Although patient identification has long been an issue
within the hospital community, a new push in the conversion to electronic
health records (EHRs) has added new challenges and solutions. Some
organizations, like the Department of Defense (DoD) are already verifying the
identity of their patients and other authorized users of their online system,
MyHealtheVet. The DoD, however, has the luxury of a Veterans Administration
database that includes all military personnel that would be accessing the
system.
What health systems without pre-existing user databases
should do is still up in the air. Privacy and security experts have not yet
decided which methods of ensuring patient identity online are most effective
and easiest to use. No matter the conclusion, however, most agree that it will
still be necessary to verify patient credentials like a driver’s license,
passport, or biometric identifier before allowing that patient to access their
records online.
Some states are implementing programs allowing access to
partial records. Indiana’s State Department of Health, for example, has an
online vaccination portal which allows parents to verify their children and
view online immunization records. A parent must be registered by their child’s
healthcare provider, and all access requests are monitored by a separate
system.
Other businesses, such as identity card company Gemalto, are
suggesting the use of SmartCards for patients. These cards, similar to the
federal government’s Common Access or “CAC” cards, will contain a chip with
biometric information about the user.
A federal policy committee has provided three guidelines
that should be followed when thinking about enabling online access. The access
should require a username and password at the minimum, with the option for
additional security if the user chooses. The protection should not be so
difficult that it discourages patients from participating, and providers should
look to the Office of the National Coordinator for Health Information
Technology (ONC) for guidance on identification methods. While this guidance
has not yet been provided, a team within the National Institute of Standards
and Technology has directed the agency to work with the ONC in setting up best
practices.
You may find the original article from the Government Health
IT website here.