Dean Nicolls, Vice President of Marketing, Jumio, kindly shares his thoughts with Hospital Hub...
According to a recent report, a fifth of all data breaches in 2018 occurred in the health industry. And hospitals are most certainly not immune to this threat. Take for example the Countess of Chester Hospital, which recorded 238 data breaches in the last year alone, and if we look back to the NHS ransomware attack in 2017, hospitals were the number one victim.
One key problem in the healthcare space, according to the report, is phishing. This is whereby fake emails that look legitimate are sent to users to dupe them into entering their email addresses and personal details. In this scenario, those freshly stolen details can then be used to login to the real user’s cloud-based mail account and, as a result, any medical record in the inbox is then compromised.
What’s more, medical records and data can also be sold on the dark web where they command an incredibly high value, simply down to the fact that there is far more personal information attached to health records. Given the scope of the issue within the health space and the resulting ease at which a patient can be impersonated, it has never been more important for hospitals to properly vet and verify their patients online to ensure they are who they claim to be.
The growing need for online identity verification
There are a number of clear reasons for online identity verification in the healthcare space, but perhaps most importantly for hospitals, is in the automation of data capture during patient intake. Hospitals are under immense pressure to automate onboarding processes as verifying new patients, in most cases, is still a manual and time-consuming process. However, even with this automation, there is still the need to ensure a patient being onboarded is who they claim to be. If a patient’s data has been stolen, they could use their name and NHS number to see a doctor, get prescription drugs, file claims with an insurance provider, or get other care.
Having the power to verify patient identities accurately allows hospitals and other practices to confirm that any given record is accurate and up to date and gives them the peace of mind that their patient data isn’t being used by malicious hackers or fraudsters.
Utilising the strongest form of online identity verification
It is vital for hospitals to get the verification process right for patients online. Luckily, advances in digital identity proofing and biometric-based authentication technologies provide a great way to deliver this security and assurance in smarter, simpler and more cost-effective ways and address the urgent verification need.
So how could this work? Firstly, a patient — if they are new to the system — would be asked to capture a picture of their government-issued ID, like a passport or driving license, through the camera on their smartphone or a computer webcam. This would then be followed by taking a live selfie, whereby a 3D ‘facemap’ (i.e. a digital representation of a person’s face) is created – this ensures that the person behind the ID is the actual person registering and physically present.
The technology then ensures the ID is authentic and that the patient’s selfie matches the picture on the ID. After an online registration has been completed, hospitals and the wider healthcare community, including pharmacies and laboratories, could approve future online prescriptions and treatment requests by capturing a new 3D face map of the patient with a fresh selfie which is automatically compared to the 3D face map captured at enrolment to reliably authenticate the patient.
The risk of patient data being compromised through phishing attacks is a clear concern for the healthcare industry as a whole. Therefore, it is critical that hospitals, and other health organisations, ensure that patient data being used at any point is that of the real patient. Advances in technology, biometrics and AI hold the key to creating a safe and secure ecosystem and ensures that hospitals provide the same care to their patient data as they do to the patients themselves.