Ditch activation codes and automate portal enrollment with integrated identity authentication solutions

This article discusses how healthcare organizations can prevent medical fraud and ensure eligibility integrity.

New data reveals that the number of healthcare data breaches continues to climb, causing financial and reputational damage to healthcare providers. HIPAA Journal reported 692 large healthcare data breaches between July 2021 and June 2022 that exposed the records of over 42 million individuals. The number of records breached in June 2022 was more than 65% higher than the monthly average over the previous year, highlighting the need for providers to stay on top of their game when it comes to protecting patient data. In a recent conversation with PYMNTS, Chris Wild, Experian Health’s Vice President of Adjacent Markets and Consumer Engagement, discussed the consequences of healthcare data breaches and set out the key steps providers should take to prevent and resolve security incidents. Compromised patient records send financial and reputational costs soaring IBM reports that financial damages resulting from data breaches have reached a 12-year high, with the average breach in healthcare costing $10.1 million, up nearly $1 million since 2020. Wild notes that this includes a huge range of costs, from HIPAA fines to operational costs to curb and resolve breaches: “The cost of dealing with a breach is enormous. There’s anything from penalties of $100 per incident to $1.5 million per year. You’ve got reconciliation costs – trying to patch the holes in technology stacks and things like that. You’ve also got inbound phone calls from concerned patients who’ve just heard about a breach and want to know if it impacts them.” But Wild says that beyond HIPAA fines and operational expenses, the greatest cost is repairing the reputational damage of breaching patient trust: “the reputational cost is enormous because once you lose a patient, you lose a patient.” Wild suggests a two-pronged approach to mitigate the risk and impact of a healthcare data breach that focuses on prevention and preparation. Protecting patient identities to deliver a satisfying and secure consumer experience  An unfortunate side effect of the accelerated adoption of digital health solutions during the pandemic was that it opened the door to new methods of medical crime and fraud. Patients interact with their data electronically more often, thus increasing their vulnerability to cyber-criminal attacks. Preventing infiltration by bad actors before they occur should be the priority. In the past, efforts to secure a patient’s identity have relied on personal security questions, considered unanswerable by anyone but the patient. However, Wild says that asking for past addresses and details of previous living arrangements may no longer be the gold standard: “We’re finding that this is a little bit passé now. There’s a lot more that goes into identifying somebody, and that goes along with improving security, but it also improves the patient experience. There’s always been a balance between trying to make sure that data is secure on the one hand, but also make sure that it’s easy to access on the other.” To this end, providers should look for patient engagement solutions that deliver a flexible, convenient and consumer-friendly patient experience, while ensuring that patient data is secure. Wild suggests a few specific strategies, such as monitoring device ID and validating the identification documents used during patient registration: “When you have your cell phone or your tablet or your laptop, or your computer, or even your voice assistant devices, they all have a device ID. We keep track of those and see which ones are being naughty, which ones are being nice. We can start to ramp up when we see a naughty device acting naughty. But also think about things like document verification, validating that a driver’s license being shown to a registrar is actually a real driver’s license, or things of that nature.” A multi-layered approach to securing patient portals and other digital patient access tools will ensure there is no single point of vulnerability. Experian Health’s patient portal security solutions with Precise ID include a range of protections, including two-factor sign-in authentication, device intelligence and additional checks on risky requests to proactively secure patient identities. Each element protects against a specific type of threat, building up defensive depth to thwart attempts to breach patient data. Responding quickly in the event of a healthcare data breach Prevention only goes so far, though. Evidence suggests that most healthcare providers will be hit by a data breach at some point. Wild suggests that regular “fire drills” can help ensure that everyone in the organization knows how to respond, should the worst happen: “For a healthcare data breach or any sort of misappropriation of patient or member data, you want to make sure you’re keeping things safe, keeping things secure, and make sure that all of the associated people know what to do.” Wild says this must include front desk staff who will be answering phones from worried patients, through to marketing teams who will need to put out proactive messages about what happened and how it will be dealt with. How a provider responds may have an even greater impact on their reputation and patient loyalty than the breach itself. All of this can be pulled together in a data breach response plan, which sets out exactly what needs to be done and by whom, to help organizations avoid missteps in the aftermath of a breach. Experian Health’s Reserved ResponseTM program can help healthcare organizations put together a data breach preparedness plan in as little as three days. The program is based on 17 years of real-world experience dealing with data breaches and has evolved as security threats and consequences have increased. The program offers providers guides, templates, checklists and service-level agreements to guarantee manpower, infrastructure and response readiness at the most crucial moments. As the uptake of patient portals and other digital patient access solutions accelerates, finding the right data security partner to help navigate the unprecedented threats and consequences will be essential. Watch the full interview with Chris Wild and find out more about how Experian Health helps healthcare providers protect patient identities to prevent healthcare data breaches.

With support from Experian Health, the Council of State and Territorial Epidemiologists (CSTE) assisted state health departments with tracking and managing COVID-19 infection rates. Universal Identity Manager (UIM) complemented existing data tools by closing gaps in patient identities, so public health officials could efficiently identify and contact those who might be infected or at risk of infection. In Massachusetts, this data underpinned hyper-localized dashboards to inform community-level public health decisions. Related reading: Learn how the Tennessee Department of Health used UIM to improve contact tracing and patient outreach during the pandemic. In Massachusetts, responsibility for providing COVID-19 data to local governments fell to the public health department’s Division of Surveillance, Analytics and Informatics (DSAI). Local officials relied on this data to make swift and effective decisions about school closures and restrictions on public events. One particular challenge was tracking the spread of COVID-19 among transitory populations. Records for incarcerated individuals, university students and nursing home staff often showed the address linked with the person’s health insurance, rather than where they were currently living. Inaccurate contact details could skew data, resulting in unreliable data reports. In addition, this new initiative had to meet the Massachusetts Department of Public Health’s existing data privacy standards. Universal Identity Manager helped the DSAI team fill in missing patient information with current demographic data, using the Experian Single Best Record. UIM combines best-in-class probabilistic and referential matching technology to accurately match records across multiple healthcare organizations. A Universal Patient Identifier is assigned to each patient, which allows instant updates to demographic data for a single, accurate and complete view of each person. To address concerns about maintaining patient privacy, an expiration date was applied to the data usage rights, defining and limiting the time period in which the team could use patient identity data derived from UIM for this initiative. With these complete records, hyper-localized COVID-19 dashboards provided data-driven support to allow 351 local health boards to make fast and effective public health decisions. Find out more about how Universal Identity Manager can support improved community outreach and decision-making with accurate and secure patient identities.