Identity Management
Match, manage, and protect identities
In case you missed them, below are some great tools to help you address key business challenges. Enjoy the read! Press Releases Innovative Mindset Enables Experian Health to Deliver New Capabilities Experian Health Rises to 45 On The 2016 Healthcare Informatics 100 List White Paper Why Start the Payment Process Prior to Service? As a patient’s financial obligation grows, it’s imperative to tailor payment strategies to each unique situation. In pre-service stages, data-driven solutions provide a higher likelihood of securing patient payment. Flexible patient payment plans contribute to a positive billing, payment, and overall engagement experience, as well as a provider’s financial health. Read our white paper to learn more about the importance of the Personalization in the Healthcare Consumer Payment Process. Read Now Article: Healthcare IT Transformation - How Has Ransomware Shifted the Landscape of Healthcare Data Security? Read Now
Welcome Katie Zibelin, Experian Health Marketing’s newest team member. Katie made her Experian debut in August 2015 as an intern where she supported client events, tradeshows and proposal efforts behind the scenes. Upon securing her advertising degree from the University of Texas at Austin in December 2015--one semester ahead of schedule--Katie joined the team full time this February. In her current role as a Marketing Coordinator, Katie is responsible for tracking projects, managing vendor activities, conducting tradeshow and vendor research, developing new vendor relationships, coordinating and supervising tradeshow activities and communicating programs and events. Katie also serves as the project leader of our 2016 Regional User Conferences. In her first solo performance at our Southeast Regional Conference in New Orleans, Katie received rave reviews for demonstrating project management and event planning maturity and grace under pressure. Fun Fact: Katie is also an accomplished contemporary dancer/performer/instructor. Please do not hesitate to reach out to Katie with questions regarding any of the upcoming Regional User Conferences at Katie.Zibelin@experianhealth.com.
At HHS, we’re working today with an eye on the horizon. We’re committed to building a health care system that provides better care, spends our health care dollars in smarter ways, and puts patients at the center of their care. Our aim is to strengthen health care so that it works for the health of every American. Our vision for this health care system is one where a patient can easily check their own medical record, where a patient’s different clinicians, from pharmacists to nurses to physicians, can more seamlessly work together to keep that patient healthy, and where treatment can easily be tailored to a specific patient’s needs. The key to unlocking that vision of a modern health care system is joining the data revolution that has already transformed so much of our society. Just recently, Secretary Burwell spoke at the 2016 conference of the Healthcare Information and Management Systems Society. She spoke about our need to unlock data to bring health care into the 21st century and how the security of patient data is essential to our progress. As she told the audience, “People should be able to easily and securely access their electronic health information and send it to any desired location. They need to be able to understand how their information can be shared and used. And they must be assured that this information will be effectively and safely used to benefit their health and that of their community.” Today, we’re taking a significant step to improve the safety of the data and security of life-saving medical devices across our health care system by announcing the membership of the Health Care Industry Cybersecurity Task Force. The members of this Task Force are leaders in government and private industry. They’re innovators in technology and pioneers in health care. They represent organizations of various sizes, and they hail from different parts of the country. Over the next year, these individuals will collectively look across industries and sectors to find the best ways organizations of all types are keeping data and connected medical devices safe and secure. They’ll discuss these ideas among themselves and, in the next year, they’ll report their findings to Congress and the public. They’ll also develop materials to share widely, ensuring every organization that plays a part in our health care system can protect the data that that is part of this system. As President Obama has made clear, cybersecurity is one of the most serious security challenges that our nation faces. So as we look to transform our health care system into one that works better for all Americans, we need to ensure it works safely for all Americans. We need to protect the data at the foundation of our health care system. That’s our commitment here at HHS, and it’s why we’re so excited to launch the Health Care Industry Cybersecurity Task Force.
The evolution from paper to online medical records is an opportunity to engage patients more fully in their care while making healthcare organizations more efficient. However, while patients enjoy the convenience of self-service access to all of their medical information, the portals offer cybercriminals a one-stop-shop for identity theft as well. According to Identity Theft Resource Center in San Diego, medical identity theft is the fastest growing type of identity theft, increasing at 32% annually. In fact, healthcare-related data breaches are already 10 times more frequent than data breaches in the financial services sector. And unlike stolen credit card information, which is often detected within a few transactions, medical identity theft often goes undetected for over a year. The comprehensive data contained in patient portals is especially lucrative to fraudsters, demanding a premium price in the underground market. While a stolen credit card number may sell for a dollar, a full set of medical records can command hundreds of dollars. The breadth of data within a patient portal offers fraudsters multiple opportunities to “cash in.” Compounding the problem is the level of detail presented on patient portals, often including unmasked insurance IDs, full images of patients’ insurance cards, problem lists, prescription histories. Stolen medical identities are used by criminals in two ways: obtaining medical care under the victim’s identity and using the identities to fraudulently bill for services or durable goods, which were never delivered. Problem lists, which are a mandated component of patient portals, are particularly useful to criminals, because they allow classification of each victim by the type of fraud which their identity could support. The problem lists typically use standard terminology, which makes them particularly useful for classification purposes. Using malicious software, criminals can search the lists for “key words” describing conditions that demand specific types of services or durable goods. This targeted approach would make fraud more personalized to the victim’s profile and harder to detect. Most patient portals use simple password protection, which can be easily captured by key-logging malware. This type of malware lays dormant on the victim’s machine, waiting for the victim to log into a patient portal site. When the patient logs in, the malware wakes up and captures the victim’s username and password. Using the stolen credentials, the criminals can get into the site, and once in can collect extensive information about the victim. Medical identity theft has severe consequences for both patients and providers. Patients are faced with the financial costs of covering fraudulent bills and medical costs stemming from treatment of other individuals. Comingling of the victim’s and the criminal’s medical records can also put the patient in life-threatening situations if treated or diagnosed incorrectly. Providers face steep financial costs from retribution payments and HIPAA violation fees up to $1.5M per violation, however arguably the most significant consequence they face is damage to reputation. Complicating matters is the fact that security measures cannot be so onerous that they dampen consumer adoption. Towards that end, use of covert technologies to analyze the identities and devices enrolling into a patient portal or logging in to it can increase security without impacting user experience. Precise ID® with FraudNet for healthcare portals provides healthcare organizations with a way to confidently authenticate patients and reduce risk during enrollment and ongoing access to healthcare portals. It does so in a streamlined manner without burdening patients with increased wait times and complexities. Together, these solutions identify fraud, authenticate patients and validate devices – all in a single platform. To learn more, view Experian Health’s complimentary on-demand webinar, “The Hidden Risks of Healthcare Portals,” or download the new white paper, “The Pitfalls of Healthcare Portals,” where we outline why your portal may be more vulnerable than you think.
Picture this: A movie trailer features a healthcare organization with a newly-minted portal through which patients access their private health information, make appointments and ask questions of their physician. The plot thickens as an unwelcomed guest looks for an identity to steal. With a few key strokes of a predictable password, the thief strikes gold, data is breached and the nightmare begins. From the patient standpoint, the Ponemon Institute® reports nearly 1.5 million Americans were affected by medical identity theft last year. And, those numbers are expected to rise as more hospitals add patient portals to comply with Meaningful Use Stage 2, which requires that more than 5% of all unique patients seen by the provider must be able to view, download, or transmit to a third party their health information. All this to say, organizations have the ability to proactively implement strategies to combat this concerning reality. To mitigate the risk of identity theft via a patient portal, healthcare organizations should consider a strategy to effectively control portal access beyond the basic user name and password. This type of heightened security via tools that combine state-of-the-art identity proofing, risk-based authentication and knowledge-based questions can help securely verify each patient’s identity. Such tools empower healthcare organizations to identify fraud more efficiently than traditional rules-based identity checks. Additionally, they provide the patient with a better online portal experience and greater peace of mind knowing that extra security measures are safeguarding their personal information. Don’t let a potential movie storyline dictate your reality. With industry experts predicting a 221 percent growth in the U.S. patient portal market by 2017, it’s time for healthcare organizations to partner with a trusted expert in fraud prevention to help them implement technologies that securely verify each patient’s identity. How secure is your patient portal?
