This page contains a Flash digital edition of a book.
provides another layer of protection beyond the standard user name and password login. After sign- ing in as usual, consumers must provide a six-digit security code generated by the user’s strong au- thentication credential. Because the codes change with every sign-on, they are exceptionally difficult to foil. Credentials are available in many formats, including free apps for smart phones.


• Extended validation SSL (EV SSL): Secure Sockets Layer (SSL) is a security protocol used by Web browsers and Web servers to help users protect their data during transfer When users with high-security Web browsers see their ad- dress bar turn green, they know they reached a site protected by an EV S certificate. Because the green address bar is built into the browser interface,interface, it cannot be easily spoofed. For this reason, EV SSL certificates are particularly effective in protect- ing users from phishing schemes that lure them to sites designed to look real, but aren’t.


. When users with s see their ad- now they’ve an EV SSL en addr


ress


s are tect-


emes gned


• Public key infrastructure (PKI): PKI solutions – usually deployed to serve thousands, even mil- lions, of users – combine strong authentication with encryption using digital signatures to ensure auditable com- munications and transactions. PKI is useful to harden the networking infrastructure within a health- care provider, and it helps protect information as it flows through a healthcare pro- vider.


KI):


oyed mil- rong


ption sure


• Fraud detection:


While strong authentication, SSL and PKI are all visible to users, fraud detection works behind the scenes. It works by learning how users be- have online and then recognizing and responding to unusual behaviors that could signal potential fraudulent activities. Fraud detection is especially useful in providing a non-intrusive authentication solution to protect information made available through self-service healthcare/health insurance portals run by healthcare providers and health plans.


www.healthmgttech.com


Each of these protective layers reinforces the other while ensuring the security of sensitive information across multiple computing platforms and mobile de- vices. Together, they make it harder for fraud cartels to gain access to user accounts or fool consumers into revealing sensitive information.


And because these services are cloud based, IT departments don’t have to build and maintain ex- pensive on-premise security systems. That should come as a relief, because 40 percent of healthcare companies report they are overwhelmed with the complexity of on-premise strong authentication implementations.4


complexity of on implementati


The benefits of trust with patie of o


The be By


By establishing trusted relationships with patients and policyholders, these safeguards encourage the adoption of online services that bring new cost


effi ciencies. They also help providers and health plans comply with government privacy and risk-management mandates.


By establishing trusted relationships with patients and policyholders, these safeguards encourage the adoption of online services that bring new cost efficiencies. They also help providers and health plans com- ply with government privacy and risk-management mandates. And by detecting and preventing fraud, medical identity theft and data breaches, they mitigate losses that would harm the bottom line. As healthcare services con- tinue to move online, consumers’ questions remain – chief among them whether providers and health plans are doing what it takes to protect their per- sonal information. Without the right se- curity measures, the healthcare industry can expect a long, painful and costly


enef esta


safegu o


cost prov p


by d med brea wou A


ply w risk- b


tinue future. HMT


1. Ponemon Institute, March 2010. 2. “Breaches of Health Care Data Expected to Keep Rising, Study Concludes,” iHealthBeat, Sept. 8, 2010, accessed at www.ihealthbeat.org.


3. Forrester Study commissioned by the VeriSign User Authentication Group, now part of Symantec, August 2010.


4. A commissioned study conducted by Forrester Consulting on behalf of VeriSign Authentication, August 2010.


HEALTH MANAGEMENT TECHNOLOGY December 2010 17


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36