People are stealing digital identities at an alarming rate, with identity and dental records thefts being a key target. According to the American Dental Association (ADA), a dental record can be worth up to $1000 on the dark web because it is loaded with information such as a patient’s name, birthday, social security number, medical insurance coverage, and more. Medical and Dental Identity Theft is when someone steals or uses your personal information (like your name, Social Security number, or Medicare number) to submit fraudulent claims to Medicare and other health insurers without authorization. This form of identity theft can disrupt healthcare for patients and providers and waste millions of taxpayer dollars.
As patients, we should always protect our personal information, check medical bills and statements, and report any questionable charges or fraud. For dental practices, practice management organizations, and professionals handling patients’ personal information, Identity Proofing is critical to mitigating fraud, which, according to The Institute of Medicine, costs the U.S. healthcare system more than $75 billion annually.
What is Identity Proofing?
Identity Proofing is the process by which a Credential Service Provider (CSP) collects, validates, and verifies information about a person.
According to the NIST Special Publication 800-63-3 Digital Identity Guidelines:
“Identity proofing establishes that a subject is who they claim to be. Digital authentication establishes that a subject attempting to access a digital service is in control of one or more valid authenticators associated with that subject’s digital identity. For services in which return visits are applicable, successfully authenticating provides reasonable risk-based assurances that the subject accessing the service today is the same as that which accessed the service previously.
Digital identity presents a technical challenge because this process often involves proofing individuals over an open network, and always involves the authentication of individual subjects over an open network to access digital government services. The processes and technologies to establish and use digital identities offer multiple opportunities for impersonation and other attacks.”
Why is ID Proofing necessary in dental practices?
A digital identity uniquely represents a person engaged in any online transaction. A digital identity is always unique in the context of a digital service but does not necessarily need to uniquely identify the subject in all contexts. In other words, accessing a digital service may not mean the subject’s real identity is known. Identity Proofing ensures an individual’s digital identity and the actual individual are the same –not someone pretending to be someone else online. This is crucial in all aspects of healthcare, especially relative to HIPAA. You must only deliver dental services and share protected health information with patients who are confirmed to be who they say they are.
What elements are required in ID Proofing?
The National Institute of Standards and Technology’s NIST Special Publication 800-63-3, Digital Identity Guidelines, calls for collecting and assessing multiple pieces of user-asserted evidence to make an identity-proofing decision. These changes have been made because of the continuous compromise of personally identifiable information (PII), including names, SSNs, and physical addresses.
Click for the HHS.gov list of acceptable documentation that can be used to verify a consumer’s identity. Each document includes an image example, if available, and criteria to help verify the document. A consumer can provide proof of their identity by submitting any one of the Tier 1 documents or a combination of the Tier 2 documents detailed in the table.
How can you ensure your dentists are compliant with ID Proofing?
The Department of Health and Human Services has several resources available on its Cybersecurity Guidance site for healthcare providers to ensure they are compliant with ID proofing and other cyber security protections. HIPAA-regulated entities that adopt cybersecurity best practices and comply with the HIPAA (Health Insurance Portability & Accountability Act) Security Rule requirements will be better protected against security incidents and data breaches.
Yet compliance with ID Proofing is not just a cyber security issue. According to a recent article from The HIPAA Journal:
“With new HIPAA regulations in 2023, including the addition of Personal Health Applications,
– an application used by an individual to access their health records – healthcare organizations will be required to inform individuals about the privacy and security risks of sending their PHI (Protected Health Information) to a third-party application, which is not required to have safeguards mandated by HIPAA. Healthcare providers are likely to have to develop their own patient warnings to ensure patients are made aware of the risks. A change has also been made which allows patients to orally request a copy of their PHI be sent to a third party.
The new HIPAA regulations will allow patients to inspect their PHI in person and take notes and photographs. That too will create challenges, as patients will need to be allowed to inspect their PHI privately, and care will need to be taken to ensure they are not photographing PHI that they are not authorized to obtain – either their own or the PHI of others. HIPAA-covered entities will need to determine how best to provide that information.”
Dentists and their staff must ensure that ID proofing happens online and in person to protect their patients.
Identity Proofing is Required for Dental Electronic Prescribing of Controlled Substances (EPCS)
Dentists who prescribe controlled substances must complete the Identity Proofing (IDP) and EPCS Two Factor Authentication (TFA) process before sending prescriptions. At DoseSpot, seamless IDP software automatically submits identity proofing through Experian Precise ID. Completing this process is essential for safety and protection against fraudulent ePrescriptions. Facial recognition features in Experian are also becoming available within the DoseSpot ePrescribing platform to make this process easier and even more secure.
Experian will return a collection of financial-based questions and answers when the Identity Proofing software is launched. To complete this process, the dental provider must answer three (and sometimes four) questions successfully.
Common Error Checking
The IDP software automatically submits identity proofing to Experian and identifies any errors that must be addressed. Using a national credit bureau to complete the identity-proofing process will not affect your credit score or rating and should not be reflected in your credit history. DoseSpot only receives and stores information regarding the dates IDP was completed and passed and the reference number used during the TFA setup.
Halting the IDP Process When Flagged
There are multiple reasons why an individual may fail to pass the initial identity-proofing process. DoseSpot takes prescriber and patient safety and security very seriously and acts with caution. When IDP fails, start by verifying DoseSpot Setup in Open Dental and verify that all information entered is correct. If necessary, contact Open Dental Support for further assistance.
Monitoring Dental Prescribing Behavior While Providing High-Quality Healthcare
All 50 states and the District of Columbia allow the ePrescribing of controlled and non-controlled substances, and more than 90% of pharmacies can receive ePrescriptions. Of course, this includes larger retail pharmacy groups such as CVS, Walgreens, Walmart, other grocery chains, and mail-order pharmacies.
Mandatory steps must be taken to prescribe controlled substances; if not completed, your patients must wait for needed medications and therapies. ePrescribing software has many advantages that save time, improve patient safety, and provide better tracking to monitor prescribing behavior.
To get started writing prescriptions for controlled substances safely in your practice, connect with the Open Dental Support Team and ask about DoseSpot’s fully secure, compliant, and flexible software.