Tag: patient identity theft

QR codes made an unexpected comeback during the pandemic. They offered a contactless gateway for individuals to check in to venues, log COVID-19 test results, help trace the virus spread and more. Restaurants and retailers embraced the technology as a way to welcome back consumers with touch-free access to online menus and digital payments. Previously seen as gimmicky and hindered by dependence on specific apps, these scannable squares can now be read using most smartphone cameras. With new use cases emerging during the pandemic, “quick response” codes are suddenly relevant again. However, the growing popularity of QR code technology opened the door to new cybersecurity risks, so providers must remain proactive with protecting patient identities. A 2020 survey found that almost half of consumers said they’d noticed an increase in QR codes since the first shelter-in-place orders. Online payment provider PayPal reported that a new merchant was added to its QR code payment option every 28 seconds in the first quarter of 2021.  Cybercriminals are capitalizing on consumer trust in QR codes to harvest personal data or install malware on devices. This leaves healthcare organizations and their patients vulnerable to fraud, especially given the increased adoption of digital healthcare technology during the pandemic. Providers must remain vigilant with protecting patient identities from QR code cybersecurity risks. How do QR codes threaten patient identities? QR codes hold far more data than traditional barcodes. They can be easily generated and fixed to any surface, ready for users to scan with their smartphones. They are primarily used to store URLs, which take the user directly to a website. But while savvy consumers are aware of the risks associated with clicking on a suspicious link in an email, QR codes are intrinsically trusted. It’s much harder to tell if a QR code is legitimate or not. Scanning a QR code is essentially the same as clicking on an unknown link. A study by MobileIron found that while 67% of consumers say they can identify a suspicious URL, less than 30% can identify a malicious QR code. Mike Bruemmer, VP of Experian Data Breach Resolution and Consumer Protection, says that "QR codes are the new stealth threat vector. Regardless of their application, no one can tell a fake code that launches malware on your device from a legitimate one." There are two main risks for patients. Firstly, they may click on a QR code that takes them to a web page that appears legitimate, prompting them to share personal data or log-in details. This information is then harvested by cybercriminals. This form of QR code phishing, known as “quishing,” puts the user at risk for spam, adware and identity theft. Secondly, the user may scan a QR code that takes them to a malicious site that installs malware on their device, which will then steal and package the user’s personal and financial data. The QR code can even be used to generate actions that appear to come from the user, such as making payments, sending emails, sharing locations or following social media accounts. In January 2022, the FBI issued a warning about cybercriminals using QR codes to redirect victims to malicious sites that steal login and financial information. Users are urged to practice caution when entering personal information after scanning a QR code. How can healthcare organizations help with protecting patient identities against QR code cybersecurity threats? For healthcare organizations, the concern is that if patients fall victim to a QR code scam, bad actors can steal personal identification data to access patient portals and other digital services. This information can be used to access medical services without paying, obtain medications illegally, or submit false health insurance claims, creating ongoing financial and administrative stress for patients. Or, if cybercriminals use captured information to log on as staff members there’s an added risk of further data breaches from inside the provider’s network. Healthcare organizations have a few options to help patients protect themselves from QR code scams: Targeted awareness-raising campaigns are a simple way to encourage patients to make sure their devices are updated with the latest security patches. Patients can be warned to watch out for suspicious activity, such as when a QR code redirects to a page that asks for personal details. They might also choose to ask for a direct URL, instead of using the QR code. Securing access to patient portals and verifying patient identities are practical measures to ensure that the person accessing the account is who they say they are. Another best practice in patient portal security is to take a multi-layered approach. This includes two-factor authentication, device recognition and additional checks on risky requests. By securing patient portals, providers can be proactive at protecting patient identities and reduce the risk of fraud during enrollment. Integrating patient identity management tools can also help verify the patient’s identity from the very first registration touchpoint all the way through their healthcare journey. Automated identity checks and algorithmic matching based on Experian Health’s unrivaled reference data can help ensure that the patient’s record is accurate and complete. Offering alternative secure methods for contactless patient payments and patient access are other options to make the patient experience more secure. For example, providing patients with their own mobile payment option means they can pay bills securely and access payment plans right from their phone. Experian Health also offers various safe and secure registration and scheduling solutions that will give patients a seamless patient access experience and help protect them from identity theft. Victoria Dames, VP of Product Management at Experian Health, says that patients have come to expect a smooth and secure digital experience: "Providers are focused on patient data security in adherence to multiple health policies, like HIPAA, but also to maintain confidence with patients. They [patients] are embracing digital solutions and expecting appropriate security measures are in place." Find out more about how Experian Health can help healthcare providers with protecting patient identities and close the door to QR code scammers. Experian Health can also help prevent other identity theft and fraud, verify that patients are who they say are, and provide safe, secure and convenient ways for patients to get the care they need.

Healthcare data breaches are nothing new, but their size and frequency are increasing: CVS Health lost over a billion search records when a third party accidentally made an online database publicly accessible in March 2021. A ransomware data breach at prescription management vendor CaptureRx affected over a million patients at 17 healthcare providers in February 2021. More than 3.47 million individuals and at least 10 healthcare organizations were affected by a massive data breach at file transfer company Accellion, which spanned multiple global industries in December 2020.   Further illustrating the risks to healthcare organizations, Scripps Health in San Diego was hit with two class-action lawsuits that assert that the organization should have done more to protect patient data. If upheld, it will set a precedent for healthcare organizations to be held legally responsible for failing to protect data – to the tune of $1000 per patient. The direct monetary cost of fines and lawsuits, however, may ultimately be a secondary concern as damaged reputation is often a more difficult setback to overcome. Patients increasingly approach healthcare as “consumers” and a breach – or a poorly managed breach situation – might prompt them to look elsewhere for care. “Incidents happen every day. However, the real threat lies in how quickly and efficiently an organization can respond. This is what customers will remember. You need to be able to make prompt updates to your website, scale up call center capacity, and have answers ready when consumers need them.” The growing frequency and scale of health information breaches means it’s no longer sufficient to say, “we’re careful with our health data – this won’t happen to us.” Medical identities are extremely valuable, which makes them an attractive target to cybercriminals. In addition, the sudden increase in virtual care and remote working during the pandemic has created new vulnerabilities in data security.   A recent FBI alert that a major ransomware group is targeting the healthcare sector with phishing attacks is a cl reminder that healthcare organizations can’t relax when it comes to cybersecurity. It’s a case of “when, not if” a healthcare organization will have to deal with a breach. Prevention is the goal, but preparation is the smart strategy.   Shifting from data breach prevention to preparedness   During the pandemic, the volume of data being shared within and between healthcare organizations sky-rocketed, as providers offered more virtual care services and workforces became more distributed. While these innovations meant access to healthcare and work could continue safely, the shift to cloud-based data sharing and storage, means the data perimeter is much broader and tougher to secure – if there remains a perimeter at all. Data must be secured at the device- and employee-level now.   While prevention is better than cure, the hard truth for healthcare cybersecurity teams is that they’re increasingly likely to have to deal with a breach. Unfortunately, many organizations don’t have the technology, resources, or time to prevent breaches all the time, at every access point.   Chris Wild, vice president at Experian Health, says:   “We’re seeing an increased frequency of cyber threats across the whole industry. Hardly a week goes by that we don’t hear of a health system under attack from hackers or ransomware. The statistics show us there’s a health data breach nearly every single day, so it’s just a matter of time before it impacts any one provider, pharmacy, payer or physician group.”   Instead of focusing solely on prevention, healthcare organizations need a strategy to prepare for what happens when a breach occurs. If they don’t, they risk a long, public struggle to contain the breach, resulting in brand damage, patient loss, and financial consequences in the form of fines and lost revenue.   Building a data breach response plan   Recovering from a data breach requires a speedy and thorough response. With a plan in place, action can be taken as soon as the dreaded call comes in. Knowing exactly what needs to be done to meet HIPAA notification requirements, helps reassure consumers and regulators alike that every effort is being made to contain the breach. Not only will this help minimize fines, but it will also mitigate against the reputational damage caused by the security breach.   A breach is bad enough but compounding the negative impact of exposed data by failing to provide sufficient support to worried consumers is even worse. Wild says: “Incidents happen every day. However, the real threat lies in how quickly and efficiently an organization can respond. This is what customers will remember. You need to be able to make prompt updates to your website, scale up call center capacity, and have answers ready when consumers need them.”   A robust response plan calls for C-suite engagement, clear success metrics, and regular pressure-testing. Above all, it must be flexible to adapt to whatever size and type of breach occurs.   The best support for the worst-case scenario A data breach response plan isn’t going to prevent the breach itself, but it can help a healthcare organization take the right steps in the aftermath. Having serviced thousands of data breaches over the last 17 years, Experian Health’s Reserved Response™ program is based on real world experience and has evolved as the threats and consequences have increased. In a recent survey, clients using Reserved Response reported 15% fewer data security incidents than those who did not. Furthermore, any incidents that did occur tended to be smaller in scale.   Because the risk and impact of data breaches is trending upwards, this year Experian Health has introduced a new Reserved Response Hub. This digital, self-service tool helps to prepare and test a data breach plan, including: the new and improved 2021 Data Breach Response Guide downloadable readiness reading materials tried and tested notification templates a pre-breach incident checklist access to Experian’s full Reserved Response service, which provides support before or after a breach to ensure regulatory compliance and support for those impacted.   Reserved Response can help healthcare organizations put together a data breach preparedness plan in as little as three days.  

  When a doctor pulls up a patient’s record, it should be a safe assumption that the information on the screen relates to the patient sitting in front of them. It should contain every detail of the patient’s medical history, along with their current address and accurate personal information. It certainly shouldn’t contain anyone else’s data! Yet all too often, patient records are plagued with inaccuracies. Around 30% of patient data in electronic health records is incomplete or inaccurate, and up to half of records are not linked to the correct patient. The ONC estimates that around a fifth of patients may not be matched to their entire medical record within an organization, while more than a half of records shared between organizations contain errors. Despite all of modern medicine’s ground-breaking achievements and our increasingly digitized world, the ability to share information between different payers and providers in a reliable and secure way remains frustratingly out of reach. Could a universal patient identifier unlock interoperability? Imagine a healthcare ecosystem where administrators and clinicians can safely exchange information without worrying about whether it’s inaccurate, incomplete, or incompatible with each other’s systems. Interoperability could make life easier for healthcare staff and patients alike. While regulations such as the Affordable Care Act introduced many carrots and sticks to drive up adoption of electronic medical records to support interoperability, they also revealed a critical gap in healthcare: the need for a universal patient identifier (UPI). This is an identifier that would help manage patient identification across the whole healthcare ecosystem. A UPI would allow providers and payers to follow patients throughout all their major medical and life events and be sure that the information they hold for their member or patient is 100% accurate, current and complete. Instead, the absence of a UPI, compounded by the sheer volume and fluidity of patient data, has created significant issues downstream. Billing errors, unnecessary treatment and testing, HIPAA breaches, prescriptions filled for the wrong patients and many other issues all play a role in the growing number of preventable medical errors (estimated to be the third leading cause of death in the US). Striving for truly interoperable patient information should be a priority across the entire healthcare industry. Still, while federal funding for a UPI is currently being considered by Congress, we’re seeing more and more industry-led responses to help improve patient identity management. 5 benefits of using a universal patient identifier for interoperability Improve patient safety How can physicians be sure they’re recommending the right treatment for a patient, when there could be a vital piece of information missing from their medical history or allergy list? How can a pharmacist feel confident handing over a prescription, when there’s a chance the patient in front of them isn’t the same patient named on the script? A UPI can help avoid ‘wrong patient’ events and allow providers to share information to spot trends in recurring errors so that action can be taken to prevent them in future. Lower healthcare costs The West Health Institute found that that medical device interoperability could save the U.S. healthcare system more than $30 billion per year. For individual providers, UPIs could improve productivity by reducing the amount of time clinicians and hospital staff spend trying to sort out inaccurate records. And with nearly a third of claims denied as a result of patient misidentification, this could mean savings in the region of $17.4 million for the average hospital. A better patient experience Patients are right to be frustrated when their physician doesn’t have up-to-date records about them, or their provider sends appointment reminders to an old address. Expecting patients to fill out multiple forms (often multiple times) is inefficient and hardly contributes to a positive patient experience. A tool such as Universal Identity Manager can help providers exchange timely data, eliminate duplicate records and coordinate care, so the patient is supported throughout their healthcare journey. Stronger privacy Electronic records linked with a UPI allow healthcare organizations to phase out manual processes—which is not only more efficient, but also helps minimize the risk of patient data falling into the wrong hands. It’s much easier to keep the data secure when it’s contained in a single record, compared to multiple versions of a record filled with scribbled notes and random updates that could easily end up attached to the wrong record. Experian Health’s Precise ID gives healthcare organizations a HIPAA-compliant way to authenticate patients and reduce the risk of a data breach during enrollment. Better data to tackle the social determinants of health As consumer data opens up new opportunities to improve population health, a network of shared data will be essential for identifying trends in the social and economic factors that affect medical outcomes. Interoperable data sets and technologies can enhance the way public health data is collected and used, for better patient outcomes and population health. Interoperability currently remains a challenge, but the tools exist to improve the way information is shared and used across the healthcare ecosystem. By integrating clinical data into the patient access workflow, you can increase productivity, reduce costs, and ultimately improve the patient experience. Contact our team to find out how this could help your organization achieve more efficient, accurate and actionable data sharing.  

  Medical identity theft is a growing problem for the healthcare industry: nearly 15.1 million patient records were compromised in 2018, an increase of nearly 270% on the previous year. While providers are busy rolling out patient portals and electronic medical records to better serve consumers, criminals are sneaking through the cracks to steal patient data and profit from vulnerable health systems. The rapid rise in medical identity theft is partly explained by the fact that it goes undetected for much longer than other types of identity theft, giving criminals more time to use stolen personal information for financial gain. It’s also a lot more lucrative. Medical identities can be used to access treatment and drugs, make fraudulent benefits claims and even create fake IDs to buy and sell medical equipment. This can be devastating for victims, both emotionally and financially. Unlike credit card theft, where victims aren’t considered financially liable, 65% of people who fall prey to medical identity fraudsters are left with hospital bills running into the tens of thousands. The compromised medical record is tough to reconcile, jeopardizing future medical treatment. For providers, a data breach can mean significant reputational damage and loss of trust, and huge financial consequences – each breach costs an average of $2.2 million. But what’s most alarming for providers is that more than half of data breaches originate within the organization. Unfortunately, many providers lack sufficient security protocols and detection tools to safeguard the data they’re holding. The good news is that the tools exist to help you protect your patient data. What can healthcare providers learn from other industries about identity protection? Banking and financial services have pioneered identity protection over the last twenty years, and healthcare can learn a lot by looking at what’s worked in those industries. For consumers, using digital technology to pay your bills, book flights and buy pretty much anything is the norm, all with reassuringly quick fraud detection and resolution. Healthcare has been a little slower to embrace digitization in this way. Despite the opportunities, fears around security, privacy and inconveniencing patients have stalled efforts to transform outmoded processes. Drawing on two decades of innovations in other fields, fast-paced technological developments mean many of the early challenges around implementing safe and secure patient portals have been overcome. 6 strategies to keep patient data safe Here are six smart ways to ensure your organization has done everything possible to safeguard patient data.     Tell your patients how you’re keeping their data safe Patient trust is at the heart of a successful patient-provider relationship. Share the steps your organization is taking to secure patient information, so patients feel reassured and confident in using their portal. Data security should be a key strand in your patient engagement messaging.     Verify patient identities to protect access to medical records To avoid HIPAA violations, it’s critical to ensure you’re giving access to the right patient. Secure log-in monitoring and device intelligence can help you confirm that the person trying to log in is who they say they are. When something doesn’t add up, identity proofing questions can be triggered to provide an extra check. In an exciting new development, the healthcare industry is also starting to see the use of biometrics to supplement existing identity-proofing solutions. Just as you might use facial recognition to unlock your smartphone, there are now ways to authenticate your healthcare consumers’ identity using the same technology.     Automate patient portal enrollment You want your portal to be as secure as possible, but not at the expense of your patients’ time and effort. An automated enrollment process can eliminate the hassle of long, complicated set-ups and reduce errors at the same time.       Arm your organization with a multi-layered security strategy There is no silver bullet for protecting patient information—it will require various tools. A robust data security strategy will be multi-layered, including device recognition, identity proofing and fraud management.     Educate staff on security threats and warning signs Data breaches aren't all malicious – human error is a massive component, from mailing personal data to the wrong patients, to accidentally publishing data on public websites or leaving a laptop behind after getting off the subway. Training staff on the potential pitfalls will help them help you in protecting confidential patient information.     Develop a robust device strategy ‘Bring Your Own Device’ arrangements (BYOD) are convenient for staff and patients, but personal devices need to be secured when accessing patient information across the network. Make sure your teams, patients and visitors are aware of how to log-on securely to WiFi and follow best practice to keep data safe. In a climate of ‘doing more with less’, healthcare leaders are turning to other industries to find ways to boost quality of care and streamline operational efficiency. Automation, digitization and consumer-centric approaches make good business sense across the board, but they’re sensible investments for your data security strategy too. Investing in secure patient identities is a way to prevent painful and unnecessary losses down the line – and it’s what patients have come to expect. ⁠— Find out what more you could do to shore up your data security and prevent medical identity theft.

“Build it and they will come” might work for 1980s movie characters, multinational coffee franchises and beloved sports teams, but it’s not a great engagement strategy for most consumer-facing organizations – especially in healthcare. Take patient portals, for example. Giving your patients a way to access their health records can help improve their health outcomes, increase compliance with care plans, and create a more positive healthcare experience overall. But do your customers know the portal exists? Do they know how it could serve them? Do they trust it? You’ve built it, but how many patients are actually logging on? In 2017, over half the US population had access to a patient portal. Around half of those people used it at least once in the previous year. Of those who didn’t, 59% said it was because they didn’t feel they needed to access an online medical record, and 25% were worried about privacy and security. This tells us two things: If healthcare providers want to increase the number of patients using their portal, they need to proactively communicate the benefits to those patients, and healthcare providers could do more to reassure patients they take portal security seriously. If patients discover that using the portal is better than not using it, and that they can do so securely, they will be more likely to log on. You can address both in your patient engagement and marketing strategies. Perhaps the better mantra is: “if you solve their problem and tell them about it, they will come”. Balancing portal security and patient convenience Your patient portal is more than just a platform for patients to access test results, sort out bills or schedule appointments. It’s a way to nurture the patient-provider relationship. And at its heart, that relationship is about trust. One way to build trust is to ensure your portal meets the strictest of security measures without creating an excessive admin burden for patients. You can do this with a security strategy that layers up several protective measures to help you tackle common areas of vulnerability, including weak ID verification, over-reliance on password-protection, and failure to encrypt sensitive data. A few practical ways to keep your patient portal secure include: using ID verification when someone signs up for the portal using device intelligence and identity proofing when a user signs in to the portal deploying extra security checks where the risk of identity fraud is higher putting systems in place to flag and respond to security breaches as fast as possible. A solution like PreciseID® can help you take care of your patients’ privacy and security behind the scenes. They’ll see just enough to reassure them that you’re taking their security seriously, without any protracted log-in process that puts them off using the portal altogether. Marketing your patient portal so more patients benefit from it Solving your patients’ concerns about security is just one route to boosting portal utilization. Another important way to ensure more patients use and benefit from the patient portal is to actively encourage them to access their online records regularly. Research suggests individuals who are encouraged to use their online medical record by their provider are almost twice as likely to access it, compared to those who weren’t actively encouraged. So how do you convince your patients of the benefits of regularly logging on? That it’s not just a convenient way to manage their medical journey, but could result in better health? The answer lies in consumer data – the lifestyle, demographic, psychographic and behavioral information that gives you a fuller understanding of what drives your patients. Experian Health’s ConsumerView data analytics can capture insights that let you reach out to your consumers with the right message, in the right way, at the right time.  Do they live a busy lifestyle? Reassure them that the portal can save them time. Are there lifestyle factors that may hinder their adherence to medication? Encourage them to use the portal to make sure their prescriptions are up to date. If you discover your consumers are big social media users, you might target your portal engagement campaign through those channels. Equally, if a consumer doesn’t have any social media accounts, there would be no point investing in Facebook ads. Personalization makes your patients feel taken care of, leading to greater trust, loyalty and satisfaction. Increase patient portal engagement today In the wake of consumerism and IT transformation across many other industries, a tailored and digitally secure healthcare service is a must.  “Consumers now expect to be provided with a turnkey, individual experience that is fast and seamless,”  said Kristen Simmons, Experian Health’s senior vice president of strategy and innovation. Your patient portal must be seen to provide a valuable and secure service. While there’s a way to go to increase the number of patients making full use of portals, the tools exist to support healthcare providers’ engagement goals. Learn more about how your organization can leverage consumer insights to improve patient retention and engagement. 

  The roll-out of patient portals has been a slow burn. While consumer finance, retail and other markets have given customers secure electronic access to their personal information for decades, healthcare has been playing catch-up. But thanks to regulatory pushes, such as the Promoting Interoperability and Meaningful Use programs and the Affordable Care Act, digitized health records are now the norm. Over half of healthcare consumers in the US use patient portals to access their health information at the click of a button – just as they do with their bank accounts or grocery deliveries. Aside from the convenience factor, research suggests that when patients have access to their health records through patient portals, they experience better health outcomes, greater satisfaction levels, and improved communication with their provider. There’s a higher chance of spotting errors. Adherence to medications is increased, and care becomes more accessible for some otherwise hard-to-reach patients. For providers, this sense of ownership, transparency and connection contributes to elevated consumer loyalty and engagement. As consumers embrace online portals to view their medical records and lab results, renew prescriptions, schedule appointments, and in some cases pay bills, they expect and assume their provider will keep that data secure. Providers must balance convenience and security. Unfortunately, some patients remain unconvinced of their providers’ ability to get this balance right. Patients worry about portal privacy and security Despite the upsides, a quarter of patients with access to online portals in 2017 chose not to access them because of worries about privacy and security. They’re right to be cautious: medical identities are said to be worth 20-50 times more than financial identities. It's no wonder identity thieves are increasingly targeting the healthcare industry. In 2018, the US Department of Health and Human Services’ Office for Civil Rights (OCR) reported 351 data breaches of 500 or more healthcare records, resulting in the exposure of more than 13 million patient records. Hackers are always on the lookout for vulnerabilities to exploit, with patient medical records, log-in credentials, passwords and other authentication credentials among their top five targets. Without adequate IT security, your prized patient engagement tools – like patient portals – can become an open door for hackers. As a provider, your job is to make it easy for patients to access and manage their own data, but hard for fraudsters to get their hands on sensitive data.​​​​​​​​​​​​​​ ​​​​​​​How to keep patient portals secure The good thing about being somewhat late to the party is that healthcare organizations can learn from other industries in how they have tackled online security challenges without creating too much of a burden for consumers. Think about how consumers authenticate their accounts for financial services or even social media profiles. Typically, there's an email to verify they are who they say they are, or a two-factor authentication process with a code sent to their cell phone. Most patient portals don't have these layers of security. At Experian Health, we recommend a multi-layered solution incorporating device recognition (especially important as more users access portals via cell phones and tablets), identity proofing and fraud management. Here are some examples: Sign-up screening When someone enrolls in the portal, use identity proofing to ensure they are who they say they are. It’s particularly important to ask out-of-wallet questions, such as their city of birth, first car model, or previous address to make sure they’re not an imposter.     Log-in monitoring Device intelligence will help you confirm the patient is using a cell phone or tablet your system recognizes, to minimize the risk of someone else accessing their account. This technology will tell you if the device is associated with previous fraudulent activities or potentially impersonating multiple patients. If a device fails to meet the risk threshold, identity proofing questions can be used to verify the user’s right to access the account. Additional checks on risky requests Some patient portal activities, like downloading medical records and editing a patient’s profile, increase the risk. You’d want to add an extra layer of control here, such as additional out-of-wallet questions, to safeguard your patient’s data. Rapid response and damage containment Given the sensitivity and richness of medical data, an attack on the portal can be devastating for patients and costly for providers. In the event of an attack, providers can put in place early warning systems to flag up which patients have been compromised and trigger rapid response measures to shut down the attack and prevent the damage from spreading. Promote interoperability Physicians and care providers need to share information on patients in the course of providing good care. But how are they doing this? To keep that data secure and ensure it’s only seen by the right people, you can set up your systems to share data across different platforms in a safe and secure way. Underlying all of this is the need to reassure your patients that you can be trusted with their data. Victoria Dames, Senior Director of Product Management, Experian Health, explains: “Healthcare breaches are nothing new, and neither is hackers’ and identity thieves’ penchant for medical records. What is new, however, is the broad range of tools that organizations can now utilize to stop them from accessing that personal data. Give patients the peace of mind they deserve by taking advantage of up-to-date solutions that actually work in our ever-evolving tech climate.” Learn more about how protect patient portals and encourage more patients to enjoy the full benefits of their patient portal, knowing that their sensitive personal details are safe.

Not every healthcare organization embraced electronic medical records (EMRs) at first. But the incentives and regulations put in place by Meaningful Use and the Affordable Care Act have made it necessary to implement them. Now, organizations are not only embracing EMRs, but also making it easier for their patients to access and manage them through remote portals. According to the Office of the National Coordinator for Health IT, approximately 63 percent of patients who used portals did so at their doctors’ recommendation. Despite the growing popularity of patient portals, there are still more than 25 percent of patients who refuse to use them for fear of jeopardizing their data. Considering the sensitive nature of their protected health information (PHI), along with the nearly 5.6 million health records that were compromised last year, those fears are more than reasonable. What can providers do? Hackers have honed in on the healthcare industry for two main reasons: the treasure trove of valuable information in medical records and a sometimes dated approach to cybersecurity. In fact, between 2009 and 2016, more than 30 percent of all big data breaches occurred within healthcare systems. Without proper encryption methods, login redundancies, and detection tools, portals are almost as easily accessible to hackers as they are to authorized users. As their usage grows, that lack of security will become an exponentially greater threat to patients’ PHI and identities. “Many of us are accustomed to keeping the same name and password with our accounts, and as we know, that information is very lucrative to the right individuals," says Victoria Dames, Director of Identity Management for Experian Health. "While it's our due diligence to constantly change them, there are certain scenarios where maybe we forgot to change them or we don’t regularly login and that password may sit idle. When that happens, you want to make sure that you have the right technology in place to be able to catch somebody potentially logging in, trying to impersonate a patient.” Providers can’t lower the value of PHI to make it less attractive to hackers, but they can protect it more effectively with up-to-date cybersecurity measures. These four tips can help organizations bring their patient portal security up-to-date and keep their networks safe from unauthorized access: 1. Automate the portal sign-up process. Automating the initial sign-up process can stop false enrollments into the portal at the source. When implemented correctly, the automation will only require the patient to enter a few pieces of information, and then the software can confirm the user’s identity on the back end. 2. Leverage multilayer verification. After patients have signed up to access the portal, using multilayer verification can ensure all future sessions are equally secure. For example, two-factor authentication adds additional protection on top of conventional login credentials. In addition to a password or PIN, users also have to provide something personal such as a cell phone number, ZIP code, fingerprint, iris scan, or more. If the user’s device, account ID, and/or password are compromised, two-factor authentication can ensure the organization’s network remains safe. 3. Keep anti-virus and malware software up-to-date. Multilayer verification protects users’ direct access to portals, but there are other, more frequent vulnerabilities that also need attention. For instance, HIMSS Analytics recently found that 78 percent of providers experienced ransomware and malware attacks last year. Email is the avenue of choice for malware, and these attacks constantly evolve to slip past conventional security measures. If anti-virus software is outdated, it remains vulnerable to every new iteration of malware that attacks the network. Most solutions allow for automatic opt-ins so updates are downloaded and installed as soon as they’re made available. 4. Promote interoperability standards. When primary care physicians, specialists, and healthcare payers talk to one another throughout the course of a patient’s care, it isn’t always through email. When their systems aren’t compatible, they can’t communicate as clearly and securely as they need to. Interoperability makes it possible for disparate systems to share medical histories and patient data while making that data easily understandable on either system. Because interoperability is essential for improving the continuum of care, the Centers for Medicare and Medicaid Services provide standards for healthcare organizations to promote it. More patients and providers are optimistic about using technology to improve the healthcare experience. However, one in five patients remain so suspicious of healthcare data security that they refuse to even divulge some information to their physicians. Fortunately, with the right tools, organizations can effectively strengthen portal security and boost the confidence their patients have in them.

Healthcare has always been driven by data, and today, providers have access to an unprecedented amount from a wide variety of sources. While this influx could be a blessing to the healthcare industry as a whole, it also poses a number of challenges, particularly when it comes to patient identity management. With a soaring volume of patient information coming in from numerous sources, identity errors become increasingly more likely, as well as the potential consequence of fatal mistakes. Keeping this in mind, the importance of effective identity management cannot be overstated. Every year, an estimated 195,000 people die due to medical mistakes. More than half of those deaths – 10 out of every 17 – are the result of identity management errors, such as duplicate records and mistaken patient identities. While current healthcare IT solutions attempt to tackle these discrepancies, they only succeed in identifying about 10 percent of all duplicate records. Consequently, patients often undergo repeated tests or receive incorrect treatment or medication that can result in adverse effects to their health. Also, there is limited coordination of patient data throughout the healthcare ecosystem. The main culprit of this is the lack of secure data transfers that compromise patient records and identity. This raises the question: How can healthcare organizations better manage the massive amounts of data related to each patient’s medical identity? Luckily, such issues can be improved with Experian Health’s Universal Identity Manager (UIM), which creates a single identity for individual patients across multiple disparate healthcare databases. Upgrade your identity management system The ability to share patient information across multiple healthcare organizations with different care management programs is at the core of optimizing overall patient care. Properly utilizing patient and population health data can dramatically improve an organization’s efficiency, raise its quality of care, and lower its readmissions rate. For patient data to be useful, however, providers require a robust infrastructure that allows for secure, precise, and accurate storage of patient data. The same framework should be able to assign patients unique identities across the entire network. In turn, a single, universal patient identity system allows for better analytical insights and more effective care personalization. This kind of management system also allows an organization to add relevant data to a patient’s medical profile faster and more accurately, creating an improved dynamic database that can develop personalized patient engagement and care plans. How Experian Health’s universal identity management software helps Administrative slip-ups in healthcare can have drastic consequences for a patient’s health and wellbeing. Eliminating these inaccuracies is the main goal of Experian Health’s UIM solution. Experian Health has the benefit of leveraging data assets available to us from being part of broader Experian. As a result, the identity management software generates and assigns a unique identifier to each patient that remains consistent across various healthcare systems, such as hospitals, therapeutic facilities, pharmacies, and healthcare payers. Drawing on decades of experience in identity management, Experian Health's multi-matching methodology approach eliminates duplicate and erroneous data through comprehensive search and alert processes. It provides a high degree of likeliness because it expands beyond the limitations of the conventional single-matching methodology that most health systems use today. Even records created on disparate healthcare systems can be automatically analyzed and assigned to the appropriate patient identity. In addition to eliminating discrepancies that could affect the quality of patient care, universal identity management also reduces medical and billing errors, ultimately minimizing an organization's risk of fraud. The solution also works in tandem with Experian Health’s suite of patient engagement and transparency tools, including its Patient Self-Service portal, to further optimize an organization’s ability to deliver personalized, high-quality care. Unique patient identifiers are critical for healthcare organizations to reduce the risks of inaccurate and duplicate records that lead to errors and low-quality care. Combined with Experian Health's suite of patient engagement and price transparency tools, its identity management software is a leap toward making efficient and reliable interoperability more possible across the healthcare ecosystem.

Experian Health was honored to host Frank Abagnale, one of the world’s foremost experts on identity theft, forgery, and embezzlement, during our #JointheConversation radio show at HIMSS17. You’ll know Frank from the great movie and book, Catch Me if You Can.  Frank has been a consultant to the FBI for over 41 years. He also developed a fraud detection technology called the 41st Parameter that Experian purchased in 2013 and it now operates in 80 countries around the world. Frank was honored to be selected by HIMSS this year to lead a presentation called “Stealing Your Life” where he focused on identity theft in healthcare and represented Experian Health to discuss this topic. His presentation focused on the significance of fraud in today's healthcare world; illustrating the enormity of identity theft crimes and how they affect an individual's life in many areas including health insurance, credit, income taxes including refunds, banking, just to name a few. Hear Frank’s assessment of healthcare’s susceptibility to breaches, the current state of cybersecurity, privacy and identity theft, as well as helpful strategies to personally avoid becoming a victim of identity theft. Listen to the complete podcast Learn about our Identity Management solutions