Who Are You Again?

Who Are You Again?One of the great challenges in providing connected portals for patients is proving that the person using the portal is the person he/she claims to be.  It’s a problem known as identity proofing and getting it right or wrong greatly impacts the success of your portal.

The American Health Information Community (AHIC) looked into this challenge in 2007 through its Confidentiality, Privacy and Security (CPS) workgroup. We’re starting to see how some of these approaches are applied in real-world solutions.

The gold-standard for identity proofing is to have the patient appear, in person, with one or more government-issued photo identifications.  This is nearly foolproof, but it’s also impractical and a significant barrier to adoption. And even when incorporated into a visit to the hospital or physician office, consumers are often not interested in the portal solution at that time or they’ll forget they have an account, login, and password.

Google Health approaches this with a solution that is a virtual parallel to the presentation of identification.  To link a Google Health account to your hospital, lab or pharmacy, Google trusts the other facility’s judgment in connecting the accounts.  Most of us have seen this approach applied with Facebook or Twitter.  When you sign up for a related application, they often authenticate by passing you to Facebook, having you sign into your Facebook account, and then granting you rights or authorizing a link for the initiating application.

This is a good approach, but it still leaves the problem of authentication to the hospital, lab or pharmacy.  If that’s you, where does that leave you?

One approach is to send information that will allow the patient to connect accounts together to a known address.  Vanguard Investments takes this approach.  It’s more convenient than appearing in person, but it takes a great deal of time and is still inconvenient.

A more practical approach involves a challenge-response system requiring the patient to provide answers to several questions that presumably only they would know.  To be valid, this is needs to be a deeper interrogation than simply providing a mother’s maiden name or the name of your first pet.

You may have experienced this type of authentication procedure if you’ve requested your credit report online.  This is the approach that Kaiser-Permanente has taken with its KP.org patient portal.  Patients answer five questions in order to authenticate themselves.

As we see more applications taking on this challenge, this is currently the most practical approach to keeping clinical information secure while still engaging patients in their care.

Plusone Twitter Facebook Email Stumbleupon Pinterest Linkedin Digg Delicious Reddit
This entry was posted in Consumer Expectations, Patient Portal, Tradeshow/Conference by Ben Dillon. Bookmark the permalink.
Ben Dillon

About Ben Dillon

Ben’s a big picture type of guy. He loves sharing new ideas in digital marketing, keeping a watchful eye on healthcare industry trends and seeing how it all intersects. A sought-after speaker, writer, blogger and current SHSMD board member, Ben’s an influential voice in healthcare marketing, helping organizations across the country embrace online strategies to engage health consumers. Combine his industry savvy with his background in software development and you can see why he’s also an important member of Geonetric’s software team, ensuring our content management system stays a step ahead of market needs. Ben holds a master’s degree in eBusiness and strategic management from the University of Iowa and a bachelor’s degree in computer engineering from the University of Michigan. When he’s not traveling and evangelizing, Ben enjoys cooking with his family and playing the Big House with the University of Michigan Alumni marching band.

Leave a Reply

Your email address will not be published.

Time limit is exhausted. Please reload CAPTCHA.