Healthcare Authentication Problem

Authentication is the function of determining if you are, who you say you are.  Strict authentication is performed by many companies when setting up your private accounts, such as banks when they ask you for picture ID, a copy of a phone bill or a tax return.  The problem with the absence of authentication of Medicare and Medicaid patients in the United States is what has created a massive healthcare fraud amounting to $120 Billion in 2015, as stated by Attorney General Eric Holder.  A Medicare / Medicaid patient has issued a plain card with the patient’s name and identity printed on the card.  There is no authentication mechanism, no picture, no check of other IDs, no encryption or no biometric technology.  Anyone family member of the same sex can use another one’s card and obtain healthcare services.  This brings up another problem in that the defrauding patient’s encounter, diagnosis, medications and lab results wind up in the real patient’s medical record!  So the lack of proper patient authentication leads to the potential of massive fraud and placement of false information into the wrong medical record.

Healthcare Identity Problem

In many countries throughout the world, identity management is a significant problem that prevents the proper access to a patient’s medical information that may be scattered throughout numerous healthcare facilities, hospitals, clinics, labs, doctor’s offices, etc.  Now that medical records are digital and a patient will have a different identity (ID) or medical record number (MRN) at each of these touch points, having accurate access to each of these is a problem.  Think about how many healthcare facilities you have been to in your life, do you have access to all of your medical records?  So interoperability or the ability for each of these different software systems to talk and communicate that information is at a loss right now.

The status regarding identity theft has been a significant problem across all industries.  “The latest account from the Identity Theft Resource Center (ITRC) reports that there has been a total of 641 data breaches recorded through November 3, 2015, and that nearly 176 million records have been exposed.  The annual total includes 21.5 million records exposed in the attack on the U.S. Office of Personnel Management (OPM) in June and 78.8 million healthcare customer records exposed at Anthem in February.”(Source: 247 Wallist | By Paul Ausick November 5, 2015)

Identity theft in healthcare has been a very big problem.  In 2015, there were more than 150 million medical identities stolen from insurance companies and hospitals.  The hackers find greater rewards for stealing medical identities over credit card numbers.  A credit card can be canceled with a single phone call, whereas a medical identity usually encompassed private personal information including SSN which allows the criminals the opportunity to take out fake credit card accounts in your name.  A stolen medical identity can be so painful for the victim that it may cost up to $15,000 and 18 months to clear it up. Meanwhile, medical institutions do not want to change back erroneous information or billings that were done falsely in your name!  Your FICA score can take a big hit and you are left wondering which way to turn.  Needless-to-say, protecting your medical identity is one of the most important functions that anyone involved in delivering medical care must secure.

Most recently a significant data breach occurred exposing 143 million consumers in the United States, the Equifax breach. Attackers got their hands on names, Social Security numbers, birth dates, addresses, some driver’s license numbers, and about 209,000 credit card numbers. This massive breach occurred to one of the most respected credit reporting agencies, Equifax! Source: Wired Magazine.  Does this mean that Equifax had not encrypted their database information?  It is so significant that the US Government is thinking about re-issuing a new identity to replace the SSN system.