BEFORE YOU GO...

Check how Shufti Pro can verify your customers within seconds

No thanks

Blog

Know Your Patient: Anti-Fraud Pill for Healthcare Industry

Richard Marley
September 24, 2019
7 minutes read
3223

Know Your Patient: The healthcare industry is more prone to data breaches than any other industry. About 30% of large data breaches have been recorded over the last decade that has affected millions of employees and customers. These data breaches have multiple forms, they vary from credentials stealing to purposefully data disclosure to stolen devices. The medical databases contain highly sensitive information that is not only related to the patient’s personal information but also sensitive information which includes medical history, health insurance details, etc. This data is of much interest to cybercriminals who steal data and use it for malevolent purposes. Statistics show that 34% of healthcare data breaches are the result of unauthorized or uncontrolled data access. Records are also compromised because due to the ransomware and malicious executables that fraudsters inject into the system and hack all data.

A bunch of data breaches has been recorded in the U.S. These are either the results of system/server hacking, theft, and unauthorized data access or disclosures. The following are some of the large breaches that happened in medical institutions which include insurance companies, healthcare providers, pharmacies and pharmaceuticals.

Affected Entity	Affected People	Type of Breach
Magellan Healthcare	55637	Hacking
Premier Family Medical	320000	Hacking
Conway Regional Health System	37000	Unauthorized data access
Northstar Anesthesia, P.A.	19807	Unauthorized data access
Renown Health	27004	Portable Electronic device
Wisconsin Diagnostic Laboratories	114985	Hacking

Such huge data breaches collectively induce a great impact on the country’s economy and reputation. A huge data breach named Anthem breach affected about 78.8 million people in 2017 which include not only the patients but employees too. The insurance company was subjected to $115 million by the lawsuits due to a sensitive data record breach. Hospitals, laboratories, insurance companies, and pharmacies should adopt dynamic measures to combat the risks of cyber-attacks and other unexpected ways of data breaches. Not only this, to comply with the local regulators and regimes, it is crucially important to implement security on the sensitive databases that can directly or indirectly impact the lives of customers and employees. The organizations that fail to comply with the regulations will have to suffer from harsh penalties and fines.

Significance of Know Your Patient:

Taking into account the concept of Know Your Customer (KYC) , that is supposed to provide a defense line to the banks and financial institutions in the form of customer identification and verification not only to ensure online security and eliminating money laundering of businesses but to comply with local regimes and norms. Similarly, for the healthcare sector, there is dire need to take steps that can deter the risks of data breaches, taking further the concept of electronic KYC, KYP holds the same importance in the medical industry. Knowing patients should be a primary step to fight against cybercrimes, prescription fraud, and data breaches. For each patient, ensure the identity of the customer and introduce efficient processes to provide an actual patient with the prescription, test results, reports and documents.

Fraudsters try to breach the hospital security system and use the real identity of the customer to get access to the identity relevant information which is then used for malicious purposes that can be dangerous for the customer. This is more common in the online systems where identity theft or credentials theft could lead to data breaches, also to verify the age before giving the prescription to customers is also important. These security checks form a reliable and reputable medical institution, that has implemented the cautions at the system’s end.

How KYP works?

Online identity verification is conducted for the Know Your Patient (KYP) process. For the online account opening of an online medical store or hospital portal, the system will ask the online customer to provide an official id document that could be an id card, passport or driving license, the one having a picture on it. Secondly, it would ask the patient to capture a selfie from webcam/ mobile phone and upload. The system would conduct face verification and verify the facial features of the picture on the provided document and face captured in real-time. If both matches, the system proceeds further.

Age verification check is also embedded in the system that verifies the age of the customer and then prescribes medicines respectively. Age verification has certain parameters that ensure the actual age of a person through the supporting document. The details from the document are extracted and matched with the one user has entered into the portal. Not only this, customer screening is done against AML background checks and sanctions lists to make sure that the user’s name is not in any criminal record before. Hence, after these verifications, the patient’s account is opened. Regulatory authorities have taken data privacy and user rights serious. It is now the responsibility of each institution dealing with customer data, to install security software and online verification into their system. This can reduce the risks of the entrance of bad actors and actions in the system.

Online identity Verification – Its Use Cases to Prevent Online Medical Fraud

Technological advancement in digitization demands innovative solutions to perform digital identity proofing successfully. These solutions involve biometric authentication of identities online not only restricted to fingerprint scanning but extends to face verification providing better and robust user experience at the same time. A cost-effective solution to fight with fake identities and authenticating them against the argument that ‘they are the one who they say they are’. Taking into account the need for online identity verification in the healthcare sector, let’s have a look at the use-cases its cover.

Patient’s Data Privacy

The Health Insurance Portability and Accountability Act (HIPAA) has established a set of standards and guidelines to deal with the patient’s data. To secure sensitive information, these sets of instructions need to be followed by every medical institution on a serious note. The data flow should be monitored continuously to avoid any breach and maintaining the integrity of medical records. Any discrepancy can lead to severe harm to the patient.

An organization that deals with Protected Health Information (PHI) needs to take measures to protect the personal and sensitive information of the patient. Otherwise, a data breach can result in harsh regulatory fines.

Age verification for online prescription

Online pharmacies need to verify the identity of the patient before shipping medicine to them. Also, age verification should be done by the online pharmacies and hospital portals to prescribe medicine to patients based on their age. There is age-restricted medicine in the stores which need proper age verification check, otherwise, it would be illegal to sell medicines to the under-age patients. Age verification can be performed using some official supported document that acts as evidence of legal age for a particular medicine. Keeping it streamlined for both the patient and doctor, a user-friendly verification system can help reduce online data frauds.

Insurance Fraud

Online data breaches which include a patient’s identity and data, once compromised do not only affect the patient financially but the insurance details can be used for fraudulent activities. A fraudster can use that information to enjoy medical insurance for himself, get the prescribed medicine, and claim the insurance with the medical insurance company. Identity theft can surely affect the health of the patient if it gets tempered by the thief. Medical history and payment records can also get affected.

The patient’s data is not less than an asset for the institution and patient itself. Before dealing with customers online, make sure it is an actual person. The confidential database should be properly taken care of to combat the online frauds and incidences of data breaches. Data integrity should be maintained to secure the association of correct data with the right individual. Identification of the need for Know Your Patient is important for the medical sector as KYC is important to financial institutions, this fact can surely contribute to the elimination of identity theft and ventures of data tampering.

Disclaimer: No warranty is herein provided that the information contained in this document is accurate, up-to-date, and/or complete. In no circumstance(s), does such information constitute legal or any other advice. Any person who intends to use, rely, pass-on, or re-publish the information contained herein in any way is solely responsible for the same. We suggest to verify the information and/or obtain expert advice independently if required.

Latest News

News
Lloyds Bank Charged with £500K Fine for Breach of Financial Regulatory Standards
Significance of Know Your Patient:
How KYP works?
Online identity Verification – Its Use Cases to Prevent Online Medical Fraud
Lloyds Bank corporate markets jersey received a fine of £498,000 in relation to the dealings with the correspondent baking relationship

An arrangement whereby one financial institution offers banking services to another is known as a correspondent banking relationship, and Lloyds Bank Corporate Markets Jersey has been fined in connection with its dealings with this particular relationship.

On Friday, the Jersey Financial Service Commission disclosed that LBCM had been assessed a civil fine of £498,000.

The Lloyds branch accepted the regulator’s ruling but asserted that their internal inquiries had found no evidence of financial criminality connected to the relationship. The Chief Executive Officer Alasdair Gardner stated that we accept that not fully adhering to the regulations relating to the managing of the correspondent banking arrangement was unacceptable.

He further added: “The breaches related to one customer relationship with another Jersey financial institution. While the breaches exposed us to increased risks of financial crime, we conducted our own internal review and did not identify any financial crime as having occurred, or any customer losses from the matters identified. We are pleased that the JFSC has also acknowledged our strong compliance record prior to this matter. The JFSC also recognised our full co-operation with their process.”

According to the regulator, LBCM failed to apply suitable controls with respect to anti-money laundering and the fight against the financing of terrorist systems, as well as to effectively identify the correspondent banking relationship.

It lasted from 2006 until October 2021 and involved a bank with overseas incorporation.

According to a statement from the JFSC, “LBCM, Jersey Branch, viewed the relevant connection as a routine commercial customer.” A correspondent banking arrangement may have risk elements for financial crime.

The JFSC thus places great importance on registered people recognising correspondent banking arrangements and making sure that any higher risk concerns are properly analysed and managed, with strong procedures and controls in place.

According to the regulator, LBCM decided to settle early on and was eligible for a 50% reduction in the fine. Without this reduction, the business may have been required to pay a fine of around £1 million.

Jill Britton, director general of the JFSC, stated that “LBCM, Jersey Branch, failed to identify the correspondent banking arrangement over a protracted time.”

“Whilst the nature of this correspondent banking activity did not present the highest risks typically associated with correspondent banking relationships, AML/CFT [Anti-money laundering/countering the financing of terrorism] failures can undermine the integrity and stability of Jersey’s financial services industry.”

“Registered persons must ensure they have effective systems and controls across their business activities to prevent and detect financial crime. The JFSC took account of LBCM, Jersey Branch’s strong compliance record prior to this matter, its remediation of the issues and its full cooperation in this process. LBCM, Jersey Branch, no longer provides any correspondent banking services.”

Suggested Read: FSA Imposed £247,324 Fine on Standard Bank for “Serious Regulatory Failings”

Know Your Patient: Anti-Fraud Pill for Healthcare Industry

Significance of Know Your Patient:

How KYP works?

Online identity Verification – Its Use Cases to Prevent Online Medical Fraud

Patient’s Data Privacy

Age verification for online prescription

Insurance Fraud

Victimization of NPOs and Charity Organizations

Why NPOs Should Enforce KYD Measures

Frauds Involved in NPOs and Charities

Illegal Fundraising

Fake Invoicing

Charity Through Stolen Credit Cards

Role played by International Actors to Curb Charity Frauds

USA

FATF

UK

Protecting NPOs through KYD Measures

How Shufti Pro Can Help

Let’s prove your

customer’s identity

with Shuftipro.

Let’s prove your customer’s

identity with Shuftipro.