The Healthcare Information and Management systems Society (HIMSS) Patient Identity Integrity Work Group’s white paper entitled “Patient Identity Integrity” makes a compelling argument for the necessity of a national unique patient identifier. Truly effective identity management must be driven off a platform that allows scalable, accurate identity resolution and enrichment. This enables accurate linking, analytics and mining of all data related to a particular patient or entity, regardless of how similar that identifying information might be to another’s. This is required for accurate tracking of treatment, prescriptions and testing, disease management and fraud analytics.

Payors, providers and other stakeholders should be asking questions like, “Does the person accessing a particular benefit really exist? Are they truly who they say they are?”

Disambiguating, verifying and authenticating identities will become critical to the sustainability and effectiveness of health information and insurance exchanges. How are stakeholders ensuring that the person or provider using the insurance, filling the prescription online, or accessing the electronic medical record (EMR) remotely really is who they claim to be?

Wellpoint recently announced it will begin paying for online doctor visits, taking this concept out of the world of concierge medicine and solidly into the real world. Is logging on with a username and password sufficient to establish that it is in fact the patient on the other end of the consultation? Various forms of multi-factor authentication which are now readily available could and should be used to ensure the integrity of the identity remotely accessing services, including additional knowledge-based verification such as “out of wallet” questions that only the real patient would know. Remote biometrics can be used to further strengthen this process.

Once you have accurate, complete, linked information on the individuals and entities utilizing your network, now is the time to evaluate them –not after they take advantage of your lack of visibility into who they really are and how they are connected. The system should validate the identity against business rules and government regulations to determine if this person or entity is qualified to engage in the present transaction. Optimally, particularly at enrollment, the identity should be checked against criminal, sanctions, licensing and other public records to determine if there is an issue that they did not disclose, despite new rules requiring them to do so.

Finally, the system should either efficiently process the transaction or notify you through an alert that this identity appears to create a risk in this context. A major gap in identity security in many organizations is ongoing monitoring of relevant data that would affect eligibility to participate. Identity management should include ongoing monitoring and a system to alert the organization when data related to an identity indicates a new risk.