Verizon Expands Health Care ID Service to Support Mobile Devices, EHRs
Verizon has announced enhancements to its Universal Identity Services-Healthcare platform to allow for easy but secure access to electronic health records (EHRs) and health information exchanges (HIEs) on mobile devices.
Launched in November 2010, UIS is a managed service from Verizon's Terremark IT services subsidiary. UIS is a software as a service (SaaS) utility that allows health care professionals to access documents using medical identity credentials.
"What the managed service does at the highest level is ID proofing, proving that you are who you say you are," Tracy Hulver, director of products and marketing for Verizon's Identity Solutions group, told eWEEK.
Doctors can use Verizon's security credentials to access e-prescribing applications and authenticate their identity using Apple iOS, Android, BlackBerry and Windows Mobile devices.
Smartphones can act as the primary means of authentication, according to Tracy Hulver, director of products and marketing for Verizon's Identity Solutions group.
"Most people already have a smartphone, so it's not like you have to carry a separate hardware token around," Hulver said. "And you're using a device you're already familiar with, and it cuts down on the cost."
The service supports multiple form factors, including one-time password reminders via email or interactive voice response. Other form factors include user name/password and hardware and software tokens.
UIS will block authentication if hostile activity is detected from a certain IP address, Hulver said. If a doctor logs on from two different sides of the world within an hour, the service can detect the abnormal sign-on pattern.
Other new features in UIS include digital signatures for treatment plans, electronic laboratory reports and discharge orders.
In addition, Verizon has added an ID Message Center to allow physician practices to sign documents digitally and log in securely to EHRs and HIEs using a mobile application or Web portal. Through Message Center, doctors can see which user actions are pending, accepted, rejected or expired.
UIS will also now support regulation codes from the U.S. Drug Enforcement Administration and the U.S. Food and Drug Administration, Verizon reports. The FDA's CFR-21 Part 11 guideline mandates how digital signatures can be used with the submission of electronic records.
The news follows Verizon's November 2010 announcement that it will grant medical identity credentials to 2.3 million U.S. physicians, medical assistants and nurse practitioners for free to share and access electronic health records using the company's Medical Data Exchange.
In June, Verizon enhanced its security programs for federal data privacy requirements. An online dashboard called Verizon Security Management Program-Healthcare (SMP-H) allows health care organizations to evaluate and strengthen security based on the Health Information Trust Alliance (HITRUST) Common Security Framework (CSF), which encompasses data protection guidelines widely used in health care.
Cloud-based authentication systems can save costs for a health care practice, compared with housing authentication hardware, according to Hulver. Health care practices can also reduce the costs of identity theft by using the service, according to Verizon.
The service supports up to National Institute of Standards and Technology (NIST) Level 4 authentication. The Health Insurance Portability and Accountability Act (HIPAA) requires authentication up to NIST Level 3 for e-prescribing of controlled substances or accessing EHRs.
By making it easier to sign in securely, Verizon aims to allow doctors to spend more time with patients, the company reports.