Know Your Patient: Anti-Fraud Pill for Healthcare Industry

  • Richard Marley
  • September 24, 2019
  • 7 minutes read
  • 3248

Know Your Patient: The healthcare industry is more prone to data breaches than any other industry. About 30% of large data breaches have been recorded over the last decade that has affected millions of employees and customers. These data breaches have multiple forms, they vary from credentials stealing to purposefully data disclosure to stolen devices. The medical databases contain highly sensitive information that is not only related to the patient’s personal information but also sensitive information which includes medical history, health insurance details, etc. This data is of much interest to cybercriminals who steal data and use it for malevolent purposes. Statistics show that 34% of healthcare data breaches are the result of unauthorized or uncontrolled data access. Records are also compromised because due to the ransomware and malicious executables that fraudsters inject into the system and hack all data.

A bunch of data breaches has been recorded in the U.S. These are either the results of system/server hacking, theft, and unauthorized data access or disclosures. The following are some of the large breaches that happened in medical institutions which include insurance companies, healthcare providers, pharmacies and pharmaceuticals.

Affected Entity Affected People Type of Breach
Magellan Healthcare 55637 Hacking
Premier Family Medical 320000 Hacking
Conway Regional Health System 37000 Unauthorized data access
Northstar Anesthesia, P.A. 19807 Unauthorized data access
Renown Health 27004 Portable Electronic device
Wisconsin Diagnostic Laboratories 114985 Hacking

Such huge data breaches collectively induce a great impact on the country’s economy and reputation. A huge data breach named Anthem breach affected about 78.8 million people in 2017 which include not only the patients but employees too. The insurance company was subjected to $115 million by the lawsuits due to a sensitive data record breach. Hospitals, laboratories, insurance companies, and pharmacies should adopt dynamic measures to combat the risks of cyber-attacks and other unexpected ways of data breaches. Not only this, to comply with the local regulators and regimes, it is crucially important to implement security on the sensitive databases that can directly or indirectly impact the lives of customers and employees. The organizations that fail to comply with the regulations will have to suffer from harsh penalties and fines. 

Significance of Know Your Patient:

Taking into account the concept of Know Your Customer (KYC) , that is supposed to provide a defense line to the banks and financial institutions in the form of customer identification and verification not only to ensure online security and eliminating money laundering of businesses but to comply with local regimes and norms. Similarly, for the healthcare sector, there is dire need to take steps that can deter the risks of data breaches, taking further the concept of electronic KYC, KYP holds the same importance in the medical industry. Knowing patients should be a primary step to fight against cybercrimes, prescription fraud, and data breaches. For each patient, ensure the identity of the customer and introduce efficient processes to provide an actual patient with the prescription, test results, reports and documents. 

Fraudsters try to breach the hospital security system and use the real identity of the customer to get access to the identity relevant information which is then used for malicious purposes that can be dangerous for the customer. This is more common in the online systems where identity theft or credentials theft could lead to data breaches, also to verify the age before giving the prescription to customers is also important. These security checks form a reliable and reputable medical institution, that has implemented the cautions at the system’s end.

How KYP works?

Online identity verification is conducted for the Know Your Patient (KYP) process. For the online account opening of an online medical store or hospital portal, the system will ask the online customer to provide an official id document that could be an id card, passport or driving license, the one having a picture on it. Secondly, it would ask the patient to capture a selfie from webcam/ mobile phone and upload. The system would conduct face verification and verify the facial features of the picture on the provided document and face captured in real-time. If both matches, the system proceeds further. 

Age verification check is also embedded in the system that verifies the age of the customer and then prescribes medicines respectively. Age verification has certain parameters that ensure the actual age of a person through the supporting document. The details from the document are extracted and matched with the one user has entered into the portal. Not only this, customer screening is done against AML background checks and sanctions lists to make sure that the user’s name is not in any criminal record before. Hence, after these verifications, the patient’s account is opened. Regulatory authorities have taken data privacy and user rights serious. It is now the responsibility of each institution dealing with customer data, to install security software and online verification into their system. This can reduce the risks of the entrance of bad actors and actions in the system.

Online identity Verification – Its Use Cases to Prevent Online Medical Fraud

Technological advancement in digitization demands innovative solutions to perform digital identity proofing successfully. These solutions involve biometric authentication of identities online not only restricted to fingerprint scanning but extends to face verification providing better and robust user experience at the same time. A cost-effective solution to fight with fake identities and authenticating them against the argument that ‘they are the one who they say they are’. Taking into account the need for online identity verification in the healthcare sector, let’s have a look at the use-cases its cover.

  • Patient’s Data Privacy

The Health Insurance Portability and Accountability Act (HIPAA) has established a set of standards and guidelines to deal with the patient’s data. To secure sensitive information, these sets of instructions need to be followed by every medical institution on a serious note. The data flow should be monitored continuously to avoid any breach and maintaining the integrity of medical records. Any discrepancy can lead to severe harm to the patient. 

An organization that deals with Protected Health Information (PHI) needs to take measures to protect the personal and sensitive information of the patient. Otherwise, a data breach can result in harsh regulatory fines.

  • Age verification for online prescription

Online pharmacies need to verify the identity of the patient before shipping medicine to them. Also, age verification should be done by the online pharmacies and hospital portals to prescribe medicine to patients based on their age. There is age-restricted medicine in the stores which need proper age verification check, otherwise, it would be illegal to sell medicines to the under-age patients. Age verification can be performed using some official supported document that acts as evidence of legal age for a particular medicine. Keeping it streamlined for both the patient and doctor, a user-friendly verification system can help reduce online data frauds.

  • Insurance Fraud

Online data breaches which include a patient’s identity and data, once compromised do not only affect the patient financially but the insurance details can be used for fraudulent activities. A fraudster can use that information to enjoy medical insurance for himself, get the prescribed medicine, and claim the insurance with the medical insurance company. Identity theft can surely affect the health of the patient if it gets tempered by the thief. Medical history and payment records can also get affected.

The patient’s data is not less than an asset for the institution and patient itself. Before dealing with customers online, make sure it is an actual person. The confidential database should be properly taken care of to combat the online frauds and incidences of data breaches. Data integrity should be maintained to secure the association of correct data with the right individual. Identification of the need for Know Your Patient is important for the medical sector as KYC is important to financial institutions, this fact can surely contribute to the elimination of identity theft and ventures of data tampering.