Know Your Patient (KYP)

The healthcare sector is more vulnerable to data breaches than any other industry. This is due to the fact that medical databases contain highly sensitive information including the patient’s personal information, medical history data, health insurance details, etc. Criminals are very much interested in stealing such kind of data as it can be easily used to perform malicious activities by them.

Statistics reveal that around 34% of healthcare data breaches occur due to unauthorized or uncontrolled data access. According to HIPPA, between 2009 and 2019 there have been a total of 3,054 healthcare data breaches, resulting in the loss, theft, exposure, or leakage of 230,954,151 medical care records. Such massive data breaches collectively induce a great impact on the hospital’s revenue and reputation.

What is Know your Patient (KYP)?

Know your patient (KYP) or also known as patient verification is another name of Know Your Customer (KYC) modified in terms of the healthcare industry. KYP is performed to verify the true identity of a patient to reduce the risk of medical identity theft-related crimes, and misuse of the patient’s identity information.

Why are KYP checks performed?

Hospitals, insurance companies, pharmacies and laboratories should perform KYP checks to combat the risk of cyber-attacks and other unexpected data breaches. The theft of sensitive data breaches can pave way for identity fraud cases in the future. Furthermore, they are required to carry out these checks to comply with the regulatory requirements imposed by their local authorities. Failing to achieve compliance can result in heavy penalties and sanctions, as indicated in the example below.

Anthem data breach

In 2015, a massive data breach named Anthem breach affected about 78.8 million people including not just the patients but employees as well. For that, the insurance company later had to face $115 million in lawsuits due to a sensitive data record breach.

Significant KYP laws

Patient’s identity verification and data protection is the regulatory obligation for all healthcare service providers under laws such as HIPAA and HITECH of the United States, the NHS Regulation of England and the GPHC guidance of the UK.

Automated KYP process

For online identity verification of individuals trying to open an account in a hospital portal or a drug store, the organization has to first integrate their website/web portal or app with identity verification and age verification solution. After the integration process, the patient is verified through his/her identity document by performing the following operations. 

• The online customer has to take a selfie of their face along with their identity document.
• The AI-based verification system detects and extracts the information from the ID document and matches it with the one provided in the form
• Biometric authentication is performed via 3D depth perception & liveness detection to verify facial identity.

The age verification of the patient is also performed after verifying the date of birth from the identity document.

Data breaches in the healthcare industry

The cause of the data breaches that happen in this industry is either the results of hacking of system/server, theft, and unauthorized access to patient data or disclosures. The following are few of the large data breaches that happened in medical organizations including insurance companies, pharmacies, healthcare providers and pharmaceuticals.

Significance of KYP verification

Patient verification procedures can help the healthcare industry in the following ways;

• Fight medical identity fraud
• Patients data privacy
• Age verification for online prescription
• Protection against insurance fraud
• Curb illegal drugs selling