by Clive Riddle, April 8, 2016

This week, Kathy Bardeen from LexisNexis spoke in a HealthcareWebSummit webinar on Mastering Identity Management in Healthcare.  The issue with that inaccurate and missing demographic information and inadequate authentication systems and processes threaten business integrity and success, financial outcomes, and member engagement. On top of that, there is the looming specter and fear of hacking, healthcare identify theft and fraud.

Kathy cited recent medical identity theft breaches with OPM data, UCLA Health and Anthem, along with these concerns:

• Nearly 40% of consumers would abandon or hesitate using a health organization if it is hacked
• 50% if consumers agreed they would find another healthcare provider if their medical records were stolen
• Between 8-14% of medical records have erroneous information tied to an incorrect identity
• Only about ten percent of health insurers use two-factor authentication and encryption to protect data
• Individual can spend an average of $13,500 to resolve applicable medical identity fraud cases
• Insurers spend $2pmpm or more for multiple years of credit monitoring for members affected by data breaches

Kathy tells us healthcare organizations need to handle identities as a journey that starts with Identity Checks, progresses with Identity Management and then Identity Insights. Here’s her definitions:

• Identity Checks involve facilitating the authentication, verification and resolution of identities engaging with the organization, identifying possible fraud risks, and allowing for point of need identity information searches.
• Identity Management leverages a systematic approach to maintaining, enhancing and augmenting member identity profiles with current, correct and previously unavailable information.
• Identity Insights involves understanding individuals and their relationships within and outside of the healthcare ecosystem and gaining insight into socioeconomic factors impacting health outcomes, costs and overall risk.

Kathy shares these best practices in Risk Mitigation in Identity Checks, Identity Management and Identity Insights:

• Risk Mitigation in Identity Checks should involve: evaluating systems and process to minimize the transmission and storage of PHI/SPII data whenever possible; executing a robust algorithm for unique ID assignment that will maintain consistency and persistence over identity evolution; and deploying a multi-layered approach for identity management that grows with business objectives as well as an ever changing identity landscape.
• Identity Management should involve: implementing an ongoing maintenance program to ensure integrity of identity records as this data erodes; executing the identity management program with a frequency and focus that matches the business processes and programs leveraging this data; and leveraging an authoritative, reliable data source(s) to augment and update identity information.
• Identity Insights should drive analytics from identity insights to solve for large complex problems as well as target improvements to existing programs; and maximize the value of the identity management data asset across different areas of the business.

This webinar is now available for free on an on-demand basis for qualified applicants.