There’s no doubt that identity theft is a concern for any industry that handles sensitive customer information; health care is no exception. In 2017 alone, the U.S. Department of Health and Human Services reported 477 healthcare breaches. Together, they compromised nearly 5.6 million patient records. Without adequate IT security, everything that organizations use to improve patient engagement and the continuum of care – especially patient portals – becomes an open door for hackers.
But how do we keep patient data secure without burdening patients? We asked Victoria Dames, Experian’s senior director of identity management, how the healthcare industry is evolving to solve for identity theft, as well as best practices all healthcare organizations can adopt to better meet this growing threat.
In the world of healthcare, both patients and providers are understandably hyper-sensitive about the exchange and security of healthcare data. How is the industry arming itself to protect data? Are there any shifts you’ve witnessed in security practices over the past few years?
Absolutely! The industry has quickly evolved into leveraging technology to share data between organizations and with their patients, but this does bring inherit risk. Criminals also took notice to this shift, and medical identity theft became one of the fastest growing types of identity theft with a roughly 22 percent annual growth. With this evolution, the industry has tightened up on data access, especially as it pertains to the patient. Over the last five years, we’ve seen the shift to enable technology to help identity-proof patients before granting them access to sensitive information. This used to be a manual process.
What are some of the best practices healthcare organizations can adopt to limit instances of medical identity theft?
First, organizations must understand where their access points are throughout their ecosystems. With 64 percent of patients citing a privacy issue as a key concern for accessing health information online, they should inform patients that they’re providing secure methods for access to their information.
Additionally, healthcare organizations must evaluate how physicians access different types of data and portals. As healthcare caught up to electronic records and systems, portals for e-prescribing also arrived. Given the nature of this use case, providing a heightened NIST level of identity proofing is required. The key is to assess what level of identity proofing is needed at each entry point to keep balance on security and the end-user experience.
When you look to the future of healthcare, what types of digital technologies and solutions do you see providers putting in place to prevent fraud and protect patient data?
Technology moves quickly and so do we. Identity proofing has seen an acceleration in the use of biometrics at different points of entry throughout healthcare organizations, which strengthens our solution.
We are starting to see the use of biometrics, similar to your phone face ID, used more broadly through healthcare in conjunction with existing identity-proofing solutions. Experian achieved the Kantara Initiative certification with adherence to the latest guidelines achieving NIST 800-63-3 IAL2 (National Institute of Standards and Technology Special Publication Digital Identity Guidelines 800-63-3 for Identity Assurance Level 2 (IAL2)). This reinforces our commitment to support clients in authenticating consumers, while balancing a positive experience.
Learn more about Experian’s identity management solutions.