Robust authentication against health-care fraud in the USA

Digital certificate and signature, and the Chip&Pin system, the keys to medical identity security.

Unfortunately, fraud in the health-care system in the USA, whose victims are both the insurance companies and the end user, is something that is growing. On the other hand, we should be aware that it is something that could be eliminated by the implementation of security systems based on cryptography, such as digital certificate and signature, and Chip&Pin cards, which generate a more reliable environment for both sectors, providing a secure means of identification and authentication.

One of the social issues which the USA faces is fraud in the health-care system due to the many cases in which insurance companies, the managers of health-care services in this country, are victims both of criminals who steal the identity of actual medical policy-holders, and other racketeers who pretend to be medical personnel and issue false invoices, once they have misappropriated the insured’s data.
This fraud is worth tens of billions of dollars annually, affecting a range of between 250,000 and 500,000 people, and continues to grow. It impacts negatively on the quality of health-care services and leads to higher costs.
The National Health Care Anti-Fraud Association is the largest non-profit organization in the USA whose aim is the elimination of health-care fraud. You can learn more about it on this LINK.

Digital certificate and private key on Chip-cards to authenticate our identity.

Americans identify themselves either with their driving license or other photo-card, for example a student ID card, because there is no a national identity card here as in the case of most countries around the world.
But this means, the most inured criminals are able to forge and use, as is in the case of health-care, the identity of the owner of that health insurance document, and defraud to these insurance companies and the state health-care system.
In this situation, what action can insurance companies take to avoid fraud?
Require to the health system, or failing that, the insurers themselves who act as Certifying Authority, to issue digital certificates with the identity and characteristics of the health insurance policy-holder. This would also mean thatthey could be rescinded if necessary, for example if the insured cancels their policy, allowinga more comprehensiveand reliablecontrol of clients.
These digital certificates, which contain our personal information, would be on-board the cryptographic chip of the smart card along with your private key. Then if we add-in PIN use to our identification system, we have what is known in Europe as a robust authentication system, the use of “what I hold” (private key) with “what I know” (PIN).
For their part, health-care professionals should have a terminal that allows them to read the cards, and so access to the information contained on its chip, validating the digital signature and certificate.
This process will help minimize the risks associated with these types of fraud and identity theft, because the chip-card contains a personalized digital certificate with the information, so the medical staff make a visual check, but that is supported by our physical presence and the introduction of our key or PIN.
Additionally, the chip-card’s digital certificate allows us, as users, to confirm that we have received the health-care service.
Which in turn can be used as an essential and irrefutable proof for the health-care system to issue real invoices to insurance companies and so reducing the risk of swindles.

Digital signature to authenticate electronic health-care invoices.

To strengthen the security of this process and avoid receiving false invoices, insurance companies should require digitally signed electronic billing, with the signature performed by the user through the digital signature system for the identification and authentication of the Chip&Pin card.
doctor computer einvoice
Doing this, cases such as the Boston psychiatrist who claimed to have treated more than 130 patients in need of his psychiatric therapy and even issued treatment reports, or the Chicago cardiologist who performed unnecessary tests and operations for 10 years, could be avoided.
Since the health-care reform passed by the Obama administration (for more information click this link) is being pursued more strongly, these criminal activities on the national health-care plan can be punished by significant financial penalties and/or up to 20 years in prison.
And in turn, requires health insurers to be proactive and implement fraud detection protocols.
With this scene, it is obvious that this cryptographic technology which the firm provides along with the digital certificate and the Chip&PIN identification and authentication systems is the only way to provide a trustworthy environment, where risks of fraud are kept to a minimum level, the non-repudiation and contribute authenticity to the process.
It is, as mentioned in numerous articles from REALSEC, encryption and digital signature are the key elements to minimizing the risk of fraud, as the CEO of REALSEC demonstrated clearly in this article.
Where it is repeated, that for digital certificates to be reliable, they must have been generated by a CA (Certification Authority) supported by a HSM, Hardware Security Module.{:}

No Comments

Post a Comment