| Remember party lines? Telephones, at one time, | | | | examples of identity management is the |
| were connected to multiple parties. One could pick | | | | password. While dealing with multiple passwords is |
| up the handset to find out that the neighbor | | | | frustrating for individuals, the cost of administering |
| down the street was already tying up the line. | | | | and resetting passwords to business, including |
| Believe it or not, party lines and the lessons one | | | | healthcare, is huge. A Siemens study found that a |
| learned about keeping secrets from others "on | | | | typical password related call averages $25, costing |
| the line" are instructive today. Only today, the | | | | an enterprise of 2,000 as much as $152,620 per |
| shared access is often access to data. As data | | | | year. Identity management tools that reduce or |
| bases grow in detail and points of access, there is | | | | eliminate reliance on passwords include single-sign |
| a growing need to identify -- and control -- who | | | | on applications, smart cards and systems using |
| has access to what information based on their | | | | biometric identification and readers. |
| role and rights. This identification, to be effective, | | | | Insurance plans have long used knowledge-based |
| also calls for methods to authenticate and | | | | information as a means to identify beneficiaries. |
| authorize users of the system. In short, who is | | | | Not only must someone present an insurance |
| "on the line" and should they be there. | | | | benefit card, they must also provide a social |
| While many businesses have been grappling with | | | | security number or some other "fact" to verify |
| the need to identify and grant access to | | | | eligibility. This reliance on personal data can be |
| information, healthcare has largely ignored these | | | | thwarted by either voluntarily sharing this data |
| issues until confronted with them through | | | | with someone else who uses it to obtain services |
| government or regulatory authority. As a result, | | | | and benefit or by identity thieves who sell this |
| healthcare -- as an industry -- has yet to fully | | | | information so someone else can fraudulently |
| engage in the new frontier of identity | | | | obtain services. By tying in positive and robust |
| management. | | | | identification, especially biometric identification, for |
| But, the need for identity management in | | | | each person requesting and receiving benefits, |
| healthcare is real, since identification errors can | | | | sharing or theft of services is ended. |
| have tragic consequences. A misfiled document or | | | | The growth of data bases -- and the ability to |
| an error in names can lead to deadly | | | | easily access data from multiple sites or via the |
| consequences. Consider the following: | | | | Internet -- has made breaches of data a problem |
| - The LA Times reports that 150 people have | | | | for healthcare providers. When information is |
| access to at least part of a patient's records | | | | breached, such as a celebrity's medical records, |
| during a hospitalization, opening the door for | | | | the challenge is often identifying who leaked the |
| misfiled or lost data. | | | | data. By positively identifying each and every |
| - Insurance cards -- either for private or | | | | person with access to data, identifying the leak is |
| government benefits programs -- are easily | | | | more readily accomplished. Data must be linked to |
| passed from one person to another. | | | | identity rather than passwords, since passwords |
| - Hospital staff members have gained access to | | | | are easily divined or readily available as a "sticky |
| and revealed medical files of a celebrity. | | | | note" on the monitor or a password list in the |
| - "Nancy Smith" is given medication intended for | | | | desk drawer. |
| another Nancy Smith. | | | | Positive identification of a person can also reduce |
| Identity management's goal is to uniquely identify | | | | medical errors by ensuring that each and every |
| an individual. It becomes most important when | | | | "Nancy Smith" is uniquely identified. This ends the |
| one is identifying an individual within a system as a | | | | medication errors or misfiling of information that |
| means to control their access to resources or | | | | can occur when a hospital file is "touched" by as |
| establishing their rights or limitations within their | | | | many as 150 people. |
| system. | | | | The new frontier of identity management must |
| As healthcare providers reach outside of their | | | | be crossed to restore trust to the healthcare |
| own networks, the need to identify and | | | | system. Through robust credentialing of individuals |
| authenticate individuals and assign roles and | | | | -- and the ability to share the results of that |
| responsibilities becomes even more important. As | | | | credentialing and authentication of the person and |
| systems become interoperable, the need for | | | | their rights and responsibilities -- the healthcare |
| secure and private access to data, coupled with | | | | industry will make dramatic leaps in quality of care |
| certainty of identity of users and their roles will | | | | and increase efficiency. |
| take center stage. | | | | ©Secure Services Corp. |
| One of the more ubiquitous -- and frustrating -- | | | | |