By, Jason Busch:
Protecting your privacy and personal information is a major concern for most people. Regardless of whether or not you have “something to hide,” nobody likes the thought of their personal information being made available to any and everybody, especially when that information contains private medical records.
These days, data breaches and hackers regularly make the evening news, and no one’s information seems safe. However, one local company is stepping into the breach with its effort to ensure patient health care records are safe and secure.
Madison-based TASCET Inc. released its Unique Patient Identifier (UPI) in early August, with the goal of creating a foundation for interoperability across the entire health care system and removing the financial threat of synthetic identities.
“The UPI solves the most difficult challenge to patient safety: ensuring that patient records cannot be compromised due to mismatching, duplication, fraud, or data breaches,” says Larry Aubol, CEO of TASCET.
The Identity Theft Resource Center reports that more than 109 million patient records were compromised in breaches since January 2015, in addition to those suffered across industries and the U.S. government. The compromised information is sold and resold, enabling criminals to pair valid information with false information to create synthetic identities and commit fraud, leaving patients and health care systems at great risk, Aubol notes.
“Even before data breaches became systemic, development of a UPI solution was prompted by basic patient safety concerns,” Aubol recalls. “The biggest obstacle has been making the UPI inherently secure so that patient records are always protected from unauthorized access, and that’s exactly what we do.”
TASCET was founded in 2005 as a digital enterprise risk management company to combat identity fraud by using the principle of “one person, one identity.”
“There is no standard industrial classification number for services we provide, which is unique identity numbers that cannot be duplicated, misused, or stolen, and can only belong to one person,” TASCET Senior Vice President Kari Douglas says. “Our issuance of numbers based on a Super ID — as it’s called — addresses the unmet identification needs for compliance by the health care, financial services, retail, government, travel, academia, and cyber industries.”
In 2008, the RAND Corporation examined the benefits of a unique patient identifier for the U.S. healthcare system. Its report highlighted six attributes outlined in the American Society for Testing and Materials (ASTM) standard, which called for the UPI to be unique and canonical, invariable, nondisclosing, verifiable, ubiquitous, and limited in use to accessing health information.
“To be both unique and canonical, a patient identifier must prevent multiple patients from being assigned to the same patient identifier, while also ensuring that the same patient is not attributed to more than one identifier, across the nationwide healthcare system,” explains Aubol. “The UPI accomplishes these and the other attributes noted by RAND, all while protecting the privacy of the patients and improving revenue cycle management for providers.”
Douglas says it is estimated that the current accuracy rate of patient ID matching at even the most sophisticated hospitals is only around 80%, which means there is a one in five chance that a patient’s safety, privacy, or security will be compromised.
“The only way to produce a unique identifier is to start with the person,” Douglas explains. “Patients grant permission when they visit a hospital, clinic, pharmacy, or their doctor to activate their ‘Super ID.’ The Super ID is the consumer-facing brand name that says they are protected from misuse of their identity because their identity is no longer based on other people’s data.”
The identifier is created in 30 seconds or less. The process takes two finger proofs and a face proof along with non-sensitive biographical information to create a unique 16-digit number, the Unique Patient Identifier, or Standard Patient Number. On the next visit, the patient simply confirms their identity with a finger proof or facial proof to access their medical record and only their record.
TASCET did not invent a unique patient identifier to protect from data breaches; obviously, no one can do that, Douglas notes. “Our focus is on the patient. With all the data breaches that have occurred and will occur, TASCET took it upon itself to protect the most important asset of a healthcare provider — the patient.
“TASCET does not see or store patient records,” Douglas continues. “TASCET cannot access patient records. We do not data-mine and are non-transactional. We do one thing: we create identifiers that can give patients anonymity and privacy.”
The impact of TASCET’s UPI technology goes beyond just the health care industry. Each industry has a separate unique number. Each number is used to protect the consumer and provide for the highest level of compliance mandated within each industry. An individual could receive 10 unique identifiers from TASCET throughout their lifetime, Douglas says — each one being random, unique, and only utilized by them.
“According to the FBI, health care fraud is costing the nation $80 billion per year,” Douglas says. “It’s not known how much of that is caused by identity fraud, but a substantial amount can be eliminated by knowing who the patient is and who the provider is. TASCET’s identity infrastructure answers both of these questions.
“Synthetic identities are the rising tide of fraud that the health care industry needs to face the way banking and retail have just begun to understand them,” Douglas adds. “But to stop the use of synthetic identities to commit fraud in healthcare, ‘one patient, one record’ is a must.”
While TASCET only recently announced the product, Douglas says the company has been in discussions with many of the largest health care systems in the country, as well as forward-thinking Wisconsin hospitals and HMOs, to provide the UPI technology.
“The UPI is just one component,” Aubol notes, “but it is the foundation for interoperability in nationwide health information exchange, and the means to safeguard patients and their privacy.”