Senior Vice President HIMSS, USA.
In 2001, HIMSS Medical Banking Project outlined a health Information Technology (IT) strategy linking banking and healthcare platforms to form new, inter-organiSational systems that streamline administrative costs in healthcare. Commercial banks responded by accelerating investment in treasury management operations, where the idea has driven demonstrable impact. For example, a world renowned healthcare system implemented a ‘medical banking’ programme that transformed processing four million payments from paper to electronic. Annual cost savings can be roughly estimated by multiplying volume by two, or US$8 million per year.
While this business practice is still in its infancy, and ways are emerging to harness the efficiency of electronic payments that circumvent the lockbox, the idea of tighter technology linkage between banking and health IT has spawned new areas of thinking. These areas may be summarised as: (1) integrated healthcare administrative technologies, such as the example cited above (2) ‘health-wealth’ portals that consumers can use to manage spending in healthcare, and (3) bank-managed digital identity and integrity for healthcare. Though distinct, these three emerging capabilities overlap and may be portentious of our healthcare financial network of the future. This article will focus on the third area only – using banking technologies for ‘identity assurance’, referred generally as a ‘digital key’.
Dialogue around this issue is still quite new. ‘HIMSS G7,’ a cross-industry thought leadership assembly focused on business innovations in healthcare, actively involves banks to explore solutions around emerging issues in healthcare. Objective recognition of medical banking ideas appears to be gaining ground. In early January 2012, six editors at American Banker searched the US marketplace to find the ‘biggest ideas’ in banking. The creation of a ‘health-wealth’ portal made number one on the list. Later in July, Treasury & Risk magazine compiled a global listing of the ‘Top Influential People in Finance in 2012’ where medical banking ideas were again recognised.
Of all the ideas that have evolved from the convergence of banking and health IT, none may drive more impact, and debate, than using bank identity management mechanisms for healthcare; specifically, digital keys that link a patient with his or her electronic health records. Events like AsiaPac12, Summit for Health Information and Financial Technology (SHIFT) at HIMSS annual conference, the mHealth Summit, Digital ID World Africa and others, allude to a new dialogue that suggests we are fast moving toward bank-managed digital identity for consumers of health services. In fact, it would not at all be surprising if some projects have already connected the dots around this area.
As our world turns digital the need for identity management has become foundational, and this is true not only in first world countries but in developing areas where mobile finance is making strong inroads (i.e. mPesa, others). A study by Unisys found that among consumers, the most trusted venue for digital identity management is the commercial bank. As banks redefine their value proposition—a process that has escalated since the 2008 global credit crisis—the notion that ‘identity is the new money’ is resonating. In a digital world, consumers are digital ‘entities’, who may or may not be who they say they are. For banks that are re-imagining service portfolios, a compelling product pathway is emerging that places them within an identity management value chain.
One aspect of a bank-driven digital key lies in prevention of medical identity theft. The numbers are daunting and tantamount to a universal wake-up call. The World Privacy Forum declared in 2006 that medical identity theft is the fastest-growing form of identity theft. In 2010, according to the Ponemon Institute, more than 1.4 million people were victimised by medical identity theft, and the average cost to resolve their cases was approximately US$20,000. Over half of these people report having to pay for medical coverage they did not receive in order to restore their health coverage. In fact, nearly one third indicated their health premiums increased after they were victimised.
Yet the financial fallout of medical identity theft is not the worst part. Authorities suggest the impacted health record could lead to dangerous situations. Imagine reliance on a medical record where the blood type has been changed or where the history of treatments is mixed with the criminal’s ill-gained procedures. This is where digital ID ‘integrity’ comes into full view. Patient identity and integrity are inextricably linked. They go together. And if bank-managed digital identities are in our future, it follows banks could be involved in some form of integrity of records as well.
These facts illuminate a fundamental dialogue society is wrestling with today: how will we protect our medical identity in a digital world? We may have a key part of the answer already but the global dialogue hasn’t yet acknowledged the notion of using banking systems for identity assurance. Many view banking and health IT as separate. But the medical banking domain is yielding cross-industry innovation that is blurring the lines. Can patient identity and integrity be addressed using finely tuned programmes deployed by banks? Can banks offer digital keys for healthcare?
As we discussed how a bank can redeploy core competencies to drive growth, we quickly concluded that for a bank this size, the best ideas need both a large market and global scale. Building a capability just within the US would not work. Viewed from this angle there are several good reasons to strongly consider banking technology for healthcare. Here are just three:
As electronic health information technology advances there is a need to fully understand a hidden, but considerable cost for keeping medical identity private. Consider that the banking industry is locked into an ‘identity theft arms race’ with the criminals–individuals and organised crime syndicates who are trying to rob the system 24 hours a day, 365 days a year. Addressing this persistent threat requires significant investment, strong stakeholder engagement among competitors and authorities and futuristic thinking, so that emerging threats are envisioned way out in the horizon before they actually become reality. There is no comparative capability within the healthcare system that mimics this banking resource. We may well ask if we need to reinvent it for healthcare.
Policy development has morphed around this area. For example, the Obama Administration in the United States announced a new cybersecurity plan to protect national interests. As commerce moves from paper money exchange to digital transfers, identity and access management is rising in importance. As medical identity theft grows, new technologies are now embedded in financial systems to deal with financial identity theft and have already cross-pollinated into healthcare systems, especially in payment channels. It stands to reason that as best practices in identity management in banking are much more evolved, keeping our money safe, that linkage with health IT is inevitable.
An area that brings together identity and access management in banking and healthcare is cash management. The convergence of banking and health IT impacts the finances of the enterprise, practice and individual. Accessing this cash flow requires a growing portfolio of trusted identity protocols (i.e., multi-factor authentication, site stamping etc.). The technical development ‘glidepath’ brings banking and healthcare systems into a mutually valuable inflection point.
Consider that in healthcare, payments processing is much more involved than transferring funds between the healthcare stakeholders. Accompanying these funds is a detailed description of what the payment is for, and many times, what is partially paid or not paid at all. This information helps the enterprise to optimise reimbursement; the physician who is trying to get paid and the patient who wants to know what his or her portion of the bill is, and if it was calculated accurately.
This data is also individually identifiable and highly confidential, presenting a line-by-line description of each medical treatment and its associated cost. When using banking systems for managing payments that have accompanying ‘explanation of benefits’ that go through a lockbox (as many hospitals and large practices do), this data crosses the boundaries of the healthcare provider and enters the banking system. This is the reason why banks that provide these types of services are impacted by health data protection laws in the USA, such as HIPAA, and those in other countries as well.
An axiom in medical banking is that the evolution of health data protection laws will necessitate ever tighter linkage between banking and health IT. This is because the marketplace is relentlessly driving best practices to optimise efficiency yet gaining this efficiency requires IT convergence between banking and health IT systems. Because of this, compliance regulations in healthcare (HIPAA, HITECH) and banking (GLB, FACTA, PCI) are converging in the payments area. While there are other avenues for transferring remittance data, such as health data clearinghouses, in the end the remittance needs to be linked to the payment. This is a function that the bank is uniquely positioned to perform; after all, the banks are processing the payments.
In the USA, the ‘X12 835’ transaction is used transfer a payment and remittance. Use of this transaction in banking systems has been hampered for many reasons, however, banks are catching up and there is active discussion today about implementing ‘straight through processing,’ that moves the funds and the data together to end point, in healthcare. Moving funds alone is highly commoditised and so there is growing interest in this area, where banks can provide greater value to healthcare stakeholders.
The product evolution seems apparent. Banks, through which this data will progressively move, will provide platforms that help their customers to process the data, whether through cash management platforms for the enterprise that streamline workflows, or, online banking platforms that serve up near real time data to the individual so they can manage their healthcare spending…all instantly portable to a mobile device. Clearly, access to this data stream is controlled using a banking identity and access management mechanism. It stands to reason that as banks are highly invested in this area, including the nascent development of ‘legal entity identifiers,’ that healthcare stakeholders won’t need to reinvent the wheel.
Imagine a consumer who establishes a bank account being assigned a lifelong digital key for authorising access to financial and personal health records. The key could also be deployed into interoperable healthcare networks to accurately collate electronic records at point of request (online, card swipe, etc).
Yes, this is far easier said than done but the point of reflection remains the same – should health stakeholders engage the banking community for the digital key component or re-develop this capability? How will it be paid for to keep the criminals continuously at bay? Will a separate effort yield the same, or better, security than we find in banking? What if we could bypass this area and turn our collective attention to other difficult tasks to build interoperable health data networks?
A Witman, P and Roust, T (2008) Balances and Accounts of Online Banking Users: A Study of Two US Financial Institutions. International Journal of Electronic Finance 2(2) (April, 2008) conducted by professors at California Lutheran University corroborated another that was done early by Digital Insight; both trying to show cost savings of moving banking customers from offline to online banking. Yet the studies revealed something different. The cost savings were slight, but a major finding indicated the ROI for online banking customers is three times more than offline customers. Online banking customers typically have larger and more account balances.
Realising this, banks have developed a multi-pronged approach for moving people from casual users to offline, then online banking, and now, mobile banking. They target the ‘unbanked,’ such as healthcare targets the ‘underserved’ (those uninsured or underinsured who fall through the cracks). Doing this is not as easy as one might suspect.
There is a business cost to move consumers from what feels comfortable today to new technologies. For example, there are generational gaps in the use of technology. Some prefer going to a bank branch to speak to a live person. Others prefer an ATM. Still others go online or use a mobile phone. Targeted marketing and consumer segmentation is vital for changing consumer behavior. Grandma likes sending checks in the mail, while the kid brother prefers his iPad. There are also language barriers that must be addressed so that consumers are educated in their own language. Sensitive cultural norms must be recognised…the list goes on.
Banks have built this capability into their business models. Will the healthcare stakeholders do the same? Wouldn’t it be easier to add a new service category in online banking – click here to visit your ‘digital medical home’? Are healthcare stakeholders able to pay for changing consumer behavior given other priorities, like clinical excellence?
Of course, before we can realistically walk down the path of a digital home for medical records, the user experience must become more robust. Health records located in disparate systems need to be brought together and presented in an inviting, easy-to-use format. To this point, some say a broad and interoperable system may never happen, and consumers simply need to buy a personal health record and load it manually or, if available through their healthcare provider, electronically. Moreover, once this is done, tomorrow’s consumers could monetize their records, selling them in a very controlled way using an authorised format. However accomplished, whether self-managed, through an interoperable network or both, integration with a commercial bank is good idea. Funds from the ‘digital medical home’ could be swept into a savings account, as consumers learn to exercise new legal rights around an asset they’ve always had but with far too little control.
Looking through the lens of medical banking it is easy to envision a future state that finds banks offering identity assurance solutions. If ‘identity is the new money’ and banking systems continue to integrate technologies that help health stakeholders to reduce operating costs, it seems inevitable that a common IT convergence point will become using bank identity management ‘engines’ for healthcare – both in terms of criminal-resistant technology and widespread promulgation of digital keys, through persistent investment that changes consumer behavior from offline to online engagement. Getting two for the price of one may become a viable policy and technology decision in the near term as healthcare goes digital. The healthcare leadership should actively bring banks into the identity assurance dialogue and strongly consider use of existing systems to meet this critical need.
John Casillas founded the Medical Banking Project in 2001 that was later acquired by HIMSS to form the HIMSS MBProject in 2009. He is considered a pioneering authority in the convergence of banking and healthcare. In 2012, John was appointed the first Global Health IT Fellow for the World Bank and was, in addition, named one of the top 100 most influential people in the world of finance in 2012 (Finance & Risk Magazine).