The sudden surge into this new virtual world has brought its fair share of benefits. I enjoy the flexibility of working remotely, and you can’t beat the convenience of online grocery shopping. Thank you, curbside pickup! In healthcare, there are clear advantages to virtual interactions, whether it be providers reducing exposure or payers increasing engagement. But as virtual care continues to soar, overly strict identity verification standards, while well-intended, can create significant barriers to care and negatively impact health equity.
Prior to the influx of virtual visits and remote care, identity verification was relatively simple. Most of the care was done in person, and patients would simply hand over their ID and insurance card and then fill out the clipboard full of intake forms. While other industries, like banking, invested in more sophisticated ways to remotely verify someone’s identity, healthcare fell behind. Despite having equally sensitive data, healthcare failed to prioritize the importance of interacting with consumers digitally. Now, thanks to Covid-19, we do not have a choice.
Many healthcare organizations engaging patients virtually are turning to IAL2 requirements, the standard approach for remote identity proofing set by the National Institute of Standards and Technology (NIST). The same requirements are in place for consumers trying to access their health information from insurance providers. While IAL2 accomplishes its goal of ensuring a high level of security, it creates a lot of friction for the user. Among other things, IAL2 requires patients to submit an electronic copy of a government-issued ID. This creates a burdensome barrier for some vulnerable patient populations as they may not have a government-issued ID or access to a scanner or smartphone to upload their government-issued ID into the system. The challenge is amplified when you consider undocumented immigrants, the homeless population, and victims of catastrophic events like a house fire or the recent Hurricane Ian. IAL2 creates a barrier that disproportionately affects marginalized communities, and it is time to consider alternate forms of identity verification in healthcare where access is paramount.
While IAL2 has its time and place, it does not need to be used in every remote identity assurance interaction. There are other forms of verification that balance the need for strict security with ease of access. One option is to use solutions like Emailage or Phone Finder, which leverage a referential dataset to confirm that the patient is associated with the email address and phone number that he or she provided. Another possibility is to capture a profile photo to confirm biometrics as another reference to authenticate someone’s identity. Now is that as strong as IAL2? Absolutely not. But it is a sweet spot between securely and accurately verifying someone’s identity without creating barriers to care that disproportionately impact certain pockets of the community. In healthcare, we are responsible for weighing security and access equally to ensure a system that works for all who need care.
