Getting Smart About Patient ID

Payers and providers are widening their use of a combination of technologies to simplify patient identification at check-in, spurred in part by progress being made in the credit card industry.

This article first appeared in the December 2015 issue of HealthLeaders magazine.

Until recently, most patient ID technology centered on building and maintaining master patient indexes. Enterprise master patient index technology—not a foolproof method of positively identifying someone presenting for treatment—continues to perform foundational work in healthcare.

Now, payers and providers are widening their use of a combination of technologies to simplify patient identification at check-in, spurred in part by progress being made in the credit card industry to adopt smart card technologies, as well as advances in other biometric and cloud technologies.

Providers and payers are expecting a wealth of benefits, including smoother workflow at registration and the same anti-fraud benefits the credit card industry is enjoying.

One of the most successful digital ID programs at a U.S. provider was recently highlighted during a hearing of the U.S. Senate Committee on Health, Education, Labor & Pensions in June 2015.

At the hearing, Craig D. Richardville, MBA, FACHE, senior vice president and chief information officer of Charlotte, North Carolina-based Carolinas HealthCare System and chair of the Premier Healthcare Alliance Member Technology Improvement Committee, described how its patient-matching biometric program, which uses palm-vein scanning, has been voluntarily accepted by 99% of its patient population and has a failure rate of only 0.11%, as compared to a national patient-matching failure rate of 8%-10%.

"When you see some of the new things coming out like meaningful use stage 3 and requiring interoperability, a lot of discussion that's going on has to do with uniquely identifying a patient and trying to get an identifier associated with that patient," Richardville says in an interview with HealthLeaders.

Carolinas' journey began back in the middle of the last decade, when Fujitsu, manufacturer of the PalmSecure system, sought to sell its palm-vein scanning technology to the banking industry, a major hub of which is in the Charlotte area, for its ATM machines.

"We looked at different options," Richardville says. "Fingerprint scanners, which are really common, have a high error rate. It was very inexpensive, but we saw a lot of false positives. You can very easily match somebody's fingerprint if you wanted to, if you wanted to use it for fraudulent reasons. So we ruled out fingerprints."

Carolinas ruled out another biometric option—scanning the unique patterns on a patient's retinal blood vessels—as being too expensive and intrusive, he says.

The palm-vein device captures a person's vein pattern image while radiating it with near-infrared rays, according to Fujitsu. The deoxidized hemoglobin in the palm vein absorbs the rays, reducing the reflection rate and causing the veins to appear as a black pattern. The scanner software stores each registered vein pattern not as a literal image, but as a computer algorithm. Subsequent scans are compared to the stored algorithm. "It's kind of like a snowflake," says Richardville. "Everybody's is unique. So it's not actually your palm print. It's the veins inside the palm."

So far, Carolinas HealthCare has stored algorithms for nearly 2 million unique patients in its system, which includes 900 care locations, 3,000 physicians and advanced clinical practitioners, and 39 hospitals. The actual scanner itself is a 1.5-inch-by-1.5-inch square sensor. The patient places a hand over it, or if the trauma patient arrives at an emergency department in an unconscious state, caregivers can place the patient's palm over the scanner. "It doesn't happen very often, obviously, but when it does happen, it could be a matter of life and death," Richardville says.

From its first deployment in 2007 and its full rollout at Carolinas in 2010, the palm-vein scanning system began to pay for itself and helps to fight insurance fraud. One would-be patient presented for an elective surgery while impersonating his brother in order to use the brother's insurance policy to pay for the surgery, he says. The palm-vein algorithm did not match, and the would-be patient admitted the deception.

Among the benefits, Richardville says, are that the organization can make sure it has the right information on the right patient and can avoid duplication or inappropriately merging information from different patients. "This really helps with all of that tremendously."

Carolinas is now incorporating the palm-vein scanners into its deployment of self-service check-in kiosks, to further streamline revenue cycle workflow and reduce check-in lines, Richardville says. Such kiosks will also be able to accept payment at time of check-in.

Patient ID technology can unify demographic information in a variety of hospital information systems, says John Stoy, chief technology officer at Mid Coast Hospital, a 92-staffed-bed Brunswick, Maine, facility that serves a population of approximately 100,000 residents. Each of Mid Coast's 21 ambulatory clinics maintains its own admissions, discharge, and transfer data, as well as registration information. "We were having issues with that data being in sync across all those systems," Stoy says. "Just because I know you and you walk up to my check-in doesn't mean that I selected you. I could have fat-fingered and picked somebody else up."

To cut down on such errors, in 2014 Mid Coast acquired smart card readers and cards from LifeMed ID. Within seconds of the patient inserting a smart card provided by Mid Coast into a reader, the system displays a photograph of the person associated with that card, and the registration process proceeds.

"The real goal was to streamline our registration and make it one person no matter where they were seen within our organization," Stoy says. "Also it shows the number of days since that patient has visited our hospital or one of our clinics. The reason we did that is because if a patient had just gone to my cardiologist upstairs, and he sends him down to get lab work done, I don't want my registrar asking all the same questions that were just asked upstairs, and I want it to be really a quick registration process for them."

So far, approximately 20,000 Mid Coast patients have acquired patient ID cards. "I won't say all of them pull it out of their wallet when they come, but I'd say a good portion of them do, and it helps our making sure that we have the right patient," Stoy says.

Adding the smart cards has allowed Mid Coast to "streamline" its business processes, and with the system's recent business growth, "we would have had to hire more people than we have now" without the technology, Stoy says. "And the patients like coming in with the card." If they forget to bring it, "we can look them up by date of birth. We have about seven different options. But basically, we don't want to spend the time looking them up."

Another recent boost in the prospects of smart cards is that the standard U.S. credit card is becoming a smart credit card through embedding of the so-called EMV chip. As of October 2015, U.S. merchants who rely on the older, less-secure magnetic strip credit card reader technology assume risk of credit card fraud formerly assumed by the banks that issue credit cards. The technology in LifeMed ID's smart patient ID cards, as well as that of another provider, LifeNexus, is also EMV technology, and technically, the terminals that process all these EMV chip-embedded cards could be a single terminal.

"Our billing department will have to have a reader that can read the chip on the credit card," Stoy says. "I'm hoping it can be the same reader."

One of the largest potential uses for smart cards could be in the Medicare program. Despite talk of doing so, the Centers for Medicare & Medicaid Services has yet to launch any serious effort to pilot a smart card or other digital patient-verification system. In part, this may be because a major impetus for smart cards—reducing fraud—appears to be out of scope for CMS. According to a March 2015 report issued by the Government Accountability Office, CMS does not wish to make access to Medicare benefits dependent on beneficiaries having their Medicare card at the point of care. "Because CMS has indicated that it would still process and pay for these claims, providers submitting potentially fraudulent claims could simply not use the cards at the point of care," the report states.

"When Medicare finally says, 'We're going to have a 2% reduction in reimbursements if you don't have this type of technology,' then everybody will move to it," Stoy says.

Payers and providers are also keenly aware that more and more patients are carrying their own technology, which can be utilized in innovative ways to provide new forms of authentication of who a patient is and information only they would know.

Technology from LifeNexus, initially smart card-based and known as iChip, is being tested as software incorporated into smartphone apps by several payers.

New Mexico Health Connections, a health insurance co-op established in 2012, recently learned that despite the state's high level of poverty, more than 80% of its adult population has smartphones.

Like other co-ops, NMHC is a state-based exchange set up through the Patient Protection and Affordable Care Act. It currently includes 35,000 members, says NMHC President and CEO Martin Hickey, MD.

Starting with six ambulatory physicians, NMHC plans to make the iChip app available for download by their patients. When the patients appear for a visit, each physician will have a QR code—a square barcode in common use outside of healthcare—posted at the admissions desk.

The iChip app will direct arriving patients to capture the QR code image, which uses cloud computing to confirm that the patient carrying that mobile phone has checked in at that particular provider. The phone can also display to provider and patient alike claims data pulled from payers such as NMHC, as well as recent discharge summaries or, potentially, state health information exchange data on that patient.

NMHC plans to make the iChip app available to all its members by January 2017, Hickey says. The phone makes sense, he says, because "the cost of smart card readers is nontrivial, but almost everyone carries their smartphone."

To add another factor of authentication, NMHC members will also be required to establish a four-digit PIN, which they will have to enter at the time of the encounter. In the case of an emergency, Hickey says he hopes that LifeNexus will provide a "break-the-glass" option to allow authentication without someone having to know the PIN.

Larger payers are also taking note of the possibilities of mobile phone authentication of members at check-in.

"We've talked to a number of smart card vendors, and we are willing to participate with any smart card vendor, but we don't have a plan or a specific smart card vendor that we've chosen at this time," says Jamisson Fowler, vice president of digital technologies at Anthem, Inc., an Indianapolis-based payer with more than 38 million total medical members in affiliated health plans. "The main issue there is that the smart card vendors can't solve for the actual identification of the patient in a secure fashion.

"The smart card is designed to identify that this is the actual card. And it has special security capabilities to communicate with the reader, but it's not telling someone that this is Jamisson Fowler."

Instead, Anthem is turning to something more and more patients carry with them, which by its nature is a token authenticating the identity of the patient—a mobile phone.

Fowler says Anthem is in the process of releasing connector technology that providers could use to link their electronic medical records to mobile applications that Anthem members could consume. "Mobile presents the broadest potential that we've seen so far, because of mobile's ubiquitousness. It then allows us to look at pushing patient information, whether it's identity or electronic record information, to the phone and in the patient's care."

Unlike smart cards, mobile phone-based identity systems are extensible to other uses. Anthem is also exploring using Apple's Passbook app as a way to present an Anthem member's ID card to providers, Fowler says.

As requirements of computer security increase, mobile phone users can also be challenged to present additional factors of authentication, such as a personal identification number or a biometric verification such as Apple's Touch ID, a fingerprint recognition feature on the iPhone.

Reprint HLR1215-7