Health IT program needs ID management

Privacy becomes an issue with electronic health records

The Obama administration’s drive to implement electronic health records (EHRs) should have strong identity management tools to ensure privacy and security of the records, members of a panel of providers, vendors and policy experts said today.

The coming health information technology policies and standards are to include protections for patient privacy and security and  safeguards against medical identity theft. Achieving those goals could be advanced by identity management tools, such as strong authentication standards and smart cards, according to panelists at an event in Washington today organized by the Smart Card Alliance and the Secure ID Coalition. Both groups represent vendors of identity management programs.

For example, patients checking in to Mount Sinai Medical Center in New York City are assigned a smart card that contains their photograph and a digital summary of recent clinical information. By delivering the information to doctors providing care, the card helps improve care and reduce medical errors. The card also has proven to be critical in reducing fraud and identity theft, which in turn decreases errors in payments and in patient care, said Paul Contino, vice president of IT at Mount Sinai.

“If you don’t catch the errors at the registration desk, you will see dramatic effects downstream,” Contino said. “If you are going to spend money on health IT, you need the right identification standards.” Without strong ID management, care records are likely to have errors because of false identities, misspelled names, duplicative names and other problems. Even a single error, such as a wrong blood type listed on a patient’s record due to a mix-up with another person’s identity, can lead to catastrophic consequences for a patient, he said.

Congress approved spending $17 billion in incentives for doctors and hospitals that install and use health IT systems as part of the economic stimulus law. The Health and Human Services Department is drawing up standards and policies to distribute payments to providers who can show meaningful use of health IT. HHS also is setting up a framework for secure exchange of the health data and the department's national coordinator for health IT on May 15 released a road map for creating the standards and policies under the stimulus law.

One standards will involve controls on access to patient records. The leakage of private medical information can affect a patient’s employment, housing and insurance status, and because of that extreme sensitivity, medical information requires more than a password for secure handling, said Michael Magrath, director of business development for North America for Gemalto Inc.

“Health information exchanges and regional information exchanges will be targeted by hackers,” Magrath said. “I have strong concerns about the prospect of minimum standards," such as passwords alone. Identity authentication standards for receiving medical care and handling medical data should require a password and also use of some type of identity token or certificate issued by a third party, he said.

Ideally, patients would be in charge of -- and would have complete access to -- all of their health records, said William Yasnoff, managing partner of the National Health Information Infrastructure Advisors consulting firm.

“Who has your complete medical records? For most people, it’s no one,” Yasnoff said.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.


  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.