Trusted Identity for the omni-channel healthcare experience

Allan Mendelsohn, Healthcare and Public Safety Practice Lead, Avaya Canada

Allan Mendelsohn, Healthcare and Public Safety Practice Lead, Avaya Canada

The pandemic accelerated decades worth of digital transformation in healthcare, making it easier for users and patients to manage their care anytime, anywhere, using virtually any combination of channel and device. But as more people digitally engage to schedule appointments, view test results, process claims, and make payments, digital identity management, authentication, data security, and privacy become key concerns. Eighty-five percent of healthcare IT professionals say they have seen an increase in cyber risk over the past 12 months, and 66% of patients say they would leave their healthcare provider if their payment or personally identifiable information was compromised.

Healthcare organizations must ensure that when they are interacting with a user or patient, the person is who they claim to be. They also need to verify that employees are who they claim to be (especially as the “work from anywhere” movement continues to grow) while minimizing visibility into sensitive and/or personally identifiable information. This needs to be done without adding customer friction or complexity with traditional healthcare delivery systems. Identity-centered security is the solution.

Identity-centered security is based on proving who someone is versus what they know. Anyone can find out personally identifiable information like a name or mailing address, as well as knowledge-based security questions like mother’s maiden name. Identity-centered security techniques like encrypted 3D face mapping take identity authentication and data security to the next level. This is done by leveraging the sensors on the connected devices people use most in their everyday life: their smartphone, tablet, laptop, or desktop. Sensors companies can leverage include location services, cameras, keyboards, and QR code scanning to authenticate patients and users faster and with far greater accuracy. 

Journey is a leader in this field. The company’s Identity Network and Platform is the only of its kind that supports an array of verification techniques (from sophisticated ones like 3D face mapping to more standard ones like knowledge-based authentication or KBA) while keeping customer data private using advanced cryptographic techniques. Combined with Avaya OneCloud, organizations can create fully compliant digital interactions with a frictionless, one-and-done authentication process. 

Here’s what this can look like in healthcare…

Effortless everyday interactions and transactions. 

Patients and users can be set up with digital ID verification to simplify the authentication process and get down to brass tacks faster. For this, the organization would capture a customer’s government photo ID (like a driver’s license or passport). When it comes time to verify the customer’s identity, the company would conduct an encrypted 3D face scan of the person’s face and match that scan to the photo they have on file. This digital ID verification would be conducted every time a customer reached out (for example, when a user calls to obtain information about their health plan or a patient logs into their online portal to join a telehealth appointment). You can make this just one of several verification techniques as part of a custom pipeline. For example, after a 3D face scan you can have a member complete a document scan of their insurance card using the camera on their phone. Maybe you’ll want to top this off with a more basic security question. It’s up to you what kind of verification process you want to create for your customers’ security. The experience will be seamless for the user no matter what. 

Avaya OneCloud enables effortless transfers across all voice and digital channels (ex: chatbot to agent), and Journey carries this authentication forward so the service experience continues without missing a beat. There’s no need for patients or users to reauthenticate themself every time they speak with someone new. There’s also better trust established between both parties with mutual authentication. Organizations can authenticate customers, and customers can authenticate the organization back through its custom pipeline. 

Automated notifications with easy bill pay.

Healthcare providers, pharmacies, health insurance companies and others can simplify routine interactions such as prescription fulfillments, device order statuses, post contact surveys, new patient eForms, and payments.  Notifications can be securely sent across the channel of a user’s choice (phone, SMS, in-app message) with high veracity authentication. For example, a patient can click on the link in a text message their provider sends them reminding them that they have an outstanding balance. If an identity template has been established (for example, the company has already captured a government photo ID of the person along with other necessary info), they will be automatically authenticated against what’s on file and can quickly make the payment using their preferred method (credit card, debit card, Apply Pay, etc.). 

There’s even the option to keep their preferred payment method on file so they don’t need to re-enter details every time; the person can simply authenticate their payment method using a face ID scan. The patient doesn’t have to jump through hoops or talk to multiple different agents (creating the streamlined experience they want) and the provider increases collections while maintaining full HIPAA- and PCI-compliance.

Better data protection and stronger regulatory compliance. 

A healthcare data record can be worth up to 50x more than a standard credit card record on the black market, depending on how complete it is. Identity-centered security enables healthcare organizations to establish the same kind of identity template for employees as they can for users/patients to ensure the right person is accessing their systems. They can also minimize employees’ visibility into sensitive or personally identifiable information thanks to a groundbreaking innovation in cryptography called the “Zero Knowledge Proof.” This allows contact centers to verify information without revealing the actual data to the other party (a.k.a. the employee/agent). 

To securely request personal information like a provincial healthcare number, all an employee needs to do is press a button that sends a notification to the patient/user via their channel of choice (i.e., in-app notification, SMS). The patient/user will fill out the information on their end, which will then bypass the agent to be verified by the necessary third-party system(s). When the data has been verified, the employee will see a green checkmark on their desktop indicating that the information is good to go.