NEW YORK – When it comes to security and credentialing, healthcare is "one of the most heavily-regulated industries," says Tracy Hulver, director of identity marketing in the Security Innovation Group at Verizon Business.
At the same time, however, it can be one where people are "the least technology-savvy, in a lot of cases," he says. Compound that situation with tight budgets for IT and security, and the result is a “tremendous challenge."
But that's no excuse, as Mac McMillan, chair of the HIMSS Privacy & Security Policy Task Force, told Healthcare IT News recently. "It's not that it’s too complicated. It’s just a matter of really figuring out how to do it.
"Providers do not see security as an imperative yet," he added. "That’s not across the board, obviously. There are some folks out there who are actually getting it and trying to do a good job. And they’re making the investment, and I think they’re seeing the benefit of doing that now. But that’s not the majority."
With its revamped Universal Identity Services platform for healthcare, Verizon hopes to reach that majority, offering economical and easy-to-use applications that takes on proofing, credentialing and authentication duties – both at the user level and at the transaction level – for cash-strapped providers.
Verizon's managed identity services, delivered via the cloud through its Terremark IT services delivery subsidiary, now supports additional standards for accessing EHRs and health information exchanges, as well as credentials for e-prescribing, including prescriptions for controlled substances.
The enhanced services deliver legally binding digital signature capabilities, enabling healthcare providers to digitally sign patient health information – such as treatment plans, electronic prescriptions, laboratory reports and discharge orders – with strong user authentication and security protections. Other digitally signed documents that can be securely shared include filings to government agencies and official communications with contractors and business partners.
Moreover, officials tout Verizon's new ID Message Center, through which users can easily monitor and track their digital signature activities with a convenient mobile application or optional Web-based portal.
The updated package also allows providers to use their smartphones and tablets to authenticate their identity to gain access to these new capabilities.
"Because it's a managed service, the organization does not have to manage a lot of costs like infrastructure or administrative overhead," says Hulver. "It's a very economical solution."
Verizon's services pass muster with federal regulations from agencies such as the Drug Enforcement Administration and Food and Drug Administration – CFR-1311, a set of guidelines from the DEA, regulates the use of e-prescribing for controlled substances, for example. CFR-21 Part 11, from the FDA, provides digital signature guidelines for the submission of electronic records.
This past June, Verizon announced that the service supports the SAFE-BioPharma standard, the only life science digital standard that offers interoperability with government agencies, such as the FDA and the European Medicines Agency. Additionally, say officials, its healthcare identity platform incorporates the standards established by the Initiative for Open Authentication, an industry group working toward an open, standards-based system to support multi-factor identity credentials.
"Securely and quickly authenticating the digital identity of healthcare professionals is a key foundational element supporting the electronic exchange of healthcare information," adds Peter Tippett, vice president of industry and security solutions, Verizon. "By streamlining and strengthening the issuance of health identities, our newly enhanced universal identity service for healthcare will help boost widespread adoption and act as a catalyst for further transformation of the U.S. healthcare delivery system."
The multi-factored credentials delivered by Verizon's service are designed to meet the Level 3 authentication requirements created by the National Institute of Standards and Technology (NIST), the federal agency that works with industry to develop and apply technology, measurements and standards. The credentials also help enable U.S. healthcare professionals to meet federal meaningful use requirements contained in the HITECH Act.
"Ten years ago, before all this information about 'the cloud,' people were certainly apt to outsource applications," says Hulver, "but the security element is something they really wanted to hold on to as long as possible."
Nowadays, with the threat level increasing – and the penalties for breaches doing the same – the situation has changed. But that doesn't mean, of course, that getting more money from the CFO for security is any easier, he adds.
More and more providers are looking for ways to meet these stringent regulations with the budgets they have, says Hulver. "Outsourcing elements of security is something people are starting to look at as a valid alternative."
