Image by 123RF
By Shai Cohen, Sr. VP of Global Fraud Solutions at TransUnion
The digital transformation of the healthcare industry has generated significant benefits for both patients and providers, in the form of greater efficiency, improved cross-team collaboration and better care. But, not surprisingly, all this digital patient data has proved a tempting target for fraudsters.
Healthcare data commands a premium on the dark web. As an example, the value of a medical record is considered up to 10 times more valuable than a credit card account number. That’s because criminals can use stolen medical insurance information not only for traditional identity theft schemes, but can also fraudulently obtain treatment, drugs, or most profitably, submit false claims to insurers.
The National Health Care Anti-Fraud Association estimates that at least 3% of annual healthcare expenditures are fraudulent, and some government and law enforcement sources suggest that the figure could be as high as 10%. While the lion’s share of direct financial losses may be borne initially by the insurance industry, they ultimately affect the entire healthcare ecosystem, raising costs for everyone. Fraud also erodes trust, of course. Consumers expect providers to protect their personal and medical information, and failure to do so can lead to significant regulatory penalties.
In a digital world, though, it’s often difficult to confirm the identity of the person on the other end of a transaction. Electronic health records and online patient portals offer convenience and a positive user experience. In the face of increasingly sophisticated attacks from fraudsters however, how do healthcare organizations protect their patient data from account takeovers and prevent the unauthorized disclosure of personal information without creating undue friction for legitimate users?
New approaches to authentication
To find the right balance between fraud prevention and patient experience, providers are increasingly implementing new authentication technologies that draw on data analytics.
In the past, digital authentication solutions generally focused narrowly on a few key pieces of data, or on limited data linkages, but the same explosion of data that has created new targets for criminals has also enabled vastly more effective tools to fight fraud.
Today’s device proofing solutions not only help corroborate the personal information users submit against authoritative online and offline consumer data, but they analyze the strength of the linkages between online, offline, behavioral and device-based elements (location, IP address, browsing habits, phone activity, etc.). This assessment of the trustworthiness of a user’s digital identity takes place instantly and invisibly in the background, allowing legitimate patients — the vast majority of users — to efficiently pay for a service online, log in to the patient portal to view their medical records or have their call answered without the need for extensive identity interrogation. Interactions flagged as potentially problematic (say, because the phone has recently had a SIM card swap) can be subjected to further verification.
These passive authentication practices can significantly reduce both fraud and manual reviews, saving healthcare organizations time and money. And because the intelligence allows organizations to accurately identify and segment high-risk interactions, providers are able to treat their patients as valued individuals rather than potential fraudsters.
Enhancing the patient experience
Integrated identity verification supports an improved patient experience via many channels, including the phone. When patients call in, they are often under stress — either because of their health situation itself or because they’ve encountered a billing issue with their health plan and face unexpected financial costs. Adding a frustrating customer service experience, such as a declined credit card payment or having to answer seemingly endless questions to prove their identity, can be the final straw that drives them elsewhere (or to social media to vent).
Inbound call intelligence can help analyze a caller’s phone number and device data to confirm the authenticity of the call pre-answer, before the caller reaches the IVR or customer service agent. This again allows high-risk calls to be flagged while calls from confirmed trusted callers (such as patients, for example) proceed unimpeded. Knowing in advance that the caller is who they say they are reduces the amount of time needed for identity interrogation, shortening call handle times and allowing patients to receive help more quickly.
Knowledge-based authentication via security questions may still be used for less trusted calls, but call intelligence adds a further layer of security, which is particularly important now that much of the personal information used for verification (birth date, mother’s maiden name, etc.) is widely available on the dark web and from public records and social media.
Enabling right-channel communications
To maximize the benefit from these tools, providers should ensure that their patient contact information is always up to date and includes multiple contact channels. Managing data in a CRM system can be challenging, as many patients have infrequent contact with their providers and are unlikely to notify them promptly if they move or change their phone number or email address. For this reason, many providers are increasingly using third-party telephone number management and intelligence services, which gather information in the background from a variety of vetted sources to help them manage and update this ever-changing data.
Ensuring the efficiency and actionability of records helps to reduce the risk of disclosing personal or protected health information to unintended recipients, and it also enables providers to contact patients via their preferred channel. Incorporating phone behavior intelligence gives providers insight into which number a patient uses most often and what time of day they are most likely to respond. Contacting an individual at the right time on the right device helps to increase answer rates and saves staff time.
Fraudsters will always look for ways to access personal information, whether through cyberattacks or social engineering, but healthcare providers can strengthen their defenses with tools that help protect personal and medical information while at the same time boosting efficiency and enhancing the patient experience.
Healthcare Business Today is a leading online publication that covers the business of healthcare. Our stories are written from those who are entrenched in this field and helping to shape the future of this industry. Healthcare Business Today offers readers access to fresh developments in health, medicine, science, and technology as well as the latest in patient news, with an emphasis on how these developments affect our lives.