How payers are balancing patient engagement, data security

Health insurers are establishing innovative ways to provide better care and improve the overall patient experience, according to America’s Health Insurance Plans.

That’s why insurers are investing in patient portals, mobile apps, telehealth and other personalized tools, like those that focus on social determinants of health, says Cathryn Donaldson, director of communications at AHIP. The use of this technology improves care coordination, which leads to better outcomes and higher patient satisfaction.

In light of all the technological advances for engaging members, cybersecurity expert Erin Benson, director of market planning at LexisNexis Risk Solutions asks, “Is your security and identity management strategy ahead of the next big threat?”

Data is now front-and-center when it comes to digital health, Benson said in a recent podcast. Portals and apps are some of the ways in which patients are taking control of their health, and yet the dilemma for providers and insurers becomes how to deploy the appropriate identity risk management technologies while not adversely impacting portal adoption or the broader consumer experience.

Advancements have created more opportunities for data to be intercepted, stolen or altered, Benson says.

LexisNexis is using layered security to help protect patient information. “Identification layers build confidence,” Benson says.

With layers of security, various authentication techniques are applied, some easy and some more difficult, with what Benson calls “friction.” Legitimate users will experience less friction while authenticating, while fraudulent users will have to come up with more time-consuming and difficult authentication. Examples include, frictionless entering of email or phone numbers for security. Then more difficult answering of knowledge-based quizzes and the provision of licenses and passports, causing friction.

Benson-Erin-CROP.jpg

A white paper, entitled, “Patient Identity Management: A Dose of Patient-friendly Security for Medical Providers,” published by LexisNexis Risk Solutions warns, “Granting initial access to remote patients or providers is one thing but facilitating simple and user-friendly repeat access management and password resets is wholly another.”

The paper advises that a best-practice approach goes beyond a simple username and password authentication to using two or more aspects of the enrolled user’s identity to validate their identity.

Another technique for security deployed by LexisNexis is the matching and cleansing of patient data, that is then given a unique identifier to create “one golden record.” This identifier can prevent mismatches, which could lead to incorrect information in a patient’s record further down the road, Benson says.

For reprint and licensing requests for this article, click here.