Over the last decade there have been over 2,550 healthcare data breaches impacting more than 175 million medical records. That’s the equivalent of affecting more than 50 percent of the U.S. population.
What’s not commonly understood is that medical records command an exceedingly high value on the dark web. These medical records can be listed for up to $1,000 each, or 10 times more than the average credit card data breach record. This is because there is far more personal information attached to health records than any other electronic database.
Given the scope of recent data breaches in this space, and the growth of the dark web and identity theft, cyber criminals are now more empowered than ever to easily impersonate legitimate patients. Therefore, it is critical that all sectors of the health space properly vet and verify their patients to ensure that they are who they claim to be.
The emergence of KYP
We’re all familiar with the term Know Your Customer (KYC), which has formed a vital part of today’s financial regulatory environment. It is the basis of verifying the identity of clients to prevent banks from being used, intentionally or unintentionally, by criminal elements for money laundering activities.
However, given the degree to which medical institutions are being victimized by fraud (e.g., prescription and insurance fraud) and the need to ensure patients are of legal age for specific medications and procedures, perhaps now is the time for the healthcare industry to adopt a similar standard to KYC—something we call Know Your Patient (KYP).
The growing need for online identity verification
There are a number of clear reasons for online identity verification. For example, with online prescriptions, there are growing regulations that require online pharmacies to verify the identities of patients seeking prescriptions. In the UK, online pharmacies are required to perform age verification under new guidance published by the General Pharmaceutical Council.
In addition to this scenario, automating data capture during patient intake is also crying out for KYP. Verifying new patients is still a manual and time-consuming process. Streamlining the intake process would boost efficiency by drastically cutting down on potential for human error and further reducing time spent on rejected insurance claims.
Health insurance fraud is yet another area for consideration. When a patient’s identity and privacy are compromised, not only do they suffer financial fallout, but the industry has to deal with fraudulent claims and any related legal fees. A thief may use your name or health insurance ID to see a doctor, get prescription drugs, file claims with your insurance provider or get other care. If the thief’s health information is mixed with yours, your treatment, insurance, payment records and credit history may be affected.
Underpinning all of these use cases is of course the reputation management element. If patient data falls into the wrong hands, it can tarnish that organization’s reputation instantly. Having the power to verify patient identities accurately allows hospitals and other practices to confirm that any given record is accurate and up to date, and gives them the peace of mind that their patient data isn’t being used by malicious hackers or fraudsters.
It’s therefore vital that healthcare organizations get the verification process right. Advances in digital identity proofing and biometric-based authentication technologies hold great promise that healthcare can be delivered in smarter, simpler and more cost-effective ways and address the emerging use cases just discussed.
KYP in practice
So how would a KYP process work? Users are first asked to capture an online user’s (patient’s) government-issued ID (e.g., driver’s license, passport or ID card) via the user’s smartphone or computer’s webcam, followed by a live selfie (in which a 3D face map is created) to ensure the person behind the ID is the actual person creating the online account.
Then, they would ensure that the ID document is authentic and unaltered and that the person (patient) pictured in the selfie matches the picture on the ID. They could then check the returned identity for minimum age requirements and potential fraudulent activity through fraud detection analytics to help minimize risk and loss. Depending on the results, hospitals, offices, clinics and pharmacies could then approve or deny the new online account and attempted purchases.
Ongoing, after an online account has been approved, medical offices and pharmacies could approve future online prescriptions and treatment requests by capturing a new 3D face map of the patient and using online identity verification technology to automatically compare it to the 3D face map captured at enrollment to authenticate the patient.
Now is the time for healthcare organizations to adopt a rigorous KYP process. These steps are essential to safeguarding their business, protecting legitimate patients and preserving their well-deserved reputation.
