Guest post by Jonathan Bertman, founder and president of Amazing Charts.
The big news out of HIMSS13 was no surprise to those of us who work in the electronic health record (EHR) industry. The results of a two-year (2010-2012) survey from American EHR revealed that user satisfaction levels with EHRs are dropping in multiple areas – very bad news for EHR vendors.
The results didn’t surprise me at all. I talk to hundreds of EHR users each year about their concerns, and have divided the sources of their satisfaction into three broad areas. Users talk about their dissatisfaction with unusable systems because of poor design; unaffordable prices; and the inherent unfairness of the purchase process, often requiring multi-year contracts committing clinicians to a system they have never had a chance to use in the real world.
Guest post by Alex Horan is the senior product manager at CORE Security.
In 2012 we saw an increasing number of health breaches across the country – and across continents. We saw an employee’s lost laptop turn into a healthcare records breach of more than 2,000 sensitive medical records of Boston Children’s Hospital patients. We heard how one weak password allowed a hacker to access the Utah Department of Technology Services’ server and steal approximately 780,000 patients’ health and personal information. We even read about Russian hackers encrypting thousands of patient health records and holding the information for ransom for thousands of dollars.
Healthcare fraud or medical identity theft put both individuals and healthcare organizations at huge and severe risk. Since 2010, Ponemon Institute has annually benchmarked the progressing and evolving issues of patient privacy and security. The third annual study, released in December 2012, found that healthcare organizations still face an uphill battle in their efforts to stop and reduce the loss or theft of protected health information (PHI) and patient records. What’s more, data breaches can have severe economic consequences – and the repercussion costs are only climbing. The study estimates the average price tag for dealing with breaches has increased from $2.1 million in 2010 to $2.4 million in 2012. The report projects that the economic impact of continuous breaches and medical identity theft could be as high as $7 billion annually, for the healthcare industry alone.
David Finn, health information technology officer for Symantec, discusses healthcare technology security, HIPAA and meaningful use and the most pervasive security issues health IT faces in the months and years ahead.
What issues do healthcare leaders face from a security perspective?
Well, that is part of the problem right there. Healthcare leaders are inundated with new requirements and market changes. So, there is Meaningful Use, ICD-10, ACO, HIE, new privacy and security requirements – – all in a relatively short time frame – – to name a few. On top of that, you are likely doing that with decreasing reimbursement, a difficult labor market and limited capital budgets. Security, while mandated, frequently falls to the bottom of the list because it doesn’t directly impact care or add to the bottom line. That is a short-sighted view of security. Security needs to be strategic to the business of healthcare, not just IT.
Why? What can they do about this?
Much of this has been driven by HITECH and the Affordable Care Act. So, there are regulatory components and that, in turn, has driven many changes in the healthcare market. Providers now have to do a lot of these things just to keep their heads above water – – not to mention the statutory requirements. The most important thing is to get started … you may not be able to do everything all at once. You do have to understand what needs to get done and then prioritize those things for your organization and get started.
How are HIPAA changes affecting care, coordination, tech implementation and the ability of physicians to do their jobs?
HIPAA has been around a long time and, frankly, if the industry had dealt with these things effectively starting back in 2003, which was the compliance date for the Privacy Rule and then 2005 when the Security Rule became the law, we’d be in much better shape today. Unfortunately, the incentives and drivers were not aligned to make that happen. Don’t get me wrong, a lot of things got started and don’t forget technology is very different than it was 10 years ago – – mobility, virtualization, cloud. We also have a much larger installed-base of EHRs across the entire continuum of care. So, now we have tools that really can aid the physicians and other clinicians in getting things done faster, wherever they are, at their convenience, but we’ve lagged in a lot of the security issues around those new technology tools. And, unfortunately, often systems are put in without proper attention to workflow or process improvement. Organizations that hurried to get some of these things in are now going back to “fix” them.
How is/will meaningful use impact healthcare? Are there security issues?
While the debate is still raging, few would argue that better access to information for providers and patients is a good thing. Meaningful use – capturing and using the right clinical data – over time, will improve the quality of care and outcomes and should reduce costs. It will not happen overnight. Yes, when you have confidential, legally protected information, you have security issues.
How has the push toward EHRs changed the security of healthcare? In what ways?
As healthcare has digitized, it has increasingly become a target for the “bad guys.” We not only keep names, addresses and dates of birth all together to make it easier to care for and bill patients, we also include social security numbers, credit cards and insurance accounts. And every time you share that information (between providers, with an HIE, a drugstore, registries, schools and more) you create another potential point for that data to go astray or someone to maliciously take the information. In the “paper days” a doctor might take home a dozen charts to review; today a jump drive can contain hundreds of thousands of patient records. When all the charts could be locked in a room at night at least you knew where most of them were and they were safe. Information now lives on networks – – in databases, in Word documents, spreadsheets. It can get cut and pasted from an EHR screen into an email and sent anywhere. While many of the issues are the same, the scope and scale of the problem is sometimes hard to imagine. It was horrible for those dozen patients if the doctor’s car was broken into and charts taken, but when you have breaches of hundreds of thousands or even millions of patient records, it can be very difficult to manage and address. And this doesn’t even begin to address the cost issue around a data breach.
In relation to security, what are some of the most pervasive issues physicians face? What are they more surprised by?
Well, mobility is here to stay and yet most organizations don’t even have policies around mobile devices. Social media is a growing concern, whether you are a large healthcare system or a single-physician practice. The underlying problem is not knowing where that patient data is. Nearly everyone is surprised when you start to show them how that information comes into your organization or practice, where it goes and who uses it and how it may leave the organization. There are tools to help you find, manage and track the data, but most people are still focused on the EMR, the PCs that clinicians use. The issue is the data and the problem is the data is everywhere.
What are some of the most overlooked security protocols?
First, is encryption. If you are focused on the data, the best thing to do is encrypt it. That said, encryption is not a panacea and just encrypting everything is not a good answer. Things like laptops, tablets, smart phones, backup tapes, jump drives – – those really need to be encrypted. The other thing is understanding your data and there are tools, like Data Loss Prevention tools, that help you find the data;who created it, how it is being used and so on. If you don’t understand the data, you can’t really protect it appropriately.
Is the health IT market overly paranoid when it comes to security and breeches?
Based on the number of records breached since 2009 — 20+ million — I’d say the IT market needs to do something. Being paranoid about breaches is one thing, actually managing your data and mitigating potential breaches is another. It is time for the industry to take the issues of privacy and security seriously, assess the problem, develop a plan, get the money and start fixing it. Healthcare has to realize this isn’t a technology issue – – this is an enterprise issue and it starts with your people.
How will health IT security change in the months or year ahead? What trends can we expect? What’s irrelevant? What’s not?
I think you will see privacy and security being addressed as part of a system implementation or a process improvement initiative instead of something you try to do after the fact. If you do it afterwards, the security is never is good and always costs more. You’ll see more training and policies that address mobility, social media. I think as enforcement picks up and fines increase, healthcare will recognize that this not just a technology problem. I think you’ll see a lot more training and awareness around privacy and security. More investment in tools that monitor data and in that sense are monitoring workforce behavior around patient data – – regardless if it is on email, the EHR, web sites – – it is still the patient’s data. You’ll also see more focus on identities and authentication, it is likely coming in future regulations, but the other part of protecting the data is making sure only the right people get it.
Here is what is irrelevant: 1) Policies that are not enforced or cannot be enforced; 2) Enforcing policy and procedure inconsistently; 3) Thinking this is an IT or security problem when it is an enterprise wide, cultural issue.
Anything else you’d like to mention that I haven’t asked?
First, I think now that we have all these EHRs up and running and are collecting all this data digitally, the industry is just figuring out how to use it to drive improvement. So, big data, analytics, informatics – whatever you want to call it – will be a huge driver. Big data comes with some unique security and data management issues.
The next tidal wave in health information technology that we are not doing a good job addressing, yet, is the medical devices. These are often patient-touching devices ranging from anesthesia machines to smart-pumps, which may deliver controlled substances or chemotherapy to pacemakers. More care is being driven to the home and remote home-care is a growing area. Yet, these devices tend to run old operating systems, can’t take the newer protective software, yet they are on hospital networks, connect to the Internet and are unmanaged in terms of information technology. Many of them store and transmit patient data and the issue just isn’t getting the focus it needs.
David Finn, CISA, CISM, CRISC is the Health Information Technology Officer for Symantec. Prior to that role he was the Chief Information Officer and Vice President of Information Services for Texas Children’s Hospital, one of the largest pediatric integrated delivery systems in the United States. He also served as the Privacy and Security Officer for Texas Children’s. Prior to that Finn spent seven years as a healthcare consultant with IMG/Healthlink and PwC. Serving last as the EVP of Operations for Healthlink.
Texas Children’s Hospital won the ECRI Institute 2007 Health Devices Achievement Award, and because of Finn’s departmental support, TCH also was awarded recognition for Employee Support of the Guard and Reserve. Finn also received the Symantec Visionary Award in 2008 for Security. He has presented nationally and internationally on such topics as project management, professional leadership and staff development, and privacy and security. He has contributed to or written articles on IT Management, Disaster Recovery and Security for such as journals as CIO Digest and Baseline.
One thing recently became increasingly important to Metro Imaging and Radiology, an independent radiology practice with five locations throughout St. Louis, Missouri: meeting meaningful use.
In 2012, Metro Imaging added an electronic health record after having used NextGen’s billing system for several years. Along with the EHR, the chain added the Anoto digital pen.
With more than 100,000 annual patient visits, the practice sought a viable solution to help streamline the intake process and reduce some practice inefficiencies, like scanning and filing paper patient forms.
“We knew it was going to be difficult to reach meaningful use, and we needed something that was going to be very efficient,” said Christine Keefe, chief financial officer at Metro Imaging. “We couldn’t have anything that slows us down too much.”
The Anoto pens seemed like the best solution. The pen stays charged for 10 hours and can hold 200 pages filled out top to bottom.
The practice was sold on the pen because of its ability to capture the information being entered onto paper forms, especially the patient intake forms. According to Keefe, the pens were only considered based on a recommendation from it NextGen representative, but since implementing it, they have completely done away with any manual scanning of patient forms.
On top of that, the clinic has completely gotten rid of paper (except for the patient in take forms used at the front of house) and it no longer keeps papers files.
The first week following implementation was the most difficult, she said, but since everything has settled back to normal and there have been no hiccups. The EHR was probably a more significant change than adding the pens. After all, the patients rarely notice there’s something different about the slightly larger ball points.
The pen captures the data entered into the fields of the paper forms by the patient through a small camera on the pen. It snaps 70 images per second as a patient enters the required data, storing until the pen is docked on a charging station, at which point it downloads all of the information contained into the practice’s EHR through a USB port.
“A great thing about the pen is that you can dock it, ignore it and by the time you’re done doing other things, everything is downloaded and you can use it again,” Keefe said.
An immediate benefit, other than reducing the amount of manual input required of clinical staff is that the forms that are used by the practice are customized and capture data in a structured manner.
Staff that previously focused on transcription, scanning and filing now have had their resources reallocated to claims and billing administration and patient relations. For example, staff has more time to follow up with patients and address any billing and claims issues that come up.
The practice currently uses 25 pens; five per practice. Each costs $385 and there is a $1,000 license fee. Additionally, the practice pays a regular maintenance fee. The pens can be used for hours without re-charging and can capture multiple people’s records without needing to be docked.
The pens are also Bluetooth-enabled and can transmit information wirelessly back to a healthcare setting, making them appropriate for home health workers and others that work outside the four walls of the practice.
They are the ideal technology too, since today more than 80 percent of physicians still rely on traditional pen and paper to capture patient information. Finally, digital pens offers a simple, alternative way to capture data and transfer it into an EHR, especially for physicians concerned about a computer or tablet PC getting in the way of their patient’s experience.
“We like the flexibility the pens have created for us,” said Keefe, “anything to cut down on work at the front desk.”
Metro doesn’t use them in the clinical setting yet, Keefe said, but there has been some interest in bringing them into the exam room. If things continue to go as smoothly as they have, that decision would be like hand meeting glove.
Dr. Juergen Fritsch, co-founder and chief scientist of M*Modal Inc., discusses the company, how it is used in the care setting, the market trends and where it is going.
What is M*Modal?
M*Modal is a leading healthcare technology provider of advanced clinical documentation solutions, enabling hospitals and physicians to enrich the content of patient electronic health records (EHR) for improved healthcare and comprehensive billing integrity.
As the largest clinical transcription service provider in the U.S., with a global network of medical editors, M*Modal also provides advanced cloud-based speech understanding technology and data analytics that enable physicians and clinicians to capture and include the context of their patient narratives in a single step into electronic health records, further enhancing their productivity and the cost-saving efficiency and quality of patient care at the point of care.
Why is it disruptive and important to the community?
M*Modal’s technologies are disruptive because they empower physicians with the ability to make informed decisions at the point of care, one of the most critical factors in reducing healthcare costs and improving patient outcomes.
M*Modal’s solutions are important because they are designed for healthcare by healthcare experts. As such, the solutions understand multiple dialects, accents and cadences, pull from a repository of more than 200,000 physician voices in the cloud and are only medically focused.
What is its potential?
M*Modal has the potential to transform the way the entire healthcare industry leverages advanced clinical documentation technologies and services, ensuring that all stakeholders across the healthcare spectrum, from the patient to the coders on the back end, benefit from the advanced clinical documentation workflows available in today’s and tomorrow’s healthcare settings.
Who’s using it? Why? What is the ROI?
M*Modal provides hospitals and physicians with the healthcare industry’s most advanced clinical documentation solutions. These stakeholders use our solutions to enhance how healthcare professionals capture and manage clinical documentation for improved quality, cost savings, reimbursements, compliance and patient care. Examples include enriching electronic health records for patient care quality and comprehensive billing integrity.
In terms of ROI, our technologies can identify documentation deficiencies and address them via closed-loop workflows, which improve the quality of the clinical patient note and increase the efficiency of documentation processes. Our advanced clinical documentation tools drive adoption of electronic health record systems, saving providers time & expenses.
How did it start? What is it doing to advance?
M*Modal grew out of research performed at Carnegie Mellon University in the late ’90s. The company’s founders developed a radically new technology for understanding conversational human interactions on the telephone. The technology proved to be an even better match for dictated clinical notes as created by healthcare professionals throughout the United States and elsewhere. Today, M*Modal processes millions of hours of verbal healthcare documentation for more than 200,000 physicians each year.
To advance our impact we are also focused on forging partnerships. We just announced several new partnerships with major industry players such as 3M, Optum and Intermountain Healthcare and we have established partnerships with top providers of electronic health record systems, including Epic, Allscripts and Merge. We are constantly working with partners to develop and address industry challenges as they arise.
How is it used in the care setting?
Our advanced speech and natural language understanding technology is used in a wide variety of clinical and administrative healthcare workflows, for example enabling physicians to interact with their clinical systems via voice anytime, anywhere, using their preferred device. This enables instant access to critical information for patient care, allowing providers to spend more time with the stakeholder that matters most – patients.
Additionally, hospitals and practices are using our solutions to analyze vast amounts of unstructured clinical documentation, identify documentation deficiencies and close care gaps. Traditional electronic health record systems do not provide this level of insight and so our solutions fill a critical need that becomes more and more important as we progress from a fee-for-service to a value-based reimbursement and accountable care model.
Tell me something about transcription tools that nobody seems to know.
Our advanced speech and natural language understanding technology has made the process of turning dictated physician notes into structured clinical documents roughly twice as fast as a traditional transcription workflow. On top of that, transcription services are slowly but steadily evolving to also include data validation services. That trend will continue as hospitals seek to lower their cost and free-up physicians to spend more of their time caring for patients rather than dealing with technology.
Should patients care about speech recognition?
Many patients are already familiar with speech recognition technology through their use of off-the-shelf consumer products that some of them are using at home. In my view, it is less the speech recognition technology that they should care about, but the significant advances that we have made in the past few years around computers understanding natural human language. That technology together with the vast and ever growing amounts of “big data” that are being created in healthcare is allowing physicians and other care providers unprecedented insights into healthcare outcomes and ultimately will be a key driver of improved healthcare.
What do you see as the most important health IT trends currently affecting the market? Why?
The most important health IT trends that’s affecting the market today is the move toward a more outcome- and prevention-based reimbursement models. Rather than paying for services provided, the market will shift rapidly toward paying fixed budgets to manage different types of diseases, particularly the costly chronic ones such as heart disease, diabetes, etc. Healthcare information technology is adjusting to this and is developing new solutions that are focused on personalized medicine to prevent diseases rather than just supporting the treatment of them once they occur.
Where are we going as a market?
As I noted earlier with the new outcomes-based focus, I would say that we are rapidly moving toward a more sustainable healthcare cost model, with a much improved focus on disease prevention and personalized treatment plans.
What is the number one complaint you hear regularly from caregivers?
By far the number one complaint is that outdated, inefficient technology is bogging them down, requiring them to spend more time in front of the computer, leaving less time to take care of their patients. In part, this stems from the fact that many hospitals have bought into decades-old electronic health records systems with inefficient workflows that slow down physicians, particularly in today’s world of increasing data capture requirements. But there is also a generation of newer information technology on the market now — such as speech and natural language understanding technology — that actually help improve physician productivity while also providing better insights into their patient population. The bottom line is: physicians and hospitals need to closely follow the healthcare IT market to identify the tools that can drive their efficiencies and improve their outcomes.
What are caregivers most excited about?
Many care givers are excited about mobile devices — mostly about tablets like the iPad Mini. It allows them to do many of their tasks more efficiently while on the go, even sharing a lot of information effectively with their patients. Virtual assistant technology is also of great interest to many physicians, particularly in combination with mobile devices. You will see many new mobile apps hitting the market in the next few years that will allow care givers to verbally ask complex questions about their patients’ health record and get answers within seconds.
What piece of regulation would you like to see abandoned? Adopted?
I’d like to focus on pieces of regulation that I would like to see adopted more readily or more expediently. The key ones for me are interoperability standards and the respective regulation found in the ARRA HITECH Meaningful Use program. Almost every other industry has embraced interoperability. You can get cash at virtually any ATM in the world — but you can’t transfer your electronic patient health record from one EHR provider to the next (at least, not without major effort). We need to change that, and we need to do it quickly. Regulation can help with that.
Dr. Juergen Fritsch is co-founder and chief scientist of M*Modal Inc. where he leads research efforts in the fields of speech and natural language understanding for clinical documentation. His work focuses on building and improving a medical language understanding system that is based on standardized medical ontologies and vocabularies while employing statistical algorithms to learn from vast amounts of linguistic data. He has published more than 20 peer-reviewed papers and has been granted five patents on original speech recognition and natural language processing research. Juergen received his Ph.D. (1999) and M.Sc. (1996) degrees in computer science from the University of Karlsruhe, Germany.
Andrew Olowu, chief technology officer of Axxess Technology, discusses home health and how technology is impacting this market segment of the care spectrum, from delivery of care to how caregivers benefit from its use.
Where does home healthcare fit into the big picture?
Home healthcare plays an increasingly vital role in the delivery of quality healthcare in America today. It is widely accepted that patient outcomes are better when care is delivered in the comfort the home, where a patient feels most comfortable. Because the cost associated with home healthcare is much lower than other tradition healthcare options (such as the hospital), home healthcare is also very beneficial from a financial standpoint. Lastly, as the baby boomer generation ages, it will create increasing demands for all categories of healthcare, including home healthcare services.
How is technology affecting the delivery of home healthcare services?
The practice of using paper by home health agencies for maintaining patient records, documenting clinical notes, managing physician orders and scheduling patient visits is still very common today, but must be transitioned to electronic records by 2014.
Advanced electronic health record systems used in home health agencies benefit patients and healthcare providers. A good electronic health record system can perform automatic audits of clinician documentation, check for adverse drug and allergy interactions, warn about scheduling conflicts and deviations, verify access to patient records, and back up all electronic data on a periodic basis.
How are healthcare professionals (nurses, clinicians, treating physicians, etc.) benefiting from technology in home healthcare?
The advent of mobile devices allows nurses to document patient visits directly at the point of care, which decreases the time it takes to submit clinician documentation. Point-of-care systems also improve the nurses’ ability to communicate directly with the physician overseeing the patient’s care, which ensures accurate documentation and allows for ease of collaboration among a patient’s medical team.
Explain the effects of home healthcare on hospital readmission reductions. And where does technology come into play?
Home healthcare plays a significant role in reducing hospital readmissions by providing recently-discharged patients with education about their diagnosis/prognosis, medications and treatment plans. This hands-on approach to post-hospitalization reduces likelihood of patient readmission. Caregivers and family members can also be educated by home health clinicians to provide the adequate care for the patient. Technology facilitates better communication and care coordination among healthcare professionals. The use of technology in home healthcare also reduces the time clinicians spend on paperwork, allowing more time spent caring for the patient.
How do you see the future of home healthcare affecting the healthcare industry as a whole? Why?
With the availability of efficient and comprehensive technology in home healthcare, we can expect better patient outcomes, happier patients because they can recover at home and a reduction in the cost of healthcare delivery. We believe home healthcare will grow and become increasingly important to both patients and providers as an integral element of the larger healthcare industry.
What benefits do hospitals have when partnering with home health agencies?
Under the affordable care act, hospitals with excessive readmissions will see reductions in their Medicare payments. Hospitals partnering with home health agencies that have adopted technology to provide the best care for patients will favorably affect the number of re-admissions and protect their revenue.
Knowing the requirements that wait in 2014, how is progress in the home health industry?
Based on our anecdotal observation, the industry is moving steadily toward adopting electronic health records. Larger organizations generally have been among the first adopters, with many smaller agencies yet to make the transition.
Andrew Olowu is the chief technology officer of Axxess and serves on its board of directors. Olowu is responsible for the overall technology, architecture and innovation of the Axxess platform.
On its face, the CommonWell Health Alliancee really seems to hit the mark. A collection of the top EHR vendors coming together, sharing a stage and shaking hands; smiling; snapping photos of smiling happy CEOs. All together for one cause, or so the story goes: healthcare data interoperability. According to the “organization’s” website, interoperability is the cornerstone of healthcare’s future.
“Interoperability helps improve quality, reduce costs, enable regulatory compliance and ensure better access to healthcare for millions of people,” and so on and so forth.
Finally, CommonWell’s call to action: moving the healthcare industry beyond just recognizing the importance of interoperability, but moving the industry forward. CommonWell is supposed to be the health IT superhero that moved this giant boulder up the hill and positions it so eloquently on the top.
For those of us who didn’t know this already, CommonWell sums it up: “It’s time for healthcare IT organizations to come together and commit to achieving interoperability for the common good,” and so on and so forth.
So glad it took the giants of the industry to tell us as much.
Okay, so admittedly, this is a step in the right direction. It’s like putting big money behind a good cause. For everyone who has ever worked in the nonprofit trenches who spend their days begging the haves for the have nots, this a dream come true.
Those in the spot light can move us forward to a point where we must be. Allowing private enterprise to bear this mantle means we might finally make the move forward instead of being held back by the shackles of the federal reform and imposition.
After all, wasn’t interoperability a staple of meaningful use; an “industry consortium to adopt common standards and protocols to provide sustainable, cost-effective, trusted access to patient data,” if you will?
Because of meaningful use, we were supposed to be singing in circles by now, discussing all of the advancements we’ve made; our coming together and our ascending to the precipice. Alas, little has been attained through federally funded meaningful use except implementation and wars of words.
We waited, didn’t we? Long enough? Perhaps, perhaps not; depends on who you ask. Farzad Mostashari says we should wait a bit longer for the results to role in. The boys at Allscripts, athenahealth, Cerner, Greenway, McKesson and Relay Health (imagine the feelings of all the other vendor’s CEOs who were left out of this pre-arranged agreement; I guess there’s mincing words anymore) decided private enterprise is the way for things to actually get done.
And while it’s an interesting experiment, I think I agree with some of the other more intelligent folks in the field. Until we see some sort of actual forward movement with this initiative and until there’s some proof of life, this is really nothing more than a stake in the ground. A happy public relations move designed to flex a little corporate muscle on the industry’s largest stage.
Guest post by Harry Jordan, vice president and general manager, healthcare for LexisNexis.
The most important question in identity management is not: “Who are you?” It’s “What do we need to know about you?” And nowhere is the answer to that question more critical than in healthcare, where inadequate systems and processes can not only threaten business integrity and success, but jeopardize lives, as well. Inevitably, it is time to shift the focus of the discussion of identity management away from authentication methodology and toward the broader healthcare context in which identity management is no longer a luxury, but a necessity.
Effective patient/member identity management springs from this fundamental question: “Given what we are trying to accomplish through this particular transaction, what do we need to know about this individual to insure safety, integrity and trust?” Or, more elaborately: “What do we need to know to prove this individual is who they say they are and that they are authorized to access the information being requested based on those identity credentials?”
The answer is determined by the intersection of multiple factors: your objectives; product and service characteristics; population demographics and attitudes; the nature, value and riskiness of the transaction being performed; the point in the process and relationship where it takes place; and organizational risk tolerance. Getting the answer right is critical to the sustainability of health care organizations and, more importantly, the safety of the individuals they serve.
Identity fraud is the fastest growing crime in the United States, affecting more than 11 million adults in 2010. Medical identity fraud is the fastest growing type of identity theft. The Ponemon Institute estimates the annual economic impact of medical identity theft to be nearly $31 billion.
Health care consumers will, and should, expect their data to be secure at all times in order to protect their financial and physical well-being. Health care stakeholders will demand solutions that ensure they are dealing with the right person, at the right time, for the right transaction, thereby minimizing risk and negative impact on their health care delivery decisions, the health of their patients and overall business performance.
As a recent Gartner report states, identity management is “increasingly recognized as delivering real-world business value,” and “identity management agility improves support for new business initiatives and contributes significantly to profitability.” Identity management is rapidly evolving to encompass emerging risks and application variability. There are tools you can put in place now to meet the increasing demands of identity management.
Point solutions and one-size-fits-all implementations are being supplanted by or absorbed into more comprehensive and flexible approaches. These solutions provide identity management coherency across processes and relationships, as well as identity management consistency across multiple channels and organizations.
At the same time, they enable organizations to efficiently implement a wide range of identity management tools that blend the right identity elements together with the appropriate view and assurance level for each transaction. Established organizations can layer new identity management capabilities onto existing systems in the form of services. Merely extending enterprise identity management solutions will not work.
Three key concepts are at the core of the most successful health care consumer identity management solutions. They are general principles shared by diverse business-specific implementations.
1. Identity management is as much about business as about security. Identity validation (or “resolution”), verification and authentication – commonly regarded as security functions – have far-reaching business ramifications. How you perform them can strongly shape your most direct and therefore vital interactions with patients, payers, providers and other healthcare stakeholders. Thus, while it is important, and sometimes mandatory, to follow industry standards, it is also critical to make sure that the way in which you implement identity management is tailored to your market, business plan and mission to maximize business goals and minimize organizational risk.
2. “Know your health care consumer” is the point of balance for multiple – and possibly competing – objectives. “Know your healthcare consumer” is a phrase that traditionally has different meanings to health care consumer service than it does for security management Service people are concerned with raising healthcare consumer satisfaction by increasing access and ease. Security people are concerned with reducing risk by restricting access.
3. Ask for only what you need to know. Knowing more can, in fact, enable you to ask for less information. In identity management industry jargon, the objective is “friction reduction” through “data minimization.” Improve the health care consumer experience by not asking for information you don’t need.
Strong security can be, for the most part, invisible to the user. Analytics operating in the background can spot links between healthcare consumer data and suspicious entities or recognize suspicious patterns of verification failure.
Analytics can be integrated with business rules to adjust the security level and trigger appropriate treatments or approval of treatments. They can also be used to determine if the current transactional pattern of behavior is unusual. Reacting to healthcare consumer responses in real time – taking business rules for different product lines, channels and types of transactions, and an entity’s tolerance for risk – an identity management service can make dynamic decisions about when to invoke additional and/or stronger measures.
The number of identity-reliant transactions engaged in across the health care continuum is multiplying rapidly and becoming ever more critical to the success of individual health care organizations. When dealing with any situation involving the sharing of a patient’s personal health information it is essential these organizations ask themselves the fundamental question about the individual or entity with which they will be sharing the information: “What do we need to know about you?”
This question is the starting place for all other questions in identity management. The right answer is the key to making identity management an enabler of great services accessed with ease and delivered at a low coast and minimal risk of fraud.
Harry Jordan is Vice President and General Manager, Healthcare for the risk solutions business of LexisNexis. He directs the healthcare business, offering capabilities in health management, predictive claims fraud analytics and health information exchanges.
