KEY TAKEAWAYS:
--When a patient attempts to register online for the first time, they should be asked to capture a government-issued ID through their computer webcam or mobile device. The registrant should then be instructed to take a live selfie, which ensures that the person listed on the ID is the same as the person trying to open the account.
--After an account has been opened, medical offices and pharmacies can approve future treatment and prescription requests simply by requesting a new selfie of the patient.
----------
Being a chief information security officer (CISO) in today’s healthcare environment is increasingly challenging. The modern threat landscape forces healthcare CISOs to protect not only against malware and ransomware attacks but also to defend against more traditional vulnerabilities in legacy equipment.
Between the headlines discussing ransomware groups and organized cybercrime, organizations may not have fraud prevention squarely on their radars. They should. Fraud costs the U.S. healthcare industry more than $50 billion annually, according to data from the National Health Care Anti-Fraud Association.
Identity theft is at the root of the industry’s insurance fraud problems. When someone’s identity gets compromised, malicious actors can use that patient’s information to make fraudulent claims with providers. This not only harms the patient but also the healthcare organizations left to deal with the phony claims.
To help combat this issue, healthcare can borrow countermeasures from the finance industry. The financial sector has turned to the Know Your Customer (KYC) process to verify the identity of their clients and help prevent financial crime. Similarly, healthcare providers can adopt Know Your Patient (KYP) processes to address the rising threat of insurance fraud.
Knowing your patients
In the world of finance, the KYC process is a central component of the modern regulatory environment. KYC helps institutions verify their clients’ identities and ensure they are not being used in any money laundering activities. In confirming the client’s identity at the beginning of the customer journey — when that customer first attempts to open a bank account — organizations are able to keep malicious actors from gaining entry to their systems in the first place.
The KYP process functions similarly in healthcare. KYP is designed to help eliminate fraud risk at the front of the patient experience by strengthening the onboarding process and verifying at the beginning of the journey that someone is who they claim to be.
Considering the rate at which the healthcare industry is falling victim to fraud, now marks a good time for organizations to reevaluate their security protocols and explore the adoption of a KYP program.
See also: How Synthetic Data Aids in Healthcare
Developing the program
Establishing an effective KYP program consists of a few key components in tandem with a continuing authentication process. Organizations must remember that identity verification cannot be a one-time event and necessitates a more elaborate approach.
To begin the process, organizations need to verify that a patient matches up with their government-issued ID. When a patient attempts to register online for the first time, they will be asked to capture their ID (such as their driver’s license, passport or other form of ID) through their computer webcam or mobile device. The registrant will then be instructed to take a live selfie, which ensures that the person listed on the ID is the same as the person trying to open the account. The biometric template created at this step will be useful for future authentication.
Once the ID and selfie have been collected, organizations will need to determine whether the provided ID is legitimate and if the selfie matches the picture on the ID.
There are a handful of warning signs that may indicate a particular ID is fraudulent or being misused. Fraud detection analytics can reveal if an individual has any potential history with, or active connections to, fraudulent activity. Additionally, minimum age requirements may affect a registrant’s ability to open an account.
Depending on the outcome of these various checks on the government-issued ID and the biometrics of the individual, the KYP program will provide a verdict for the organization to permit or deny the registrant’s new account. If the patient’s ID correlates with the biometric results, the process is complete and the account will be opened.
After an account has been opened, medical offices and pharmacies can approve future treatment and prescription requests simply by requesting a new selfie of the patient. With each selfie taken, a new biometric template is generated for comparison with the template that was initially captured at enrollment to authenticate the returning patient.
See also: Why to Customize Employee Healthcare Plans
Building a stronger future
It can be difficult for modern healthcare organizations to strike the right balance when it comes to fraud deterrence. They want to make the identity verification process seamless while deterring fraud and reducing friction for actual patients who are merely attempting to seek care.
A sophisticated KYP program is intended to help organizations find that balance by letting in the legitimate patients and simultaneously keeping fraudsters out. By employing identity verification and authentication, providers can quickly confirm real patients, adhere to regulations and help thwart costly instances of insurance fraud.
