No matter what your political leanings may be, nearly everyone can agree that the roll out of the Affordable Care Act, more commonly known as Obamacare, has been a complete boondoggle. Whether it’s the government’s inability to keep the online health exchange website up and running or the fact that millions of Americans have had their current health insurance plans cancelled, nothing has thus far seemed to go right for President Obama’s signature piece of legislation.
Perhaps overshadowed by these aforementioned issues are provisions within the law related to reigning in fraud and abuse in Medicare, Medicaid and private insurance. Like other parts of the Affordable Care Act, these regulations are well-intended, but there are still a lot of questions surrounding exactly how to best approach the problem. One potential answer, according to Terry Gold, founder of research and advisory firm IDAnalyst, is the issuance of secure credentials to patients and healthcare providers similar to that of the Personal Identity Verification or PIV card in the government sector.
Gold, who spoke at last week’s Secured Cities conference in Baltimore, said that the vast majority of healthcare fraud can be traced back to organized crime, which has figured out how lucrative the practice can be. Typically, Gold said that criminals will setup up phony clinics, bill Medicare and Medicaid for a variety of medical services that were never performed and then bolt before the feds realize the operation was a sham.
Although the new healthcare law allows the Centers for Medicare & Medicaid Services to conduct background checks on providers, Gold said that the “real problem” is how healthcare providers can be enrolled in the system prior to all of these bureaucratic checks taking place. “This is not a technology problem, it’s a business problem,” Gold told a crowd of attendees.
When it comes the evolution of identity solutions, Gold said that the healthcare industry is still stuck in the 1950s or 1960s. The advent of smartcard technology, which is tamperproof, portable and can contain numerous credentials, could revolutionize the way patient data is handled in the future. For example, Gold said that patients could be issued credentials that contain their complete medical history and insurance information which they could take with them wherever they go, eliminating the needless reproduction of records and another location where criminals could steal their information from. Patients would also receive a PIN number to use in conjunction with their credential, which would render it useless if it was lost or stolen.
Along the same lines, doctors could also be issued smartcards containing all of the pertinent data about their practice. This could also help eliminate fraud as Gold said that both patient and provider could insert their card into a reader to verify whether a service billed was actually rendered. At the moment, however, there isn’t an ideal solution on the market that could adequately meet the needs of the healthcare market. As Gold pointed out, PIV wasn’t designed with healthcare in mind. Germany recently issued e-health cards to its citizens, but that country also has national ID cards, which is something Americans have repeatedly rebuffed. “There aren’t too many large-scale deployments out there for a reason,” Gold explained.
The conundrum for the healthcare industry is there are currently no standards as it relates to the issuance of credentials, so the challenge lies in deciding what to implement or whether to implement anything at all. With that being said, there will undoubtedly be standards handed down in the future as it relates to this and no one wants to be out of compliance. Ultimately, Gold said that healthcare providers need to build their own risk model and deploy what they believe best meets their needs.