Digital Identity's Unlikely Cure for Improving Patient Experiences

DZone 's Guide to

Digital Identity's Unlikely Cure for Improving Patient Experiences

Multi-factor authentication can help to improve patient and member experience. Check out this post to learn more about MFA and healthcare.

· Security Zone ·
Free Resource

Competition is heating up as cost pressures and value-based care models drive a continuous stream of consolidation through M&A in healthcare. A once-distributed landscape of local and regionally owned providers and insurers has become an industry defined by economies of scale, standardization, and competition across state lines:

  • The top 12 health insurance companies make up just over 50 percent of revenue in the American health insurance market. (1)
  • By 2024, "Only 50 percent of current health systems will likely remain," predicts a Deloitte analysis. (2)

To differentiate themselves from the competition, market leaders among payers and providers are turning to improved experiences. And here's another key stat for you: a whopping 91% of consumers say patient experience is either an extremely (55%) or a somewhat (36%) significant factor in health care decision making, according to the recent Consumer Perspectives on Patient Experience study. (3)

That's why many of today's healthcare payers and providers have entire teams dedicated to improving the experience across their health system. With consumers of healthcare acting more like those in retail every day, today's patient and member experience leaders are considering everything from redesigned waiting rooms to artificial intelligence (AI) to big data analytics solutions.

These are worthy efforts, no doubt, but one powerful treatment is often overlooked: multi-factor authentication (MFA).

Really? MFA? To Improve Patient and Member Experiences?

Delighting customers with unexpected value has long been a core tenant of improving experiences and customer satisfaction in many industries. As far as unexpected value goes, strong authentication as a means for improving patient and member experiences certainly falls into this category. So unexpected, in fact, that those tasked with balancing security and user experience are certain to scratch their heads at the notion of MFA security as an experiential value add.

But rather than thinking about MFA as a value-add on its own, healthcare's identity and security practitioners should, instead, be asking themselves how existing experiences could be improved and how new ones can be created, with the introduction of multi-factor authentication. The number of possibilities are, of course, dependent on the digital maturity of a given healthcare organization. But for those in the throes of digital transformation, the possibilities to improve patient and member experiences through MFA are limitless, including the ability to:

  • Transform identity verification
  • Modernize communication tactics
  • Improve patient and member access 
  • Support integrated healthcare delivery
  • Modernizing Communication Tactics

    Healthcare payers and providers have many reasons to communicate with members and patients. From appointment and billing reminders to updated claims information, there's no shortage of reasons. But confusion surrounding the HIPAA statutes covering PHI disclosure has obscured the delivery channels, often to the great frustration of those on the receiving end of these communications. To ensure compliance and privacy, many payers and providers now send vague emails and leave cryptic voicemails with instructions to call back or log into the health portal to receive information. Privacy has become a sort of "tax" on effective communication, and it's a drag on patient and member experiences.

    But it doesn't have to be. With MFA embedded in your organization's mobile application, you can achieve a modern, privacy-led approach to communication without the need for your customers to call back or log in (often paired with a "forgot username" or "password reset" flow). The same level of privacy can be achieved with a vague push notification, with only a fingerprint between the end user and their pertinent health update, greatly improving the experience and increasing the likelihood that the information is received.

    Transforming Identity Verification

    A wide variety of remote interactions with patients, members, and their health proxies often require over-the-phone verification of identity or relationship to the patient or policyholder. Before a contact center can disclose the status of a patient, check to see if a procedure is covered, or confirm the time of an appointment, knowledge-based authentication is used to prevent the incidental disclosure of PHI. These questions may require callers to confirm knowledge of policy numbers, account numbers, birthdates, and billing addresses, which aren't always readily available to those making the call. These interactions often result in frustrating experiences for those unable to gain access to what's often time-sensitive information.

    By embedding a modern authentication solution directly in a mobile application, healthcare organizations can enhance their security posture with a stronger second factor (possession vs. knowledge) while drastically improving the verification experience for patients and members.

    Improving Patient and Member Access

    Online health portals are evolving from digital centers for information access to interactive platforms that provide opportunities for real-time engagement. More and more, healthcare organizations are offering a range of owned and third-party applications and APIs providing self-service access to telehealth, drug cost estimation and digital health assistants. As payers and providers continue to expand the services and data available within these portals, consumers of healthcare will increasingly require seamless digital access to them.

    An adaptive multi-factor authentication solution provides multiple opportunities for making access more seamless and intuitive while maintaining the security of sensitive health data and services. Self-service capabilities of MFA that can improve patient and member access include:

    • Trusted devices: Healthcare consumers can manage a network of devices where push notifications can be sent for authentication and transaction approvals.
    • Forgotten credentials: Trusted devices can be used as a secure and convenient method of contextual authentication prior to permitting a username or password reset.
    • Transaction approvals: Higher-risk transactions such as ordering medication and bill payment can be approved with an out-of-band push notification.

    As health portals continue to increase in value to consumers of health care, ensuring members and patients can access these resources within the portal at all times will be essential to improving the overall experience.

    Supporting Integrated Healthcare Delivery

    In order to provide a high standard of care and service to their patients and members, healthcare organizations must provide access to PII and PHI to a diverse set of third-party medical specialists, claims adjusters and more. These necessary interactions introduce a higher risk of breach, which was recently summarized at the first meeting of the Provider Third Party Risk Management Council:

    "Supply chains are filled with third parties who support the care delivery process and require access to patient information. Properly vetting and monitoring these third parties is a major challenge, and in some cases, insurmountable for many organizations who simply don't have the expertise or resources."

    These challenges can exasperate patients and members who need a third party be able to access their information in a timely fashion. Many of today's processes for allowing third-party access are manual, involving the faxing back and forth of multiple forms requiring multiple sets of signatures. And if access isn't directly related to a medical emergency, these interactions can take days — if not weeks — to complete. By allowing patients to directly authorize access to their data by third parties through an MFA-initiated transaction approval flow, these permissions can be granted in seconds.

    These authorization flows can also extend to third-party applications and APIs that need access to patient and member data in order to provide a service. For example, an application tracking medication adherence might need access to the full list of medications prescribed to a patient. Assuming the data is organized according to HL7 standards and the data can be provided via an API, a 2FA transaction approval can replace much longer, time-intensive processes for approving the sharing of this data.

    An Experience Worth Sharing

    Word of mouth has long been one of the strongest methods used to attract new customers. The patient experience study referenced at the beginning of this blog also found that in 70% of the cases in which a patient had a positive experience, they would tell others. But as updated facilities and personalization become table stakes, payers and providers must seek out unique ways to delight their customers across the spectrum of care.

    Multi-factor authentication is broadly applicable to improving experiences through modernized communication methods, new ways to verify identity, improved access to online resources and the ability to quickly provide health-data access to third parties. To learn more about how you can improve your multi-factor authentication for customers, join us for our joint webinar with Iovation on September 25.

    (1) Hal Levy, "Best Health Insurance Companies (2018 edition)," Healthcare.com, January 30, 2018. (2) "The Great Consolidation," Deloitte website, accessed September 5, 2018. (3) Jason A. Wolf, "Consumer Perspectives on Patient Experience," The Beryl Institute, accessed September 5, 2018.
    digital identity ,healthcare ,multi-factor authentication ,security

    Published at DZone with permission of Andrew Goodman , DZone MVB. See the original article here.

    Opinions expressed by DZone contributors are their own.

    {{ parent.title || parent.header.title}}

    {{ parent.tldr }}

    {{ parent.urlSource.name }}