Despite the many probable benefits of integrated EHRs and the central government’s adoption of incentives, many patients and health care providers worry about privacy risks for more widespread health care access. A recent study by LexisNexis says that 39 percent of patients are concerned about the privacy and security of data shared in integrated EHRs.
It’s easy to understand why patients are worried about privacy and security of their health data. Truth be told — identity theft has evolved beyond stolen wallets. Today, enterprising fraudsters can steal patient credentials in several ways. For instance, they can download software onto your patients’ system and capture personal data such as usernames and passwords.
At the heart of the patient identity issue is the desire to ensure authentication confirming that those patients who access protected health data are without a doubt who they claim to be. The identity management industry calls this authentication. Ideally, any patient or person in the health care industry — including physicians, office staff, and nurses — who routinely access highly protected and regulated health care data are authenticated prior to being granted access. However, when patients are not identified correctly this can cause a ripple effect into safety, data integrity and ultimately health care costs. Duplicate medical record rates hover around 8%, and the average cost per duplicate medical record is ~$60 according to Augment Reality company, Right Patient.
Medical identity theft is also on the rise. An estimated 2.3 million Americans or close family members had their identities stolen during or before 2014.
Proper patient identity management strategy
This calls for a secure identity management system to be put in place as part of any an integration strategy. Such a strategy should enhance remote authentication where any patient or health care professional can access his/her sensitive data without worrying about integrity, confidentiality and authenticity problems. Any sound strategy calls for a two-phased model of identity verification and authentication.
The system should demand the following from the patient or health care professional:
- Who are you?
- How can you prove that you’re the one accessing the system?
In summary, any patient/health care professional who is enrolling for online access to EHR data, or using a mobile app to communicate with the health care team should be taken through an identity verification and authentication process. Such a verification and authentication process should correctly collect demographic data — usernames, passwords or biometrics — and validate the presented data in the integrated EHR system.
Initial access to your remote patients or health care providers is one thing, but facilitating patient repeat access to EHR data and management of usernames and password is a totally different ballgame. The rule of thumb in the management of usernames and password should go beyond just the simple username and password resets to patient’s ability to validate their identity in the system. Multi-factor authentication can be employed in such a strategy.
Forward-thinking health care firms have realized thoughtful and proven patient identity management strategies are a significant component of promoting widespread use and improved patient satisfaction in a secure environment. At Tellus, protecting PHI data is a critical priority when building out EHR and EMR strategies. We help navigate the complex waters of interoperability with a sustained long-term goal of improving patient satisfaction.