Two-factor authentication with smart card tech to combat medical identity theft

By EgovAsia Editors | Apr 27, 2010

Thumbnail: 

The Smart Card Alliance Healthcare Council released a new brief on the rising threat of medical identity theft, calling for the use of two-factor authentication with smart card technology as the ideal way to protect patient identities and information.

According to a recent Ponemon Institute study, nearly 1.5 million Americans have been victims of medical identity theft with an estimated total cost of $28.6 billion. This is approximately $20,000 per victim. Though recent legislation, like the American Recovery and Reinvestment Act (ARRA) and the associated provisions under the Health Information Technology for Economic and Clinical Health (HITECH) Act, highlights the need to address privacy and security across the U.S. healthcare system, no controls have been put in place to assure that patient information is always protected.

"The individuals whose medical identities are stolen have to deal with lingering effects, like erroneous medical expenses, problems with insurance, and incorrect data on their medical records that can lead to potentially fatal medical errors," said Randy Vanderhoof, executive director of the Smart Card Alliance. "To prevent this, patients need an unambiguous way to identify themselves to their healthcare provider when accessing patient records or requesting healthcare services, whether it be in person or over a network. This brief explains how two-factor authentication with smart cards can accomplish this, and decrease medical identity theft."

In "Medical Identity Theft in Healthcare," the Smart Card Alliance Healthcare Council describes how two-factor authentication with smart card technology allows patients and providers to securely access personal health information. Smart card technology is a proven technology, already used in U.S. electronic passports, and in the U.S. federal government's employee ID cards that are used to access the nation's most secure computer networks and facilities. The technology includes a tamper-resistant chip with security software that can be embedded into a card, token or mobile device (like a mobile phone). The smart card protects the patient's medical identity; they can use it to securely store personal health information, authorize provider access to that information, and securely transmit data to healthcare systems.

"As the Healthcare Council is comprised of industry professionals from all parts of the healthcare sector, we have a unique perspective on the issues facing the industry and have a great forum to collaborate on possible solutions. This is especially important as healthcare moves quickly toward electronic records, and ready solutions are needed to address the security and privacy challenges ahead," said Paul Contino, vice president of Information Technology at Mount Sinai Medical Center and chair of the Smart Card Alliance Healthcare Council, which published this report. "Readers of this brief will come away with an understanding of how identity and authentication solutions based on smart card technology can provide an ideal foundation for improving the security and privacy of health information systems and electronic health records."