healthcare providers. HIPAA Journal reported 692 large healthcare data breaches between July 2021 and June 2022 that exposed the records of over 42 million individuals. The number of records breached in June 2022 was more than 65% higher than the monthly average over the previous year, highlighting the need for providers to stay on top of their game when it comes to protecting patient data. In a recent conversation with PYMNTS, Chris Wild, Experian Health’s Vice President of Adjacent Markets and Consumer Engagement, discussed the consequences of healthcare data breaches and set out the key steps providers should take to prevent and resolve security incidents. Compromised patient records send financial and reputational costs soaring IBM reports that financial damages resulting from data breaches have reached a 12-year high, with the average breach in healthcare costing $10.1 million, up nearly $1 million since 2020. Wild notes that this includes a huge range of costs, from HIPAA fines to operational costs to curb and resolve breaches: “The cost of dealing with a breach is enormous. There’s anything from penalties of $100 per incident to $1.5 million per year. You’ve got reconciliation costs – trying to patch the holes in technology stacks and things like that. You’ve also got inbound phone calls from concerned patients who’ve just heard about a breach and want to know if it impacts them.” But Wild says that beyond HIPAA fines and operational expenses, the greatest cost is repairing the reputational damage of breaching patient trust: “the reputational cost is enormous because once you lose a patient, you lose a patient.” Wild suggests a two-pronged approach to mitigate the risk and impact of a healthcare data breach that focuses on prevention and preparation. Protecting patient identities to deliver a satisfying and secure consumer experience  An unfortunate side effect of the accelerated adoption of digital health solutions during the pandemic was that it opened the door to new methods of medical crime and fraud. Patients interact with their data electronically more often, thus increasing their vulnerability to cyber-criminal attacks. Preventing infiltration by bad actors before they occur should be the priority. In the past, efforts to secure a patient’s identity have relied on personal security questions, considered unanswerable by anyone but the patient. However, Wild says that asking for past addresses and details of previous living arrangements may no longer be the gold standard: “We’re finding that this is a little bit passé now. There’s a lot more that goes into identifying somebody, and that goes along with improving security, but it also improves the patient experience. There’s always been a balance between trying to make sure that data is secure on the one hand, but also make sure that it’s easy to access on the other.” To this end, providers should look for patient engagement solutions that deliver a flexible, convenient and consumer-friendly patient experience, while ensuring that patient data is secure. Wild suggests a few specific strategies, such as monitoring device ID and validating the identification documents used during patient registration: “When you have your cell phone or your tablet or your laptop, or your computer, or even your voice assistant devices, they all have a device ID. We keep track of those and see which ones are being naughty, which ones are being nice. We can start to ramp up when we see a naughty device acting naughty. But also think about things like document verification, validating that a driver’s license being shown to a registrar is actually a real driver’s license, or things of that nature.” A multi-layered approach to securing patient portals and other digital patient access tools will ensure there is no single point of vulnerability. Experian Health’s patient portal security solutions with Precise ID include a range of protections, including two-factor sign-in authentication, device intelligence and additional checks on risky requests to proactively secure patient identities. Each element protects against a specific type of threat, building up defensive depth to thwart attempts to breach patient data. Responding quickly in the event of a healthcare data breach Prevention only goes so far, though. Evidence suggests that most healthcare providers will be hit by a data breach at some point. Wild suggests that regular “fire drills” can help ensure that everyone in the organization knows how to respond, should the worst happen: “For a healthcare data breach or any sort of misappropriation of patient or member data, you want to make sure you’re keeping things safe, keeping things secure, and make sure that all of the associated people know what to do.” Wild says this must include front desk staff who will be answering phones from worried patients, through to marketing teams who will need to put out proactive messages about what happened and how it will be dealt with. How a provider responds may have an even greater impact on their reputation and patient loyalty than the breach itself. All of this can be pulled together in a data breach response plan, which sets out exactly what needs to be done and by whom, to help organizations avoid missteps in the aftermath of a breach. Experian Health’s Reserved ResponseTM program can help healthcare organizations put together a data breach preparedness plan in as little as three days. The program is based on 17 years of real-world experience dealing with data breaches and has evolved as security threats and consequences have increased. The program offers providers guides, templates, checklists and service-level agreements to guarantee manpower, infrastructure and response readiness at the most crucial moments. As the uptake of patient portals and other digital patient access solutions accelerates, finding the right data security partner to help navigate the unprecedented threats and consequences will be essential. Watch the full interview with Chris Wild and find out more about how Experian Health helps healthcare providers protect patient identities to prevent healthcare data breaches.

With support from Experian Health, the Council of State and Territorial Epidemiologists (CSTE) assisted state health departments with tracking and managing COVID-19 infection rates. Universal Identity Manager (UIM) complemented existing data tools by closing gaps in patient identities, so public health officials could efficiently identify and contact those who might be infected or at risk of infection. In Massachusetts, this data underpinned hyper-localized dashboards to inform community-level public health decisions. Related reading: Learn how the Tennessee Department of Health used UIM to improve contact tracing and patient outreach during the pandemic. In Massachusetts, responsibility for providing COVID-19 data to local governments fell to the public health department’s Division of Surveillance, Analytics and Informatics (DSAI). Local officials relied on this data to make swift and effective decisions about school closures and restrictions on public events. One particular challenge was tracking the spread of COVID-19 among transitory populations. Records for incarcerated individuals, university students and nursing home staff often showed the address linked with the person’s health insurance, rather than where they were currently living. Inaccurate contact details could skew data, resulting in unreliable data reports. In addition, this new initiative had to meet the Massachusetts Department of Public Health’s existing data privacy standards. Universal Identity Manager helped the DSAI team fill in missing patient information with current demographic data, using the Experian Single Best Record. UIM combines best-in-class probabilistic and referential matching technology to accurately match records across multiple healthcare organizations. A Universal Patient Identifier is assigned to each patient, which allows instant updates to demographic data for a single, accurate and complete view of each person. To address concerns about maintaining patient privacy, an expiration date was applied to the data usage rights, defining and limiting the time period in which the team could use patient identity data derived from UIM for this initiative. With these complete records, hyper-localized COVID-19 dashboards provided data-driven support to allow 351 local health boards to make fast and effective public health decisions. Find out more about how Universal Identity Manager can support improved community outreach and decision-making with accurate and secure patient identities.

During the COVID-19 pandemic, national and state health departments needed timely and accurate patient data to communicate quickly with citizens and make decisions about the local public health response. With support from Experian Health, the Council of State and Territorial Epidemiologists (CSTE) utilized Universal Identity Manager to provide members with reliable and accessible data tools to help slow the spread of disease. Here’s how the Tennessee Department of Health (TDH) used those resources to improve contact tracing and patient outreach amid mass relocations. According to Pew Research Center, more than a fifth of US adults changed their residence in 2020 because of the pandemic, or knew someone who did. In Tennessee, Epidemiologist and COVID-19 Team Lead David Fields identified mass relocation as a major obstacle to patient outreach during the pandemic. Job losses caused residential displacement, meaning that a patient’s health record didn’t always show the most current address. Because of the nature of their work, migrant farmworkers often have fluid living situations. This means that they rarely have a continuous home address and will share the same address or phone number with others, which hinders effective communication. And the private laboratories that expanded into COVID-19 testing often relied on stale contact data. These are some of the primary challenges that confronted the team in Tennessee working to verify data they were receiving. Experian Health helped TDH close the gaps in patient records using the Universal Identity Manager (UIM) platform. With UIM, records are matched using a unique patient identifier that combines industry-leading demographic information with the highest quality reference data to create the Experian Single Best Record. This accurately identifies separate records that belong to one person, creating a “golden thread” that follows the patient throughout their healthcare journey. TDH was fielding around 150 demographic data requests from community health departments per day. Before the pandemic, David’s team responded to these requests using proprietary and third-party databases that aggregated data held in public records. UIM complemented this approach with faster records matching, which allowed the team to provide quicker and more reliable patient contact information. In particular, UIM supported more efficient contact tracing during mass relocations by providing accurate phone numbers for citizens with positive COVID-19 test results and data for "hard-to-contact" cases. This solution also helped TDH create statistical analyses for the spread of COVID in the local populace by providing demographic data – such as gender and race. Find out more about how Universal Identity Manager accurately matches and protects patient data across multiple data sources, to create a single, longitudinal view of each patient and real-time insights to improve public health decision making and patient outreach.

Solving the patient identity problem and ensuring that each patient record is accurate and airtight is a top priority. Healthcare providers want to be 100% confident in answering “yes” to the following questions: Is the patient who they say they are? Is the right medication being administered to the right person? Is the correct bill being sent to the patient’s current address? By validating patient identities, providers can secure patient trust, deliver high-quality care, and avoid losing revenue to identity errors and fraud. Unfortunately, patient identity management is only becoming more complex. While telehealth and remote patient access are opening healthcare’s digital front door to meet changing consumer needs and expectations, a mountain of sensitive patient data is piling up. This data is a gold mine for fraudsters who steal and sell patients’ personal information or use it to access services and prescriptions without paying. It’s distressing for patients and creates a major financial and administrative burden for healthcare staff. A nationwide patient identification system may still be some way off. However, providers can optimize patient matching in their own health systems by working to reduce vulnerabilities and adopting cutting-edge interoperable patient matching technology. Better patient matching means better patient care and protected profits The human cost of incorrect, incomplete or outdated patient medical records is significant. Patients could be given the wrong medication or diagnostic procedures. Allergy information can be missed. Patient test results can be mislabeled or mixed up. In Experian Health’s State of Patient Access 2.0 survey, almost half of providers said inaccurate and incomplete patient data was an obstacle to proactive follow-up, which could cause gaps in care and avoidable complications – which are critical to value-based care compensation. Duplicate and mismatched patient records also create massive inefficiencies that can threaten an organization’s financial health too. With telehealth claim lines climbing by 2817% between December 2019 and December 2020, reliably authenticating patient identities in both existing and new services will be critical to future financial performance. Resolve, protect and enrich patient identities with universal identifiers Having the right technology to resolve and secure a patient’s information when they log on to patient portals and telehealth systems is the first step. Automating patient enrollment with Experian Health’s PreciseID® ensures the patient is who they say they are. This solution utilizes best practices in identity-proofing, fraud management and device recognition. But this system only works if the records being matched are accurate. A universal patient identifier provides a single, accurate, 360° view of each patient throughout their healthcare journey. An interoperable format allows systems to talk to each other and protects against duplicates, errors, inefficiencies and fraudulent activity. Universal identifiers aren’t available nationwide yet, though there has been some encouraging movement. Congress is working to remove the ban on funding for such measures, while the Centers for Medicare and Medicaid Services are taking steps to promote data standardization. For health systems that want to maintain a golden record for each patient within the bounds of their own operations, Experian Health’s Universal Patient Identifier allows staff to connect, verify and protect patient information. Choosing the right patient matching technology Traditional matching technology relies on demographic data and uses deterministic or probabilistic methods to link records with identical identification information. However, relying on a single source of data means that previous errors are inherited by new versions of a patient’s record. Demographic data isn’t unique to individual patients, which can lead to mismatched records and create extra manual work to fix. Experian Health uses referential matching technology to build a complete view of patients from reliable health, credit, and consumer data sources. The universal patient identifier connects disparate datasets and instantly updates the master index of patient records with new data points. Referential matching can only ever be as good as the data that is being matched and Experian is a global leader in data accuracy, across numerous sources, and is continually updated. Victoria Dames, VP of Product Management at Experian Health, says, "With Experian’s reference data, we’re able to create a longitudinal record of each individual and reconcile their data as they change names, addresses and see different providers. You need to know that it’s the same person, especially with the pandemic acting as a catalyst for digital technologies such as telehealth. It also helps organizations bring data together and ensure data integrity through mergers and acquisitions. Dealing with large volumes of data is a big hill to climb, but with the right technologies it can be that much faster.” As telehealth and digital patient access services gain traction, solving the patient identity problem becomes increasingly urgent. Universal Identity Manager combines industry-leading consumer demographic information with the highest quality reference data and powerful unique patient identifiers to create a single view of each patient. With better patient identity management, providers can protect against errors and fraud, and reassure patients that their personal information is safe. Find out more about Experian Health’s identity management solutions.

QR code technology has opened the door to new cybersecurity risks. Providers must remain vigilant with protecting patient identities.

Patient identity management remains a major challenge for healthcare providers. Learn how to unlock the power of data to deliver better care.

In this infographic, we break down the changes to post-COVID-19 patient journey, and the changes that have impacted every step.

The pandemic opened the door to a whole new set of identity management challenges. How can providers solve for data standardization challenges?