Secure patient ID is key to curbing medical identity theft and protecting electronic record
By Zack Martin, Editor, AVISIAN Publications
The health care industry is in the process of switching from paper to electronic medical records. President Obama set aside more than $19 billion for health care providers to deploy the electronic records in order to streamline health information. But with the transition there are concerns about linking the correct electronic record to the correct patient.
Linking to the wrong record can lead to misdiagnosis and medical complications. According to the independent health care ratings organization HealthGrades, more than 195,000 deaths occur annually in the United States because of medical errors. Almost 60% of these deaths were attributable to a failure to correctly identify the patient, according to a Smart Card Alliance white paper.
“If a billing company makes a mistake on a charge it gets denied,” says Paul Contino, vice president at Mount Sinai Medical Center in New York, which has a smart card ID system. “When a doctor is looking at an integrated set of information and making a decision based on the clinical information the stakes are a lot higher. It’s not just about shuffling paperwork, it’s about health care and saving lives.”
Proper identification will become more important as Health Information Exchanges start emerging around the country. The idea behind these regional networks is to enable properly authorized physicians to find medical information about a patient without jumping through multiple steps, as they must now.
Electronic medical records are coming, but some fear they are coming too fast. Without standardized ways to identify patients there are concerns regarding the rate at which the systems are being deployed because of the identification and privacy challenges. “The pot of gold is that everyone gets an electronic medical record, but there’s a pitchfork sticking up because you need to make sure someone is properly identified,” says Contino.
But when it comes to figuring out how to identify patients there are more questions than answers. How do health care institutions properly identify patients? Who does the enrollment, vetting and issuance of the credential?
Combating medical identity theft
Connecting the right electronic medical record to the right patient may be the primary reason strong identification is needed in health care, but there is also the growing health care identity theft issue. Nearly 1.5 million Americans have been victims of medical identity theft with an estimated total cost of $28.6 billion–or approximately $20,000 per victim, according to a recent study by the Ponemon Institute, an independent research entity focused on privacy, data protection and information security policy.
“Many authorities consider medical identity theft one of the fastest growing crimes in America,” states a report from the Smart Card Alliance. “With the digital age of health care upon us, the risks are expected to increase as electronic medical records become more prevalent and the exchange of this data over expanding networks becomes more pervasive. Heightened concern over personal data security and privacy highlight the importance of having secure electronic medical identities.”
Patients whose medical identities are stolen face various, long-lasting effects. Fraudulent health care events can leave incorrect data in medical records. That data–like information about tests, diagnoses and procedures–can impact future health care and insurance coverage and costs.
Patients are often unaware of medical identity theft until a curious bill or a surprising line of questioning by a doctor exposes the issue. Then, the burden of proof is often with the patient and it can be difficult to get the patient’s legitimate medical records cleaned up. The consequences can also be life threatening and can lead to serious medical errors and fatalities.
The way to stop medical identity theft and identity confusion is to improve patient identification and provide enhanced data protection. Strong authentication and data encryption are methods that can achieve these goals, the Alliance report states.
“To address medical identity theft, solutions need to provide higher levels of assurance than today’s processes, whether the interactions are in person or remote. Identity management is a crucial foundation for health care, and solutions that incorporate smart card technology can be used to address the security and privacy challenges facing the industry. This foundation can be put in place without reinventing the wheel. The federal government has already established a set of best practices, standards and technology solutions for smart card-based identity management and authentication that can be adapted to and leveraged by the health care industry.”
Why electronic records?
Electronic medical records are supposed to streamline health care and make it more efficient, enabling all the various health IT systems to be seen in one place instead of having multiple pieces of paper floating around. The systems could also potentially lower costs by reducing duplicate laboratory tests and other unnecessary procedures.
There’s also one camp that says electronic medical records can be privacy enhancing. With paper-based systems many parties with unauthorized access can view records without leaving a trail. With an electronic system that view would be audited and role-based security could even prevent unauthorized views, says Dr. Robert Wah, chief medical officer and vice president of CSC’s North American Public Sector business unit.
“Some systems have tokens, ID cards or other devices and the system grants them access to information based on their role,” Wah says. For example, a registrant would only have access to appointment data whereas a physician would have access to medical information.
Health care institutions need to make sure that these security systems are put in place but a primary concern of those in the identification industry is how patients are identified. Duplicate and incomplete records can lead to misdiagnosis or incorrect treatment.
Contino says patient safety may be compromised in the rush to deploy electronic medical records because of the $19 billion from the federal government. He fears proper security and privacy controls may not be put in place. “You need to have security first,” he says, “and that only happens by having a person properly identified.”
Establishing guidance and standards
There are efforts underway to create standards that health care organization can use for security. The Cybersecurity Enhancement Act of 2010, passed by the U.S. House of Representatives, also mentioned health care. The bill states that a program should be set up that would support the development of standards around identity management, with a particular focus on health care.
The U.S. Department of Health and Human Services (HHS) has the Office of the National Coordinator for Health Information Technology leading these efforts. While no specific technologies or standards have been released, some high-level recommendations have been trickling out.
The National Health Information Network Working Group made some recommendations to the Health IT Policy Committee, one of which stated that existing federal standards, policies and practices for authentication and identity proofing should be used. HHS has also asked the National Institute of Standards and Technology (NIST) to look into protecting personal information in health care.
Such recommendations to make use of existing standards coupled with HHS’ request to have NIST investigate the issue has some suggesting smart cards, and more specifically the PIV-Interoperable (PIV-I) standard, may be the answer for health care ID.
“The government spent four years coming up with the standard [PIV-I], policies and operational systems and as a result you have something that works,” says Randy Vanderhoof, executive director of the Smart Card Alliance. “The foundation has been built and the health care industry should look at what’s already in place before creating something new.”
PIV-I credentials are starting to be issued to first responders, including some physicians, as part of he First Responder Authentication Credential program though FEMA. Because of this many in the smart card market feel that it’s a natural fit.
Federal agencies have issued millions of PIV credentials. Officials from Health and Human Services have been briefed on PIV and PIV-I and the information has been well received, Vanderhoof says.
Health IDs at the national level
Smart cards have been in use in Europe and other parts of the world for health care IDs for more than a decade. The French health ID, the SESAM-Vitale, has been a smart card since 1998. The country is currently issuing its second version of the card that is used by both the patient and the physician to access health records and confirm identity for service.
The SESAM-Vitale system links health care professionals with the health insurance administration. The first generation card was a family social security card that only contained information included on the paper social security card.
Version two of SESAM-Vitale is a smart card that offers up-to-date standards in terms of security and enables stronger identification of beneficiaries. The new card is designed to simplify administrative procedures, increase transaction security and speed reimbursements.
It also contains additional information, such as details of attending physicians, people to contact in case of emergency, authorizations for organ donation and insurance policy details. Furthermore, the Carte Vitale 2 includes a photograph of the insured individual.
The addition of the digital photograph is expected to help slash fraud. In total, 59 million cards are to be issued by the end of 2010.
Germany also had plans to issue smart cards as health IDs to its citizens, but the project is currently on hold. The plan was to issue 80 million smart cards that would be used for insurance verification and to store information emergency health care information and prescription data.
The program was put on hold because of privacy concerns. Smart cards are continuing to be issued in specific areas but will only contain basic patient data, insurance status and a photograph. A set of emergency health data will only be included if the patient has agrees to have it added to the card.
Health IDs at the local level
Though national health IDs are not the norm, regional or private implementations can be found around the world. In the U.S. the Mount Sinai Medical Center is rolling out version two of its smart card patient ID this summer, Contino says. The medical center is working with Trustbearer Labs and EXTENSIONS INC. on the current smart card system.
The new system is Web-based and doesn’t require any software installation on individual computers, Contino says. The EXTENSIONS system integrates with all of Mount Sinai’s other health care IT systems, such as radiology, lab and others, to give one view of the patient based around the smart card. The EXTENSION system will also update the card with any new information after an episode of care.
The EXTENSIONS appliance aggregates the information from the health care organization’s systems, massages the data and enables it to be delivered to end point devices, such as kiosks, PCs and even mobile readers, says Todd Plesko, CEO at EXTENSIONS Inc.
This is Mount Sinai’s second go around with a patient ID system, Contino says. He had worked with Siemens previously but the company discontinued its smart card health care business.
The medical center has more than 10,000 cards issued, a mix of old and new credentials, Contino says. Mount Sinai has ordered 100,000 new cards to begin large-scale issuance this summer. There is a chance the rollout could get delayed, however, because the institution is also in the midst of rolling out an electronic medical records system.
The systems are in place, Contino says. There are 50 different locations equipped with Web cams for pictures, smart card printers and software. “We’ll probably take a phased approach,” he says. “We have a lot of venues, clinics, ambulatory environments … we’ll find a place where the electronic medical record has already been deployed or won’t be deployed for awhile and start there.”
The purpose of the smart card is to make sure the health record is connected with the correct patient, Contino says. When a patient walks into the hospital or a clinic this can be difficult. “The typical process is asking 20 questions to make sure you have the right person and the right record,” he says.
The problem is registration can sometimes be a hurried process, and if the registrant can’t find the record easily they may just create a new one or worse link to an incorrect record, Contino says.
The smart card alleviates this problem. The patient’s picture is printed on the card along with their full name and a bar code that points to their medical record number. A contact chip, when inserted into a reader attached to a computer, brings up the medical record. “The chance of a new or duplicate record being created is virtually eliminated,” Contino says.
The card stores a limited electronic medical record, Contino adds. The card has a 64K capacity, equivalent to 24-pages of text he explains, but Mount Sinai is only storing a snapshot of emergency medical data on the card.
While smart cards seem like a good solution for health care ID there are some concerns about who issues the card. Mount Sinai, the health care provider, decided to roll out a system because it had a specific concern regarding the identification of patients, but other providers may not feel the same way or want to spend the money to deploy credentials, says Neville Pattinson, vice president of government affairs and business development at Gemalto North America.
An individual may not be loyal to one medical provider, seeing a general practitioner from one group and an orthopedic provider from another group, Pattinson explains, suggesting that it makes more sense for the health care insurer to take this on. “Insurers are already issuing cards and already have a way to do this where it can be trusted,” he says.
Pattinson says the card would most likely be protected with a PIN. “I don’t think it would be a biometric,” he says. “A PIN is much more achievable than enrolling biometrics.”
Biometrics as an identifier
Biometrics, however, is catching on in certain health care areas. Palm vein scanners are being used in patient identification solutions with both the health care organization deploying them and the patients using them enjoying the application, says Jim Hewitt, CIO at the Springfield Clinic in Illinois.
During a pilot and initial rollout at Springfield, the technology performed very well, handling 20,000 encounters with no support issues, explains Hewitt.
The group’s 22 clinics will be rolling out 50 palm vein-enabled automated check-in kiosks in the spring and early summer, Hewitt says. The first time a patient walks in before enrolling in the system they go to the reception desk and the system is explained to them. At that point a picture is taken of the patient as well as the palm vein scan. After enrolling the patient can then check in for appointments using the kiosks.
By placing their hand over the scanner the patient’s health summary, maintenance plan and picture are pulled up on the screen in less than a second. Next the patient selects the appointment they are there for and check in is complete. “The average check in time was five minutes and now it’s just 90 seconds,” Hewitt says.
The clinic is also able to capture payment information upon check in, the patient just swipes a credit or debit card after checking in and the copay is paid. “We get direct payment into out accounts and don’t have to worry about bounced checks,” Hewitt says.
The Springfield Clinic had been surveying patients to find out what they like and don’t like about the clinics. Coming in low on those surveys was the check-in process where patients were required to fill out the same forms multiple times, make repeated trips to the desk and endure long wait times. By deploying the kiosks the clinic was able to standardize check in for all patients.
The response from patients has been positive. “I’m surprised at how willing people were to use the biometric,” Hewitt says. “There’s wonderment of putting a hand down and having access to all that information. That’s what’s neat for the patient.”
Electronic medical records are supposed to enhance patient privacy and enable them to receive better care. They also offer a number of new efficiencies for patients and physicians. Making sure these records are properly secured is a key step in order to make sure that the migration to electronic records actually delivers on the promise.
Whether smart cards, biometrics or other identification technologies are ultimately employed, it will be crucial that a system of strong authentication be put in place to help solve this health care identity crisis.
Why electronic medical records and health information networks?
Interoperable health IT can improve individual patient care in numerous ways,
- Complete, accurate, and searchable health information, available at the point of diagnosis and care, allowing for more informed decision making to enhance the quality and reliability of health care delivery.
- More efficient and convenient delivery of care, without having to wait for the exchange of records or paperwork and without requiring unnecessary or repetitive tests or procedures.
- Earlier diagnosis and characterization of disease, with the potential to thereby improve outcomes and reduce costs.
- Reductions in adverse events through an improved understanding of each patient’s particular medical history, potential for drug-drug interactions, or (eventually) enhanced understanding of a patient’s metabolism or even genetic profile and likelihood of a positive or potentially harmful response to a course of treatment.
- Increased efficiencies related to administrative tasks, allowing for more interaction with and transfer of information to patients, caregivers, and clinical care coordinators, and monitoring of patient care.
How health information exchanges fit in
Identifying patients when they show up to their doctor’s office is a challenge, but regional health information exchanges may ease this and other processes. The plan is to connect hospitals, group practices and clinics into regional data sharing bodies to create efficiencies.
But it’s at this point where the identification problem is amplified. A hospital may have 15 or 20 Joe Smith’s but when you expand that to a city, county or even a state that number can be hundreds or even thousands. Making sure the individual is properly identified is crucial. Also important is making sure that only authorized individuals have access to the patient information.
Privacy advocates are concerned that making individual’s health information available in a network will be a problem, says Paul Contino, CIO at Mount Sinai Medical Center in New York. But in order for physicians to work together quickly and efficiently there needs to be some sort of connection. “I’m all for security and privacy but I want it to work for me and I want to be able to exchange information with my doctors,” Contino says.
There can also be a perspective switch depending on the patient’s health. “You ask a healthy person about sharing information and they’re up in arms but then you ask a sick person if they want the information linked and they’ll say yes,” Contino says.
The Health and Human Services Official of the National Coordinator has come out with some specifications for health information networks. Encryption should be required for personal health information and there should not be a single national infrastructure for health ID.
“We want to form data islands,” says Dr. Robert Wah, chief medical officer and vice president of CSC’s North American Public Sector business unit. “And we want to make sure we can connect the data islands so we can make better decisions about health care.”
But putting these linkages in place is the problem. “If you have a bunch of encrypted silos it doesn’t help,” Contino says. “I’m a New Yorker and I break my leg in California … how is that doctor going to be able to get my information?”
Wah says that some “rules of the road” must be put in place. “We need some basic agreement on identifying information,” he says.
If basic identification rules can’t be created there will be problems, Contino says. “Institutions like Mount Sinai have a hard enough time identifying patients,” he explains, “imagine doing that with 20 more hospitals.”
Physician identification is another important aspect of health information exchanges. HealtheLink, a health information exchange for eight counties in western N.Y., recently implemented a two-factor authentication system from Anakam.
HealtheLink mandated that physicians use two-factor security to access the network, says Dan Porreca, executive director at HealtheLink. Physicians go to a Web portal and login with a user name and password. Based on that they will receive either an email or text message on a mobile device with a second pass code for access to the network.
Dr. William Braithwaite, chief medical officer at Anakam, says this solution works and is inexpensive. “You don’t have to deploy and manage any hardware devices,” he says. “We’re not handing out key fobs with numbers on them, and we’re not downloading software. What that allows you to do is it takes away the cost of buying and managing all those extra hardware devices or software downloads, and it allows you as a user to log in from any device with access to the Internet.”