Effective Healthcare Identity Management: A Necessary First Step for Improving U.S. Healthcare Information Systems
Publication Date: March 2009
Government policy makers are looking carefully at the best ways to improve the efficiency of information systems in the healthcare industry. Much emphasis has been placed on the need for electronic health records for every American, and at ways to exchange those records at the regional, state and national levels.
But this is putting the cart before the horse. Such an effort must start with the accurate identification of each person receiving healthcare services or participating in healthcare benefit programs. Next, there must be a way to uniquely and securely authenticate that person across the healthcare system, including over the Internet, in a secure and privacy sensitive way.
This brief introduces the current problems with healthcare identity management, security and privacy, and proposes leveraging existing federal standards and technologies already used in other government identity programs. The Healthcare and Identity Councils of the Smart Card Alliance, a non-profit public/private partnership organization whose members include healthcare providers, government users and technology providers, prepared the brief.
What is the state of healthcare identity management and authentication today?
While dependably accurate identification and authentication seems like something that should already exist in healthcare, it does not. Accurately linking patients with their personal medical information is a significant problem today for hospitals, other healthcare providers and healthcare payers, including the government.
What causes the problem?
Failure to collect complete patient information at registration, redundant information entry, language barriers, common names, misspellings or phonetic spellings can all lead to errors and improper patient identification. A recent report sponsored by the U.S. Department of Health and Human Services, “Medical Identity Theft Report,”  stated that little is done to authenticate the identity of individuals throughout healthcare and concluded that medical identity theft is a significant problem and that consumers have the most to lose. Other studies by Rand Corporation  and Booz Allen Hamilton  support this.
What are the impacts and costs of the problem?
How does identity management impact efforts to improve healthcare information management?
The current approach to improving healthcare information management focuses on exchanging patients’ electronic medical records over the Internet at the regional and state level via Health Information Exchanges (HIEs) and Regional Health Information Organizations (RHIOs), then connecting the nation’s HIEs and RHIOs to form the National Health Information Network (NHIN). Correctly identifying individuals – and protecting their privacy – in these exchange networks will be harder, not easier, than it is today. A healthcare identity management infrastructure needs to be the cornerstone that is put in place to achieve the real benefits of improving healthcare and better controlling costs.
What is the best way to implement healthcare identity management?
An identity and authentication solution based on smart card technology provides the best foundation for improving healthcare information systems in a secure, privacy sensitive way. This foundation can be put in place without reinventing the wheel. The federal government has already established a set of best practices, standards and technology solutions for smart card-based identity management and authentication that can be adapted to healthcare.
What is the advantage of using smart card technology?
A smart card is a card with a small computer in it. Unlike magnetic stripe or RFID cards, the smart card’s computer provides high levels of security and privacy protection, making the technology ideal for complying with HIPAA  and preventing fraud. Smart cards can be readily used online and across networks and deliver very high levels of security over the Internet. Smart cards are also very convenient and easy for people to use.
 “Medical Identity Theft: Final Report,” Booz Allen Hamilton report prepared for the U.S. Department of Health and Human Services, January 15, 2009
 “Identity Crisis: An Examination of the Costs and Benefits of a Unique Patient Identifier for the U.S. Health Care System,” Rand Corporation, 2008
 “Medical Identity Theft: Environmental Scan,” Booz Allen Hamilton report prepared for the U.S. Department of Health and Human Services, October 15, 2008
 “In-Hospital Deaths from Medical Errors at 195,000 per Year, HealthGrades Study Finds,” HealthGrades, July 2004
 “Identity Crisis,” Robin Hess, For The Record, January 17, 2005
 “Stanching Hospitals’ Financial Hemorrhage with Information Technology,” J. Pesce, Health Management Technology, August 2003
 “Surefire strategies to reduce claims denials,” K. Atchinson, Healthcare Financial Management, May 2003
 “A Healthcare CFO’s Guide to Smart Card Technology and Applications,” Smart Card Alliance, February 2009
 “The Problem of Health Care Fraud,” National Health Care Anti-Fraud Association
 “HIPAA Compliance and Smart Cards: Solutions to Privacy and Security Requirements,” Smart Card Alliance. September 2003
About the Smart Card Alliance Health and Human Services and Identity Coucils
The Smart Card Alliance Health & Human Services Council brings together human services organizations, payers, healthcare providers, and technologists to promote the adoption of smart cards in U.S. health and human services organizations and within the national health IT infrastructure. The Health & Human Services Council provides a forum where all stakeholders can collaborate to educate the market on the how smart cards can be used and to work on issues inhibiting the industry.
The Identity Council is focused on promoting the need for technologies and usage solutions regarding human identity information to address the challenges of securing identity information and reducing identity fraud and to help organizations realize the benefits that secure identity information delivers. The Council engages a broad set of participants and takes an industry perspective, bringing careful thought, joint planning, and multiple organization resources to bear on addressing the challenges of securing identity information for proper use.
health IT, medical identity theft, medical error, healthcare information systems, healthcare identity management, healthcare fraud, national health information network, HIPAA, smart card, smart cards, privacy, security