White House Cyber-Security Strategy Could Guard Health Care Payments

Recent guidelines issued by the White House on cyber-security could provide an impetus for secure online bill paying in health care, according to health care industry experts.

The National Strategy for Trusted Identities in Cyberspace presented by the White House provides direction on how to protect consumers and businesses from identity theft and fraud in online transactions by creating an identity ecosystem.

Under the ecosystem strategy, consumers would maintain their anonymity during transactions by providing one piece of information, such as age, but not name, address, birth date or other information.

"The rapid and vastly positive changes that have followed the rise of online transactions—like making purchases or downloading bank statements—have also led to new challenges," President Obama wrote in the strategy document. "Few have been as costly or nerve-wracking for businesses and families as online fraud and identity theft."

The new infrastructure would bring choices for consumers, according to a blog post by Howard A. Schmidt, cyber-security coordinator and special assistant to the president.

As part of the infrastructure, cell phones might incorporate a "digital credential" that would allow consumers to perform financial transactions by entering a short PIN or password.

Consumers could also choose among their health care provider, financial institution, email service or other organization for their identity management service, he said.

In health care, patients could log in to their health care bill-pay service using cell phones, key-chain fobs or smart cards, Schmidt suggested.

"NSTIC envisions a private sector-led effort to create a new infrastructure for the Internet, built on interoperable, privacy-enhancing and secure identity credentials," Schmidt said.

Experts from HIMSS (the Healthcare Information and Management Systems Society) were among those in the health care industry who provided comments to the Obama administration on cyber-security issues before the strategy was released.

The NSTIC policy could aid the medical banking industry as consumers use the Web to pay for medical services, according to Lisa Gallagher, senior director for privacy and security at HIMSS, which runs a medical banking project that helps financial institutions collaborate with health care organizations.

The identity scheme could be useful when patients pay for health services with a credit card, she said.

"What it outlines is a strategy for general identity protection in the realm of e-commerce," Gallagher said. "In health care, we see that type of transaction becoming more and more common."

Allowing consumers to have more control over their identity in e-commerce is a key part of NSTIC, she explained.

The NSTIC guidelines, issued by President Obama on April 15, come as more health care financial transactions move online, in addition to EHRs (electronic health records), according to John Casillas, senior vice president for HIMSS' Business-Centered Systems and Medical Banking Project.

"Banks are emerging as a primary stakeholder as we move to electronic business transformation in health care," Casillas told eWEEK. "The industry that is extremely invested in cyber-security is banking."

Banking infrastructures created for HIEs (health information exchanges) will benefit from the identity management strategy, he said.

"It is likely that as we move to more of an electronic health care state, that the banking and financial institution methodologies will be deployed to make that digital ecosystem as safe and secure as possible," Casillas said.