By Claire Thayer

Erin Benson, Director Market Planning and Courtney Timmons, Market Planning Specialist, LexisNexis Health Care, participated in a Healthcare Web Summit webinar discussion on ways for health plans to reduce the risk of a data breach, the necessary steps to validate and verify member information, and ingredients for a strong multi-factor authentication strategy.  If you missed this engaging webinar presentation, you’ll want to be sure to watch the Webinar Video. After the webinar, we interviewed Erin and Courtney on four key takeaways:  

1. What are some of the key ways health plan members are using their member portals? 

Erin Benson and Courtney Timmons: Health plan members are increasingly using their member portals as a tool to View and get answers to coverage questions

•  Track claims and account activity
•  Locate providers and services
•  Find health advice
•  Manage their member profile
•  Pay bills

2. With the rise of digital healthcare, there's also a rise in online fraud. Tell us more about how this impacts healthcare firms?

Erin Benson and Courtney Timmons: 

As the ways in which members access their data becomes more sophisticated, so too do the ways in which hackers are finding ways to commit fraud:

• More than 1 in 10 new account openings are fraudulent with 60% of those accounts being created using a mobile device
• Call center fraud is up 113%
• A record 1 Billion BOT attacks were seen in Q1 of 2018
• There has been a 202% growth in login attacks since 2016
• And 88% of all ransomware attacks were against healthcare organizations in 2017 –healthcare organizations are known on the black market to pay      

When fraudsters are successful it compromises patients’ trust in the healthcare organization, increases costs if they have to remediate a breach, and potentially leads to member safety risks if any of the patient’s health data is altered and care givers then act on bad information. Not to mention members will go somewhere else if they don’t trust that you can take care of their data.

3. You've mentioned that identity is the key to solving the challenge of balancing member engagement and data security. How do these interact together?

Erin Benson and Courtney Timmons: The healthcare organization should determine when and how to communicate with the member, ensuring updated contact information is maintained to best engage them. The member’s information should be protected from fraudster access. A foundational step is for healthcare organizations to aggregate the many data points about each member into one location linked together by a unique, persistent member-level identifier to create the one golden record about the individual.

Identity management and proofing, in tandem with new technological innovation, allows organizations to:

•  Perform intuitive linking of data points to the accurate identity
•  Leverage cross-industry analytics that allow organizations to determine if an identity enrolling in   your plan actually exists and if all of the identity information is accurate and belongs together, and 
•  Monitor transaction activity across a diverse array of industries from financial, retail, insurance and   government, using machine learning to build analytics, provide fraud intelligence and track   fraudulent behaviors and schemes.
   

In order to protect their data, you have to know who to grant access to and be able to verify their identities. Knowing your members will allow you to validate that the right users get access to their information, while keeping fraudsters out, and providing insight into who is accessing your site, mobile application and/or portal no matter where in the medical journey a member… or fraudster… is trying to gain access. 

4. Identity verification is complex. What are a few key considerations in selecting identity verification layers? 

Erin Benson and Courtney Timmons:  Various types of authentication methods should be used to cover different types of security vulnerabilities.  It is important to implement solutions that serve different purposes, targeting different types of fraud.

Some questions to ask as you develop your strategy are:

• Do we have a way of preventing fraud such as BOT attacks or ransomware by scanning devices trying to gain access to our portal?
• Can we confirm that the user requesting access to the data is the owner of that identity?
• Does the input identity exist and do all of those data elements belong together?

We recommend putting the no to low friction solutions up front in the process and introducing solutions with increasing levels of friction later in the process so only suspicious identities are facing additional scrutiny before logging in or completing a high risk transaction.