himss patient portal identity proofing and authentication

by Ms. Alexandria Pfannerstill 9 min read

PATIENT PORTAL IDENTITY- PROOFING - Delaware Valley …

32 hours ago Remote Identity-Proofing for Patient Portal Registration Confidential and Proprietary21 Something you know (good) • Passwords • Knowledge-based authentication (KBA) Something you have (better) • Photo ID • Token •Device Something you are (the holy grail) • Biometric First time authentication in faceless interactions >> Go To The Portal


How do you identity-proof a patient portal?

GREENE: There are two stages here; the initial identity-proofing and the subsequent authentication every time someone logs into the patient portal. The identity-proofing normally happens either in-person or online. The in-person part could happen as part of the registration process, or it could happen next time someone visits for an appointment.

What are the challenges of patient portal identity security?

Other challenges involved with in-person versus remote identity-proofing, and the various ways to authenticate patients once they've been authorized to access their records via a portal; and The challenges involved with providing adult children access to the health information of elderly patients via patient portals.

What is a patient portal and why do you need one?

This can be partially achieved, at least, through a patient portal, in which you give patients some of the most critical information from their medical record immediately upon request, rather than having them submit a request through a health information management department, for example.

When to grant patient portal access solely to minors?

Healthcare providers that do not have that ability to segregate sensitive data may need to grant a patient portal access solely to minors at age 13 so the parent cannot see their information. In the interview, Greene also discusses: The struggles healthcare providers will have with balancing strong authentication with easy access;

What are the gaps in the patient portal?

Identified gaps discovered during analysis included lack of patient portal education, lack of standard instructions and hands-on training for patients, lack of provider (and clinical staff) education, and no portal promotion within the work environment (Eschler et al., 2016). Lack of portal registration and use is a content issue, due to a lack of information given to patients and providers about the portal. Portal use is also a context issue due to a lack of communication and promotion from staff (Nahm et al., 2017). The lack of education, communication, and promotion are discussed in both the literature review and in personal interviews conducted by the researcher (Eschler et al., 2016; Fix et al., 2016).

Why is the Patient Portal initiative important?

The portal initiative program was founded in the Empowerment Informatics Framework because of its reputation in promoting health technology through patient-empowered tools (Knight & Shea, 2014). The implementation of a patient portal encourages patients to engage in their health care choices and allows them to make better decisions regarding their care. As the initiative program increased portal users, providers saw an increase in patient engagement, most notably through secure messaging and refill requests. Therefore, adoption of the Empowerment Informatics Framework greatly contributed to the success of the initiative program.

How was the portal feedback form used?

Portal activity was monitored, and the portal feedback form was used to guide any necessary changes that should be made either to the portal or to the program to assist in project sustainability. Data was collected and analyzed by the team leader and team members, including the clinic lead for eClinicalWorks and Healow portal system. The number of registered patients with verification via eClinicalWorks were collected and compared to the number of registered patients prior to the initiative. AHRQ feedback forms and PHE-5 scales were collected and counted to assess for patient engagement and portal feedback. Pre and post-PHE-5 scales were collected and given to a third-party statistician to assess for patient engagement. The overarching aim of increasing patient engagement by 60% of participating patients was measured via the PHE-5 scores and information collected from portal analytics. Additional factors, such as no-show rates, portal analytics, and MU metrics were collected and given to clinic administrators and providers.

What is patient portal feedback?

The AHRQ patient portal feedback form is a 10-item questionnaire created by the Agency for Healthcare Research and Quality and is utilized under the Health Literacy Universal Precautions Toolkit 2nd edition. The most important question listed on the feedback form lends to project sustainability: “Now that we have gone through the patient portal, would you use it again? If no, why not?” The AHRQ form was essential due to the shortened duration of the project and the need for feedback regarding necessary changes.

What is the goal of the Patient Portal Initiative?

The portal initiative program aim is to increase patient engagement by 60% of participating patients within the outpatient primary care setting. The question regarding patient portals is, “ In outpatient primary care adults between the ages of 18-65 years old, how does a patient portal registration and utilization program compared to no portal registration and utilization program influence patient engagement within 8 weeks?” Based on the overarching question, this article investigates patient engagement after the implementation of a patient portal initiative program.

What is JBI portal?

As defined by the Joanna Briggs Institute (JBI) Levels of Evidence grading tool, the highest level of evidence studies was collected to assist in identifying successful portal adoption. The collection of evidence illustrated that positive outcomes using digital health interventions was achieved by educating providers about the portal and providing patient education on portals (Nahm et al., 2017). Strong evidence utilizing a two-phase approach and a two-armed randomized control trial to test the effects of portal initiation illustrated an improvement in patient-provider communication at only four weeks. Evidence illustrated that patient education on the portal is the most important predictor of portal adoption (Nahm et al., 2017). Additional studies demonstrated that the most successful portal adoption programs had increased enrollment and activation by giving patients hands-on, one-on-one training with the portal (Shaw et al., 2017). Portal registration and utilization are demonstrated when patients are given a reason to use the portal, which leads to higher activation rates (Powell & Myers, 2018; Shaw et al., 2017).

What is PDSA in healthcare?

A Plan Do Study Act (PDSA) model was used as the framework for this study due to its allowance for continuous improvement and flexibility, including promotion of project sustainability (Donnelly & Kirk, 2015). Additionally, the Empowerment Informatics Framework was chosen to guide the integration of patient-empowering technology (Knight & Shea, 2014). Empowering patients with health- enabling technologies to increase self-management and patient-defined goals is the outcome of the portal initiative program (Francis, 2017).

Why does a healthcare provider sign up for a password?

The healthcare provider signs them up, creates an account, and assigns a password because they know the individual; they've checked the driver's license or some other proof of identification of the individual. The alternative can be remote authentication, where you first do identity-proofing remotely.

What is a patient portal?

ADAM GREENE: Patient portals usually refer to some way for a patient to be able to view some portion of the electronic health records ... of a healthcare provider. ... You can have significant variation with respect to how much information is in the patient portal itself. It could be clinical notes; it could be a much smaller subset of information. This is different than certain other things such as, a personal health record, which is where a patient can keep their own information electronically for their benefit. You could have situations, for example, where someone wants to access their information through an EHR portal of one particular healthcare provider, and then take that along with information from a number of other providers and put it into a single personal health record.

What is the alternative to identity proofing?

The alternative can be remote authentication, where you first do identity-proofing remotely. It could be [asking] questions that are not publicly available, but are known to the covered entity, or the healthcare provider. For example, what was the nature of the last bill or payment? What is the last four digits of your Social Security number as further confirmation, or it could be the healthcare provider outsources this to another company that [uses a] similar [method]. When you apply for one of your credit reports, you have to answer a number of non-public information such as, what street you lived on in a certain year. I know certain healthcare providers who are looking at identity-proofing options like that.

Is it a HIPAA violation to disclose medical information to parents?

Because some minors have the right not to disclose certain medical information, such as reproductive health services, to their parents, it could be a HIPAA violation to disclose the services to the parent, says Greene, a partner at the law firm Davis Wright Tremaine.

Can a parent access a minor's medical records?

Healthcare providers can choose to give parents access to the minor's records via a patient portal, but the providers should consider segregating certain information to make those confidential services inaccessible by the parent, Greene says.

Is there a regulation that requires a patient to have a copy of their medical records?

The other major regulation is HIPAA, in that there has been a longstanding obligation to provide patients with a copy of their medical and billing records, or certain other information in what is referred to as a "designated record set.".

Is a patient portal a secure email?

So for example, the patient portal may also be a messaging portal where a secure e-mail is received by an individual. They receive an unsecure e-mail that just says they've got a message waiting for you at the patient portal. They log in [to portal] and see their information that way.