Prevent Medical Identity Theft with Two-factor Authentication

By James Brown

Medical identity theft takes place when another person fraudulently gains access to your healthcare facilities and without your knowledge begins to use it for doctor’s appointments, medical tests, and maybe even surgery, in your name. The theft may be committed by a friend or family member or even medical personnel who have easy access to your personal health information.  More seriously, it may be done on a large scale by computer hackers. In April of 2012, a major security breach occurred at Utah Medicaid as a result of malicious activity by a hacker.


Consequences of medical identity theft

The implications of such theft are alarming—almost terrifying, because it is practically impossible to quantify the financial devastation, legal woes, tortured state of mind, illness and even death which may arise as a consequence of such theft. Fraudulent use of the identity can leave erroneous data regarding tests, diagnoses, blood groups, allergies and procedures in personal medical records which can adversely affect future healthcare, insurance cover and costs.  This, in turn, can lead to serious medical errors and even fatalities. The theft is most often detected much later when a strange bill or doctor’s line of questioning brings to light the theft. And then the onus of proof and clean up of legitimate medical records lies with the victim. All in all, it is an expensive, complicated and terrifying nightmare for one whose medical identity has been stolen.


The Solution

The need of the hour is a careful assessment of the existing situation and the introduction of a multipronged approach in the whole area of security in the field of healthcare covering issues like privacy, network security and detection of intrusion as well as physical security and internal threats. This is of paramount importance, particularly in view of the fact that maintenance of healthcare information is rapidly moving towards the electronic mode.

It is absolutely essential then to provide complete and effective protection to personal medical information by making it extremely difficult, and impossible, for unscrupulous elements to gain access to them. Most of the security attacks take place by way of password access. Identity authentication systems that heavily rely on passwords alone become easy prey to data thieves who are typically after rich data sets of personal healthcare information and who are quick to exploit any weaknesses in the security network. So, at the most fundamental level a foolproof method of authentication must be implemented.


Two-Factor Authentication

The ideal solution is two-factor authentication in which the user presents two independent, identifiable bits of information, usually a token like a smart card with security functionality and a PIN code. This would allow patients and health providers to securely access healthcare information.

Smart cards are one method of two factor authentication in which the user presents a combination of two of the three authentication factors necessary for identification, namely, the possession factor (something the user has), the knowledge factor (something the user knows) and inherent factor (something the user is). The technology used in the production of the smart card has already been proven and is commonly being used to access the nation’s most secure computer networks. For instance, it is used in federal government employee ID cards and electronic passports and in the subscriber identity module (SIM) used in mobile phones. It consists of a tamper-resistant chip with security software that can be embedded into a card, token or mobile device.

One-time password capabilities, available in a tokenless two-factor authentication system, is another effective tool for authenticating constituents for high-risk or high value transactions, without the need for an additional hardware. In this method, two factor authentication is carried out through phone verification, i.e., by means of a device already carried by the user.

Healthcare providers, by adding these additional layers of security, can more effectively protect access to their critical information and resources.

The importance of high-quality patient identification processes across the healthcare landscape is imperative at this juncture, as patients enter different care settings and access remote healthcare services. By offering a variety of authentication methods, healthcare providers will be able to address the remote authentication needs of the different users accessing the system from diverse devices.


Author’s Bio:

James Brown is a business and technology blogger living in Los Angeles, CA. He likes to share his knowledge by writing articles for high-quality blogs/websites. And he is crazy about baseball.

About the Author

Lana is a real life Identity Theft Victim. Identity Theft Manifesto is a result of her own struggles to clear her credit, her name and reputation. She is on the mission to research, learn more and educate her readers about ID Theft Crime.