Ensuring identification for patients online

Although patient identification has long been an issue within the hospital community, a new push in the conversion to electronic health records (EHRs) has added new challenges and solutions, according to the National Association of Healthcare Access Management (NAHAM), which references an article in “Government Health IT.” Some organizations, such as the Department of Defense (DoD), already are verifying the identity of their patients and other authorized users of their online system, MyHealtheVet. The DoD, however, has the luxury of a Veterans Administration database that includes all military personnel that would be accessing the system.

What health systems without pre-existing user databases should do is still up in the air, according to NAHAM. Privacy and security experts have not yet decided which methods of ensuring patient identity online are most effective and easiest to use. No matter the conclusion, however, most agree that it will still be necessary to verify patient credentials like a driver’s license, passport, or biometric identifier before allowing that patient to access their records online, NAHAM says.

Some states are implementing programs allowing access to partial records. Indiana’s State Department of Health, for example, has an online vaccination portal that allows parents to verify their children and view online immunization records. A parent must be registered by their child’s healthcare provider, and all access requests are monitored by a separate system.

Other businesses, such as identity card company Gemalto, are suggesting the use of SmartCards for patients. These cards, similar to the federal government’s Common Access (CAC) cards, will contain a chip with biometric information about the user.

A federal policy committee has provided three guidelines that should be followed when thinking about enabling online access. The access should require a username and password at the minimum, with the option for additional security if the user chooses. The protection should not be so difficult that it discourages patients from participating, and providers should look to the Office of the National Coordinator for Health Information Technology (ONC) for guidance on identification methods. While this guidance has not yet been provided, a team within the National Institute of Standards and Technology has directed the agency to work with the ONC in setting up best practices.

Find the original article from the “Government Health IT” website at http://bit.ly/SrXYVf.