Tag: identity proofing
They used to be little more than clunky messaging platforms, but today, patient portals are the key to a frictionless digital healthcare experience. Consumers can check their medical records and test results with a few clicks. They can schedule appointments, pay bills and renew prescriptions whenever they want. Shifting patient information to portals also increases staff productivity and smooths out several sticking points in the revenue cycle. And with improvements in engagement and efficiency leading to better health outcomes, no wonder 90% of healthcare organizations are putting portals at the heart of the patient experience. But these benefits aren’t without risks. Privacy and security are big concerns for consumers and organizations alike. Patients want to feel reassured their data is safe, while providers want to avoid any reputation-killing headlines about data breaches. Identification and authentication can’t be too complicated though, or the patient experience will suffer. The safest strategy is to use a risk-based multi-layered approach, including identity proofing, fraud management, device recognition and even biometrics. Different levels of security checks can be applied, depending on the likelihood of the person being an imposter. If the information being accessed is particularly sensitive, or when the log-in information doesn’t quite add up, your system should trigger additional checks, such as identity proofing questions. But what are the right questions to ask? The right questions balance risk, trust and proportionality There’s no point seeking security information that could be easily guessed, obtained through a quick Google search or stolen from a patient’s wallet. You need questions only the true consumer would be able to answer – “out of wallet” questions, or knowledge-based authentication. This means the traditional “mother’s surname” question would not be a great choice, as it’s easily discoverable by potential fraudsters. Better questions might relate to the consumer’s city of birth, first car model, first pet’s name or previous address. Of course, these identifiers could still be obtained by nefarious parties, but when used in combination with other identity proofing tactics, it’s a significantly reduced risk. The sweet spot lies in the difference between the consumer’s ability to answer correctly and that of a potential fraudster. Your questions should also be relevant to the consumer and appropriate to the context. For example, a common out-of-wallet question used by financial institutions is to confirm a recent transaction. This ticks the box for security, as only the true consumer would likely know the answer, but in the context of a healthcare portal it could seem odd and out of place. It might make the patient wary and actually do more harm than good in terms of building trust. Progressive questioning lets you use smart logic to select a range of appropriate, varied questions, rotated over time and layered up for additional checks when a certain threshold of risk is perceived. In this way, the patient experience will be flexible, seamless and reassuring, without the burden of excessive admin. How Sutter Health System used better questions to increase enrollment and reduce help desk contacts With around 1.8 million patients actively enrolled, Sutter Health System wanted to offer easy access to their self-service portal, but without accidentally giving anyone access to someone else’s information. They had no true identity proofing process for patients, which led to cumbersome checks, errors and high numbers of calls to the help desk. Introducing the PreciseID® identity-proofing tool meant the team could authenticate users more quickly and reliably, using knowledge-based questions without an arduous process. Now, patients have just four or five simple questions to answer, which are checked against a robust dataset. An online risk assessment verifies the patient’s device and determines whether additional checks are required, balancing security with convenience. Tom Mitchell, Applications Manager at Sutter Health System Office describes working in partnership with Experian Health to find the right set of questions: “It took about a month to really hone in on the types of questions and the frequency of questions needed to achieve a level of accuracy that would equate to properly identified patients. You need to select what is important to you and Experian will work with you to make sure you ask the right questions.” Not only has this increased the number of positive patient matches, it’s also reduced the number of people trying to contact the help desk with password issues. Tom says: “We’re always trying to reduce the number of contacts to the help desk. Before integrating with self-service enrollment, patients would have to fill out a paper form or call our contact center, in which case a live person would have to go through some validation processes of our own. It was a fairly cumbersome, long process without this piece of validation.” And they’re not alone: AdvantageCare Physicians in New York introduced a similar new approach, enabling them to reduce overall help desk calls by 25% and cut the amount of staff time spent on validating patient IDs by 80%. What could better identity proofing do for you? Find out more about how PreciseID could help you ask the right questions for better portal protection.
When a doctor pulls up a patient’s record, it should be a safe assumption that the information on the screen relates to the patient sitting in front of them. It should contain every detail of the patient’s medical history, along with their current address and accurate personal information. It certainly shouldn’t contain anyone else’s data! Yet all too often, patient records are plagued with inaccuracies. Around 30% of patient data in electronic health records is incomplete or inaccurate, and up to half of records are not linked to the correct patient. The ONC estimates that around a fifth of patients may not be matched to their entire medical record within an organization, while more than a half of records shared between organizations contain errors. Despite all of modern medicine’s ground-breaking achievements and our increasingly digitized world, the ability to share information between different payers and providers in a reliable and secure way remains frustratingly out of reach. Could a universal patient identifier unlock interoperability? Imagine a healthcare ecosystem where administrators and clinicians can safely exchange information without worrying about whether it’s inaccurate, incomplete, or incompatible with each other’s systems. Interoperability could make life easier for healthcare staff and patients alike. While regulations such as the Affordable Care Act introduced many carrots and sticks to drive up adoption of electronic medical records to support interoperability, they also revealed a critical gap in healthcare: the need for a universal patient identifier (UPI). This is an identifier that would help manage patient identification across the whole healthcare ecosystem. A UPI would allow providers and payers to follow patients throughout all their major medical and life events and be sure that the information they hold for their member or patient is 100% accurate, current and complete. Instead, the absence of a UPI, compounded by the sheer volume and fluidity of patient data, has created significant issues downstream. Billing errors, unnecessary treatment and testing, HIPAA breaches, prescriptions filled for the wrong patients and many other issues all play a role in the growing number of preventable medical errors (estimated to be the third leading cause of death in the US). Striving for truly interoperable patient information should be a priority across the entire healthcare industry. Still, while federal funding for a UPI is currently being considered by Congress, we’re seeing more and more industry-led responses to help improve patient identity management. 5 benefits of using a universal patient identifier for interoperability Improve patient safety How can physicians be sure they’re recommending the right treatment for a patient, when there could be a vital piece of information missing from their medical history or allergy list? How can a pharmacist feel confident handing over a prescription, when there’s a chance the patient in front of them isn’t the same patient named on the script? A UPI can help avoid ‘wrong patient’ events and allow providers to share information to spot trends in recurring errors so that action can be taken to prevent them in future. Lower healthcare costs The West Health Institute found that that medical device interoperability could save the U.S. healthcare system more than $30 billion per year. For individual providers, UPIs could improve productivity by reducing the amount of time clinicians and hospital staff spend trying to sort out inaccurate records. And with nearly a third of claims denied as a result of patient misidentification, this could mean savings in the region of $17.4 million for the average hospital. A better patient experience Patients are right to be frustrated when their physician doesn’t have up-to-date records about them, or their provider sends appointment reminders to an old address. Expecting patients to fill out multiple forms (often multiple times) is inefficient and hardly contributes to a positive patient experience. A tool such as Universal Identity Manager can help providers exchange timely data, eliminate duplicate records and coordinate care, so the patient is supported throughout their healthcare journey. Stronger privacy Electronic records linked with a UPI allow healthcare organizations to phase out manual processes—which is not only more efficient, but also helps minimize the risk of patient data falling into the wrong hands. It’s much easier to keep the data secure when it’s contained in a single record, compared to multiple versions of a record filled with scribbled notes and random updates that could easily end up attached to the wrong record. Experian Health’s Precise ID gives healthcare organizations a HIPAA-compliant way to authenticate patients and reduce the risk of a data breach during enrollment. Better data to tackle the social determinants of health As consumer data opens up new opportunities to improve population health, a network of shared data will be essential for identifying trends in the social and economic factors that affect medical outcomes. Interoperable data sets and technologies can enhance the way public health data is collected and used, for better patient outcomes and population health. Interoperability currently remains a challenge, but the tools exist to improve the way information is shared and used across the healthcare ecosystem. By integrating clinical data into the patient access workflow, you can increase productivity, reduce costs, and ultimately improve the patient experience. Contact our team to find out how this could help your organization achieve more efficient, accurate and actionable data sharing.
Medical identity theft is a growing concern for healthcare organizations in the digital age. In 2017, healthcare data breaches accounted for 24% of all data breaches, rising to 29% in 2018. In just 12 months, the total number of personal medical records exposed jumped from 5.3 million to 9.9 million. In fact, healthcare data breaches tend to expose many more individual records than other industries. For example, according to the Identity Theft Resource Center, 43.9% of breaches in the first half of 2019 were in business, while only 36.9% were in healthcare. But for healthcare, this meant exposing a staggering 77.4% of all records left vulnerable to identity theft, compared to just 9.5% by business breaches. The potential impact of a healthcare data breach seems to be further-reaching than in other fields. At the same time, healthcare is slightly behind other industries when it comes to data security. Financial services have a two-decade head start to refine their anti-fraud strategies. This, coupled with the fact that medical identities are worth 20 to 50 times more to fraudsters than financial identities, means medical identity theft is increasingly appealing to criminals. It’s a big concern, but healthcare organizations can use data to fight data theft. When you’re armed with the right information, you can put in place the right strategy to protect your patients. What is medical identity theft? Medical identity theft is when someone uses another person’s health-related identifying information without them knowing. This could include their name and address, Social Security number, health records, or insurance information. Fraudsters can use this information to access medical services without paying, submit false insurance claims, or buy drugs. They pretend to be someone else to access services illegally. In addition, that personal information could be used for other kinds of identity fraud or blackmail. What are the consequences of medical identity theft? Karly Rowe, Vice President New Product Development, Identity & Care Management Product at Experian Health, says: “For patients, the impact of having their personal information stolen, and then possibly used to make false claims in their name, can be hugely violating. When someone’s record becomes overlaid with a thief’s record, this can have massive consequences for that person’s future treatment. It’s a major stress to sort out – both administratively and financially. And for organizations, there’s obviously the reputational hit. The relationship between provider and patient is based on trust. When you fail to secure your patients’ most personal information, you risk losing that trust for good.” It’s also a major cost. Medical fraud in the U.S. is estimated to cost somewhere between $80 billion and $230 billion, with the cost to individual providers and payers coming in at around $2 million per breach. To tackle the problem, healthcare organizations are stepping up their security practices across the board. A HIMSS survey, in partnership with Experian Data Breach Resolution, reported that data security strategies have improved. Ninety-two percent of those asked had performed a formal risk analysis, and more than half had increased their patient data security budget. A number of organizations also teamed up to form the Medical Identity Fraud Alliance, to mobilize the industry to tackle the problem. Still, there’s a ways to go. 3 ways to leverage data insights to prevent medical identity theft Protecting patient data calls for a data-based solution. Here are three ways to leverage consumer data and technology to protect your patients and keep their information safe: Resolve patient identities. Accurate patient data is the cornerstone of data management. If your records aren’t entirely reliable to begin with, keeping them safe and secure will be much harder. Put preventative measures in place to minimize the risk of duplicates and errors. Assigning a Universal Patient Identifier (UPI) will let you follow the entire patient journey, so you have a complete, accurate and secure picture of each patient. Protect patient identities. Patient portals allow people to access their health information from their personal devices. It’s convenient and can improve engagement and health outcomes. Unfortunately, they can also become vulnerable to breaches by data thieves. You have to make it easy for patients to use portals, but difficult for fraudsters to get their hands on that personal data. As patient portals gain popularity, you must have the right technology in place to validate and protect patient identities. Automating patient enrollment with a tool like Precise ID® can help authenticate patient identities from the start using identity-proofing, fraud management and device recognition. Enrich patient identities. With data insights, you can check that your patient is who they say they are the moment they arrive in reception. Using the broadest and most trustworthy datasets, identity verification solutions make constant checks, so you have a single, accurate and 360° view of each patient. Not only is this ‘golden record’ the cornerstone of patient care and experience, it’ll let your staff update patient data during intake without manual corrections. Medical records contain some of the most sensitive personal information, so it’s vital to safeguard it with the strongest security that exists. — Download this free eBook to learn how to evolve today\'s patient matching technologies or find out more about how to protect your patient data and prevent medical identity theft.
Medical identity theft is a growing problem for the healthcare industry: nearly 15.1 million patient records were compromised in 2018, an increase of nearly 270% on the previous year. While providers are busy rolling out patient portals and electronic medical records to better serve consumers, criminals are sneaking through the cracks to steal patient data and profit from vulnerable health systems. The rapid rise in medical identity theft is partly explained by the fact that it goes undetected for much longer than other types of identity theft, giving criminals more time to use stolen personal information for financial gain. It’s also a lot more lucrative. Medical identities can be used to access treatment and drugs, make fraudulent benefits claims and even create fake IDs to buy and sell medical equipment. This can be devastating for victims, both emotionally and financially. Unlike credit card theft, where victims aren’t considered financially liable, 65% of people who fall prey to medical identity fraudsters are left with hospital bills running into the tens of thousands. The compromised medical record is tough to reconcile, jeopardizing future medical treatment. For providers, a data breach can mean significant reputational damage and loss of trust, and huge financial consequences – each breach costs an average of $2.2 million. But what’s most alarming for providers is that more than half of data breaches originate within the organization. Unfortunately, many providers lack sufficient security protocols and detection tools to safeguard the data they’re holding. The good news is that the tools exist to help you protect your patient data. What can healthcare providers learn from other industries about identity protection? Banking and financial services have pioneered identity protection over the last twenty years, and healthcare can learn a lot by looking at what’s worked in those industries. For consumers, using digital technology to pay your bills, book flights and buy pretty much anything is the norm, all with reassuringly quick fraud detection and resolution. Healthcare has been a little slower to embrace digitization in this way. Despite the opportunities, fears around security, privacy and inconveniencing patients have stalled efforts to transform outmoded processes. Drawing on two decades of innovations in other fields, fast-paced technological developments mean many of the early challenges around implementing safe and secure patient portals have been overcome. 6 strategies to keep patient data safe Here are six smart ways to ensure your organization has done everything possible to safeguard patient data. Tell your patients how you’re keeping their data safe Patient trust is at the heart of a successful patient-provider relationship. Share the steps your organization is taking to secure patient information, so patients feel reassured and confident in using their portal. Data security should be a key strand in your patient engagement messaging. Verify patient identities to protect access to medical records To avoid HIPAA violations, it’s critical to ensure you’re giving access to the right patient. Secure log-in monitoring and device intelligence can help you confirm that the person trying to log in is who they say they are. When something doesn’t add up, identity proofing questions can be triggered to provide an extra check. In an exciting new development, the healthcare industry is also starting to see the use of biometrics to supplement existing identity-proofing solutions. Just as you might use facial recognition to unlock your smartphone, there are now ways to authenticate your healthcare consumers’ identity using the same technology. Automate patient portal enrollment You want your portal to be as secure as possible, but not at the expense of your patients’ time and effort. An automated enrollment process can eliminate the hassle of long, complicated set-ups and reduce errors at the same time. Arm your organization with a multi-layered security strategy There is no silver bullet for protecting patient information—it will require various tools. A robust data security strategy will be multi-layered, including device recognition, identity proofing and fraud management. Educate staff on security threats and warning signs Data breaches aren\'t all malicious – human error is a massive component, from mailing personal data to the wrong patients, to accidentally publishing data on public websites or leaving a laptop behind after getting off the subway. Training staff on the potential pitfalls will help them help you in protecting confidential patient information. Develop a robust device strategy ‘Bring Your Own Device’ arrangements (BYOD) are convenient for staff and patients, but personal devices need to be secured when accessing patient information across the network. Make sure your teams, patients and visitors are aware of how to log-on securely to WiFi and follow best practice to keep data safe. In a climate of ‘doing more with less’, healthcare leaders are turning to other industries to find ways to boost quality of care and streamline operational efficiency. Automation, digitization and consumer-centric approaches make good business sense across the board, but they’re sensible investments for your data security strategy too. Investing in secure patient identities is a way to prevent painful and unnecessary losses down the line – and it’s what patients have come to expect. — Find out what more you could do to shore up your data security and prevent medical identity theft.
“Build it and they will come” might work for 1980s movie characters, multinational coffee franchises and beloved sports teams, but it’s not a great engagement strategy for most consumer-facing organizations – especially in healthcare. Take patient portals, for example. Giving your patients a way to access their health records can help improve their health outcomes, increase compliance with care plans, and create a more positive healthcare experience overall. But do your customers know the portal exists? Do they know how it could serve them? Do they trust it? You’ve built it, but how many patients are actually logging on? In 2017, over half the US population had access to a patient portal. Around half of those people used it at least once in the previous year. Of those who didn’t, 59% said it was because they didn’t feel they needed to access an online medical record, and 25% were worried about privacy and security. This tells us two things: If healthcare providers want to increase the number of patients using their portal, they need to proactively communicate the benefits to those patients, and healthcare providers could do more to reassure patients they take portal security seriously. If patients discover that using the portal is better than not using it, and that they can do so securely, they will be more likely to log on. You can address both in your patient engagement and marketing strategies. Perhaps the better mantra is: “if you solve their problem and tell them about it, they will come”. Balancing portal security and patient convenience Your patient portal is more than just a platform for patients to access test results, sort out bills or schedule appointments. It’s a way to nurture the patient-provider relationship. And at its heart, that relationship is about trust. One way to build trust is to ensure your portal meets the strictest of security measures without creating an excessive admin burden for patients. You can do this with a security strategy that layers up several protective measures to help you tackle common areas of vulnerability, including weak ID verification, over-reliance on password-protection, and failure to encrypt sensitive data. A few practical ways to keep your patient portal secure include: using ID verification when someone signs up for the portal using device intelligence and identity proofing when a user signs in to the portal deploying extra security checks where the risk of identity fraud is higher putting systems in place to flag and respond to security breaches as fast as possible. A solution like PreciseID® can help you take care of your patients’ privacy and security behind the scenes. They’ll see just enough to reassure them that you’re taking their security seriously, without any protracted log-in process that puts them off using the portal altogether. Marketing your patient portal so more patients benefit from it Solving your patients’ concerns about security is just one route to boosting portal utilization. Another important way to ensure more patients use and benefit from the patient portal is to actively encourage them to access their online records regularly. Research suggests individuals who are encouraged to use their online medical record by their provider are almost twice as likely to access it, compared to those who weren’t actively encouraged. So how do you convince your patients of the benefits of regularly logging on? That it’s not just a convenient way to manage their medical journey, but could result in better health? The answer lies in consumer data – the lifestyle, demographic, psychographic and behavioral information that gives you a fuller understanding of what drives your patients. Experian Health’s ConsumerView data analytics can capture insights that let you reach out to your consumers with the right message, in the right way, at the right time. Do they live a busy lifestyle? Reassure them that the portal can save them time. Are there lifestyle factors that may hinder their adherence to medication? Encourage them to use the portal to make sure their prescriptions are up to date. If you discover your consumers are big social media users, you might target your portal engagement campaign through those channels. Equally, if a consumer doesn’t have any social media accounts, there would be no point investing in Facebook ads. Personalization makes your patients feel taken care of, leading to greater trust, loyalty and satisfaction. Increase patient portal engagement today In the wake of consumerism and IT transformation across many other industries, a tailored and digitally secure healthcare service is a must. “Consumers now expect to be provided with a turnkey, individual experience that is fast and seamless,” said Kristen Simmons, Experian Health’s senior vice president of strategy and innovation. Your patient portal must be seen to provide a valuable and secure service. While there’s a way to go to increase the number of patients making full use of portals, the tools exist to support healthcare providers’ engagement goals. Learn more about how your organization can leverage consumer insights to improve patient retention and engagement.
The roll-out of patient portals has been a slow burn. While consumer finance, retail and other markets have given customers secure electronic access to their personal information for decades, healthcare has been playing catch-up. But thanks to regulatory pushes, such as the Promoting Interoperability and Meaningful Use programs and the Affordable Care Act, digitized health records are now the norm. Over half of healthcare consumers in the US use patient portals to access their health information at the click of a button – just as they do with their bank accounts or grocery deliveries. Aside from the convenience factor, research suggests that when patients have access to their health records through patient portals, they experience better health outcomes, greater satisfaction levels, and improved communication with their provider. There’s a higher chance of spotting errors. Adherence to medications is increased, and care becomes more accessible for some otherwise hard-to-reach patients. For providers, this sense of ownership, transparency and connection contributes to elevated consumer loyalty and engagement. As consumers embrace online portals to view their medical records and lab results, renew prescriptions, schedule appointments, and in some cases pay bills, they expect and assume their provider will keep that data secure. Providers must balance convenience and security. Unfortunately, some patients remain unconvinced of their providers’ ability to get this balance right. Patients worry about portal privacy and security Despite the upsides, a quarter of patients with access to online portals in 2017 chose not to access them because of worries about privacy and security. They’re right to be cautious: medical identities are said to be worth 20-50 times more than financial identities. It\'s no wonder identity thieves are increasingly targeting the healthcare industry. In 2018, the US Department of Health and Human Services’ Office for Civil Rights (OCR) reported 351 data breaches of 500 or more healthcare records, resulting in the exposure of more than 13 million patient records. Hackers are always on the lookout for vulnerabilities to exploit, with patient medical records, log-in credentials, passwords and other authentication credentials among their top five targets. Without adequate IT security, your prized patient engagement tools – like patient portals – can become an open door for hackers. As a provider, your job is to make it easy for patients to access and manage their own data, but hard for fraudsters to get their hands on sensitive data. How to keep patient portals secure The good thing about being somewhat late to the party is that healthcare organizations can learn from other industries in how they have tackled online security challenges without creating too much of a burden for consumers. Think about how consumers authenticate their accounts for financial services or even social media profiles. Typically, there\'s an email to verify they are who they say they are, or a two-factor authentication process with a code sent to their cell phone. Most patient portals don\'t have these layers of security. At Experian Health, we recommend a multi-layered solution incorporating device recognition (especially important as more users access portals via cell phones and tablets), identity proofing and fraud management. Here are some examples: Sign-up screening When someone enrolls in the portal, use identity proofing to ensure they are who they say they are. It’s particularly important to ask out-of-wallet questions, such as their city of birth, first car model, or previous address to make sure they’re not an imposter. Log-in monitoring Device intelligence will help you confirm the patient is using a cell phone or tablet your system recognizes, to minimize the risk of someone else accessing their account. This technology will tell you if the device is associated with previous fraudulent activities or potentially impersonating multiple patients. If a device fails to meet the risk threshold, identity proofing questions can be used to verify the user’s right to access the account. Additional checks on risky requests Some patient portal activities, like downloading medical records and editing a patient’s profile, increase the risk. You’d want to add an extra layer of control here, such as additional out-of-wallet questions, to safeguard your patient’s data. Rapid response and damage containment Given the sensitivity and richness of medical data, an attack on the portal can be devastating for patients and costly for providers. In the event of an attack, providers can put in place early warning systems to flag up which patients have been compromised and trigger rapid response measures to shut down the attack and prevent the damage from spreading. Promote interoperability Physicians and care providers need to share information on patients in the course of providing good care. But how are they doing this? To keep that data secure and ensure it’s only seen by the right people, you can set up your systems to share data across different platforms in a safe and secure way. Underlying all of this is the need to reassure your patients that you can be trusted with their data. Victoria Dames, Senior Director of Product Management, Experian Health, explains: “Healthcare breaches are nothing new, and neither is hackers’ and identity thieves’ penchant for medical records. What is new, however, is the broad range of tools that organizations can now utilize to stop them from accessing that personal data. Give patients the peace of mind they deserve by taking advantage of up-to-date solutions that actually work in our ever-evolving tech climate.” Learn more about how protect patient portals and encourage more patients to enjoy the full benefits of their patient portal, knowing that their sensitive personal details are safe.
There’s no doubt that identity theft is a concern for any industry that handles sensitive customer information; health care is no exception. In 2017 alone, the U.S. Department of Health and Human Services reported 477 healthcare breaches. Together, they compromised nearly 5.6 million patient records. Without adequate IT security, everything that organizations use to improve patient engagement and the continuum of care – especially patient portals – becomes an open door for hackers. But how do we keep patient data secure without burdening patients? We asked Victoria Dames, Experian’s senior director of identity management, how the healthcare industry is evolving to solve for identity theft, as well as best practices all healthcare organizations can adopt to better meet this growing threat. In the world of healthcare, both patients and providers are understandably hyper-sensitive about the exchange and security of healthcare data. How is the industry arming itself to protect data? Are there any shifts you’ve witnessed in security practices over the past few years? Absolutely! The industry has quickly evolved into leveraging technology to share data between organizations and with their patients, but this does bring inherit risk. Criminals also took notice to this shift, and medical identity theft became one of the fastest growing types of identity theft with a roughly 22 percent annual growth. With this evolution, the industry has tightened up on data access, especially as it pertains to the patient. Over the last five years, we’ve seen the shift to enable technology to help identity-proof patients before granting them access to sensitive information. This used to be a manual process. What are some of the best practices healthcare organizations can adopt to limit instances of medical identity theft? First, organizations must understand where their access points are throughout their ecosystems. With 64 percent of patients citing a privacy issue as a key concern for accessing health information online, they should inform patients that they’re providing secure methods for access to their information. Additionally, healthcare organizations must evaluate how physicians access different types of data and portals. As healthcare caught up to electronic records and systems, portals for e-prescribing also arrived. Given the nature of this use case, providing a heightened NIST level of identity proofing is required. The key is to assess what level of identity proofing is needed at each entry point to keep balance on security and the end-user experience. When you look to the future of healthcare, what types of digital technologies and solutions do you see providers putting in place to prevent fraud and protect patient data? Technology moves quickly and so do we. Identity proofing has seen an acceleration in the use of biometrics at different points of entry throughout healthcare organizations, which strengthens our solution. We are starting to see the use of biometrics, similar to your phone face ID, used more broadly through healthcare in conjunction with existing identity-proofing solutions. Experian achieved the Kantara Initiative certification with adherence to the latest guidelines achieving NIST 800-63-3 IAL2 (National Institute of Standards and Technology Special Publication Digital Identity Guidelines 800-63-3 for Identity Assurance Level 2 (IAL2)). This reinforces our commitment to support clients in authenticating consumers, while balancing a positive experience. Learn more about Experian’s identity management solutions.
People increasingly expect immediate access to information at their fingertips. They want online access for everything from food delivery to healthcare. But as healthcare organizations enroll more patients through online access, how do they protect themselves from data breaches without impeding patient engagement? Data breaches are more prevalent and costlier than ever. Up 6.4 percent in 2018 compared to 2017, the global costs of data breaches reached $3.86 million last year. The healthcare industry has been particularly hard-hit. Over 90 percent of organizations have experienced a data breach since 2016, and more than 180 million records have been stolen since 2015. Just last year, a Missouri-based healthcare organization discovered that its patient portal was vulnerable for more than a month after hackers installed malware. In that time, almost 6,000 patients’ debit and credit card numbers could have been compromised. This incident alone demonstrates that improving cybersecurity in healthcare is vitally important. This is why one of New York\'s largest medical groups, AdvantageCare Physicians, made it a priority to strengthen the security of its Epic MyChart by adding a multilayer identity verification step at the time of patient enrollment and throughout every portal access request thereafter. Patient identity verification secures patient portals More than just satisfying the need for constant connectivity, patient portals are exceptionally helpful. They allow patients to access test results, view their medical record, schedule appointments online, and communicate with their providers from their mobile devices. Despite online platforms being a target for hackers, AdvantageCare Physicians executives know that patient portals help patients engage in their healthcare and empower them to take control of their health. So the organization turned to the same technology that is trusted by banks, retailers, and government agencies to protect this valuable tool. Identity-proofing technology can quickly authenticate patients when they access an online portal by evaluating the identity, device, and risk factors of a given user. This multilayered check happens in a second so patients aren’t left waiting on a load screen. Through continuous protection that ensures complete security without sacrificing ease of use, patients\' trust grows because they know their electronic medical records are safe. This patient trust can go a long way. A Software Advice study found that due to concerns about data breaches, 21 percent of patients keep information from their doctors. Securing its patient healthcare portal with Experian Health’s Precise ID helps AdvantageCare Physicians open up communication to provide better care. This, in addition to improving access to resources, supports the organization’s goals of improving health management and promoting wellness. These additional verification steps also protect AdvantageCare Physicians from compliance risks. For example, the Centers of Medicare and Medicaid Services’ Promoting Interoperability standards set out requirements for collecting and maintaining electronic medical information to ensure healthcare cybersecurity. Experian’s Precise ID complies with this and many other programs. Decreased need for IT support Given the many advantages of a fully protected patient portal, AdvantageCare Physicians\' final concern was the effect of increased self-service traffic. More users accessing the portal more regularly might create bottlenecks. But patient identity proofing actually increases the platform’s user bandwidth. For example, Precise ID streamlines the process for patients signing up. Traditionally, AdvantageCare Physicians\' IT department would have to validate each new patient identity on the back end, but Precise ID can quickly authenticate these users. This has reduced the need for IT support by 80 percent. IT also spends less time correcting records because letting patients create their own accounts increases accuracy while reducing the number of duplicates. Online self-service platforms for healthcare organizations like AdvantageCare Physicians enhance patient care. But just like any other online transaction, patients need to know that any information they provide through the portal is secure. Sufficient cybersecurity for its healthcare portal lets AdvantageCare Physicians focus on delivering the personalized resources patients need without the worry of a data breach. Learn more about how to reduce risks during patient enrollment.
Picture this: A movie trailer features a healthcare organization with a newly-minted portal through which patients access their private health information, make appointments and ask questions of their physician. The plot thickens as an unwelcomed guest looks for an identity to steal. With a few key strokes of a predictable password, the thief strikes gold, data is breached and the nightmare begins. From the patient standpoint, the Ponemon Institute® reports nearly 1.5 million Americans were affected by medical identity theft last year. And, those numbers are expected to rise as more hospitals add patient portals to comply with Meaningful Use Stage 2, which requires that more than 5% of all unique patients seen by the provider must be able to view, download, or transmit to a third party their health information. All this to say, organizations have the ability to proactively implement strategies to combat this concerning reality. To mitigate the risk of identity theft via a patient portal, healthcare organizations should consider a strategy to effectively control portal access beyond the basic user name and password. This type of heightened security via tools that combine state-of-the-art identity proofing, risk-based authentication and knowledge-based questions can help securely verify each patient’s identity. Such tools empower healthcare organizations to identify fraud more efficiently than traditional rules-based identity checks. Additionally, they provide the patient with a better online portal experience and greater peace of mind knowing that extra security measures are safeguarding their personal information. Don’t let a potential movie storyline dictate your reality. With industry experts predicting a 221 percent growth in the U.S. patient portal market by 2017, it’s time for healthcare organizations to partner with a trusted expert in fraud prevention to help them implement technologies that securely verify each patient’s identity. How secure is your patient portal?
