Protecting your name

image004By, Jason Busch:

Protecting your privacy and personal information is a major concern for most people. Regardless of whether or not you have “something to hide,” nobody likes the thought of their personal information being made available to any and everybody, especially when that information contains private medical records.

These days, data breaches and hackers regularly make the evening news, and no one’s information seems safe. However, one local company is stepping into the breach with its effort to ensure patient health care records are safe and secure.

Madison-based TASCET Inc. released its Unique Patient Identifier (UPI) in early August, with the goal of creating a foundation for interoperability across the entire health care system and removing the financial threat of synthetic identities.

“The UPI solves the most difficult challenge to patient safety: ensuring that patient records cannot be compromised due to mismatching, duplication, fraud, or data breaches,” says Larry Aubol, CEO of TASCET.

The Identity Theft Resource Center reports that more than 109 million patient records were compromised in breaches since January 2015, in addition to those suffered across industries and the U.S. government. The compromised information is sold and resold, enabling criminals to pair valid information with false information to create synthetic identities and commit fraud, leaving patients and health care systems at great risk, Aubol notes.

“Even before data breaches became systemic, development of a UPI solution was prompted by basic patient safety concerns,” Aubol recalls. “The biggest obstacle has been making the UPI inherently secure so that patient records are always protected from unauthorized access, and that’s exactly what we do.”

TASCET was founded in 2005 as a digital enterprise risk management company to combat identity fraud by using the principle of “one person, one identity.”

“There is no standard industrial classification number for services we provide, which is unique identity numbers that cannot be duplicated, misused, or stolen, and can only belong to one person,” TASCET Senior Vice President Kari Douglas says. “Our issuance of numbers based on a Super ID — as it’s called — addresses the unmet identification needs for compliance by the health care, financial services, retail, government, travel, academia, and cyber industries.”

In 2008, the RAND Corporation examined the benefits of a unique patient identifier for the U.S. healthcare system. Its report highlighted six attributes outlined in the American Society for Testing and Materials (ASTM) standard, which called for the UPI to be unique and canonical, invariable, nondisclosing, verifiable, ubiquitous, and limited in use to accessing health information.

“To be both unique and canonical, a patient identifier must prevent multiple patients from being assigned to the same patient identifier, while also ensuring that the same patient is not attributed to more than one identifier, across the nationwide healthcare system,” explains Aubol. “The UPI accomplishes these and the other attributes noted by RAND, all while protecting the privacy of the patients and improving revenue cycle management for providers.”

Douglas says it is estimated that the current accuracy rate of patient ID matching at even the most sophisticated hospitals is only around 80%, which means there is a one in five chance that a patient’s safety, privacy, or security will be compromised.

“The only way to produce a unique identifier is to start with the person,” Douglas explains. “Patients grant permission when they visit a hospital, clinic, pharmacy, or their doctor to activate their ‘Super ID.’ The Super ID is the consumer-facing brand name that says they are protected from misuse of their identity because their identity is no longer based on other people’s data.”

The identifier is created in 30 seconds or less. The process takes two finger proofs and a face proof along with non-sensitive biographical information to create a unique 16-digit number, the Unique Patient Identifier, or Standard Patient Number. On the next visit, the patient simply confirms their identity with a finger proof or facial proof to access their medical record and only their record.

TASCET did not invent a unique patient identifier to protect from data breaches; obviously, no one can do that, Douglas notes. “Our focus is on the patient. With all the data breaches that have occurred and will occur, TASCET took it upon itself to protect the most important asset of a healthcare provider — the patient.

“TASCET does not see or store patient records,” Douglas continues. “TASCET cannot access patient records. We do not data-mine and are non-transactional. We do one thing: we create identifiers that can give patients anonymity and privacy.”

The impact of TASCET’s UPI technology goes beyond just the health care industry. Each industry has a separate unique number. Each number is used to protect the consumer and provide for the highest level of compliance mandated within each industry. An individual could receive 10 unique identifiers from TASCET throughout their lifetime, Douglas says — each one being random, unique, and only utilized by them.

“According to the FBI, health care fraud is costing the nation $80 billion per year,” Douglas says. “It’s not known how much of that is caused by identity fraud, but a substantial amount can be eliminated by knowing who the patient is and who the provider is. TASCET’s identity infrastructure answers both of these questions.

“Synthetic identities are the rising tide of fraud that the health care industry needs to face the way banking and retail have just begun to understand them,” Douglas adds. “But to stop the use of synthetic identities to commit fraud in healthcare, ‘one patient, one record’ is a must.”

While TASCET only recently announced the product, Douglas says the company has been in discussions with many of the largest health care systems in the country, as well as forward-thinking Wisconsin hospitals and HMOs, to provide the UPI technology.

“The UPI is just one component,” Aubol notes, “but it is the foundation for interoperability in nationwide health information exchange, and the means to safeguard patients and their privacy.”

New Product Offers Enterprisewide Unique Patient IDs

hdm-logoBy, Joseph Goedert:
Risk management software vendor TASCET Inc. of Madison, Wis, has introduced a unique patient identifier for providers, insurers, health information exchanges and other healthcare organizations.
Enterprise use of the identifier across an organization would increase patient safety and convenience, while also protecting against fraud, says Larry Aubol, CEO at TASCET. The company is marketing unique identifiers in seven industries; the primary markets are healthcare, banking and retail. The vendor is working with Epic Systems to support the identifier for two hospitals that are implementing it, and Cerner has agreed to work support the identifier if clients want it.
The identifier also can be used to ID employees to deter fraudulent activities and get them comfortable with the process that patients will go through to register for the ID. “If employees are not comfortable, they can’t encourage patients to consider the identifier,” Aubol says. Assigning health professionals a unique identifier would help an organization better understand who its affiliated providers are and further can help identify health professionals who are assessing patient records without authorization.
The identifier has 16 digits. When a patient registers, he or she would be told that the facility wants to create a “super-identifier” that would be consistent across the organization and seeks permission to activate the identifier.  Two fingerprints would be scanned into a recognition system as would a facial scan of the patient, and tied to these identifiers would be the patient name, date of birth, address, gender and county where born. In subsequent visits, the patient would look in a camera or a fingerprint reader to verify identity.
The identifier also could, over time, enhance provider revenue cycles, Aubol says, as banks move toward more prompt payment. TASCET is in discussions with such organizations as Kaiser Permanente, Geisinger Health System, Intermountain Healthcare, Sutter Health, multiple health information exchanges and attorneys, Aubol says. The company expects its first live hospital by the fourth quarter of 2015.