Over the last decade, there have been over 2,550 health care data breaches impacting more than 175 million medical records. That’s the equivalent of affecting more than 50 percent of the U.S. population.
What’s not commonly understood is that medical records command a high value on the dark web. These medical records can be listed for up to $1,000 each, 10 times more than the average credit card data breach record because there’s more personal information in health records than any other electronic database.
Given the scope of recent data breaches, including Quest Diagnostics and LabCorp, and the growth of the dark web and identity theft, cybercriminals are empowered to more easily impersonate legitimate patients. This is why all sectors of health care need to properly vet and verify their patients to ensure that they are who they claim to be.
Want to learn more now? Download Jumio’s Health Care Data Sheet.
The Emergence of KYP
Know Your Business (KYB) and the better known Know Your Customer (KYC) form a vital part of today’s financial regulatory environment to verify the identity of its clients to prevent banks from being used, intentionally or unintentionally, by criminal elements for money laundering activities. Given the degree to which medical institutions are being victimized by fraud (e.g., prescription and insurance fraud) and ensuring patients are of legal age for specific medications and procedures, perhaps now is the time for the health care industry to adopt Know Your Patient (KYP) processes.
There’s an increasing number of ways online identity verification solutions can be used to not only improve the quality and efficiency of patient service, but to ensure that hospitals, pharmacies and laboratories provide sensitive medical information, test results and prescriptions to the actual patient — not to an imposter.
The Many Use Cases for Online Identity Verification
Advances in digital identity proofing and biometric-based authentication technologies hold great promise that health care can be delivered in smarter, simpler and more cost-effective ways, and address these emerging and concerning use cases:
Use Case: Online Prescriptions
Pain Point: There’s growing regulations that require online pharmacies to verify the identities of patients seeking prescriptions. In the UK, for example, online pharmacies are required to perform age verification under new guidance published by the General Pharmaceutical Council.
Use Case: Age Verification
Pain Point: The Royal Pharmaceutical Society counsels that in the absence of any age restrictions on children picking up prescription medicines, it is up to the pharmacist to judge whether “the child is capable and competent to understand the importance of the medicines they are collecting” and that they are “confident the child will not misuse or tamper with the medicine.” The online pharmacy replaces the face-to-face encounter with a less stringent process that involves completing an electronic form which is then approved by the pharmacist.
Use Case: Automating Data Capture During Patient Intake
Pain Point: Verifying new patients is still a manual and time-consuming process. Streamlining the intake process boosts efficiency by drastically cutting down on potential for human error, further reducing time spent on rejected insurance claims. Patient information can now be captured from an insurance card or ID document (e.g., driver’s license or passport) and the patient’s identity verified in a matter of moments, saving time for all parties involved, particularly patients and employees.
Use Case: Insurance Fraud
Pain Point: When a patient’s identity and privacy are compromised, not only do they suffer financial fallout, but the industry has to deal with fraudulent claims and any related legal fees. A thief may use your name or health insurance ID to see a doctor, get prescription drugs, file claims with your insurance provider, or get other care. If the thief’s health information is mixed with yours, your treatment, insurance, payment records and credit history may be affected.
Use Case: Reputation Management
Pain Point: If patient data falls into the wrong hands, it can tarnish your organization’s reputation. Having the power to verify patient identity allows hospitals and other practices to confirm that any given record is accurate and up to date, and gives them the peace of mind to know that their patient data isn’t being used by malicious hackers or fraudsters. It’s critical to the health care industry’s success to have a standardized, streamlined flow of patient information — one that includes identity safeguards.
How KYP Works
Here’s how leading health care organizations can address the above challenges when developing a Know Your Patient program:
Step 1: Capture an online user’s (patient’s) government-issued ID (e.g., driver’s license, passport or ID card) via the user’s smartphone or computer’s webcam, followed by a live selfie (in which a 3D face map is created) to ensure the person behind the ID is the actual person creating the online account.
Step 2: Ensure that the ID document is authentic and unaltered and that the person (patient) pictured in the selfie matches the picture on the ID.
Step 3: Check the returned identity for minimum age requirements and potential fraudulent activity through fraud detection analytics to help minimize risk and loss.
Step 4: Depending on the results, hospitals, offices, clinics and pharmacies can now approve or deny the new online account and attempted purchases.
Ongoing: After an online account has been approved, medical offices and pharmacies can approve future online prescriptions and treatment requests by capturing a new 3D face map of the patient and using online identity verification technology to automatically compare it to the 3D face map captured at enrollment to authenticate the patient.
While Congress is considering changes to an existing bill on consumer data privacy and security to reflect challenges posed by attacks on the health care industry, the medical community needs to start adopting KYP processes. These steps are essential to safeguarding their business, protecting legitimate patients and preserving their well-deserved reputation.