As the US Government has increased the pressure on hospitals and physicians to advance their healthcare information technologies, problems and deficiencies have been exposed such as: lack of interoperability between Emergency Medical Retrieval (EMR) vendors, Health Information Exchanges (HIEs) and Accountable Care Organizations (ACOs), inaccurate patient record matching, 8-10% national duplicate record rate, and multiple patient identities.
Other key problems include poor authentication mechanisms to access patient health care information used by most insurance carriers and government healthcare agencies. Such authentication mechanisms are often missing multi-factor authentication, using insecure magnetic stripe cards, and/or lacking service validation before payment is rendered. These registration and authentication mechanisms that use insecure magnetic stripe cards lack of multi-factor authentication and/or lacking service validation before payment is rendered. This leaves the door open to fraudulent criminal activity. Multi-factor authentication is now the recommended protocol that is described as: (a) who you are, (b) what you have, and (c) what you know. Internet logins with multiple security questions are of a single-factor authentication type. Multi-factor authentication would include a security token [such as a smart card (microchip)] as what you have and a PIN code as what you know or a picture on the registration system as who you are. Additionally, insecure magnetic stripe credit cards (wherein information is stored in plain text) have led to significant criminal cyber theft including the theft of over 70 million pieces of credit card information. Medicare identity mechanisms for seniors deploy insecure identity cards with only the name and ID on the front of the card. Medicare fraud accounts for over $60-100 billion annually. Most of the Medicare fraud is the result of criminal billing fraud which would have been prevented if proper patient authentication and verification of services was delivered through patient authorization at point of service.
Additionally, any “internal ID” on medical devices such as an SKU, or product ID may be vulnerable to sequence copying. This vulnerability to medical devices has caused significant problems with fraudulent duplication of medical devices, manufactured products, and pharmaceuticals such as pills.