Mastercard makes healthcare move with digital ID solution patients can use on their smartphones

In its first major move into healthcare, Mastercard is teaming up with b.well Connected Health to launch a digital solution that enables patients to verify their identity using their mobile phones.

The ID verification service gives patients a simpler and more secure way to prove their identity online and in person when accessing healthcare services. Rather than relying on username and password credentials, the service employs a password-less authentication process through the use of smart biometrics, the companies said in a press release.

Digital health company b.well Connected Health brings together patient data across providers, insurers, pharmacies, and a patient's own apps and devices. The company plans to offer the service to its health plan and health system customers.

There is a need to modernize approaches to patient ID verification to make it simple and seamless for patients, Kristen Valdes, CEO and founder of b.well, told Fierce Healthcare.

Typically, when patients want to gain access to their health records, they must show up in person at a doctor's office and present their driver's license or other documents to verify their identity, she said.

RELATED: Groups urge Congress to take action on patient identifier as COVID-19 raises the stakes

"Consumers want to use their phones to connect with their doctors, get information about their insurance, and share sensitive information with trusted sources, but the process for authenticating themselves is complicated, difficult, and not always secure," Valdes said.

"Our partnership with Mastercard solves that problem by enabling consumers to protect their identity, while at the same time simplifying the verification of their identity, giving them more control over their personal information and streamlining interactions with their providers and health plan," she said.

The service provides patients with a biometric alternative to verify their identity in person or virtually using a combination of government ID document scanning, facial biometrics with liveness detection and mobile phone intelligence, according to the companies.

According to a survey of 500 consumers conducted by b.well, 86% of consumers either want to use their smartphones to access medical and health insurance information or already do so. The majority of consumers said they would be comfortable using a digital ID to secure their personal information on their smartphones.

One health system is already on board with using the solution. ThedaCare, a seven-hospital Wisconsin health system, is the first U.S. health system to use the Mastercard ID verification service.

RELATED: Industry Voices—Removing ban on nationwide unique patient identifier would save lives, money

The digital ID service offers added safety and security for patients to use their smartphones to verify their identity when accessing virtual care or sharing personal medical information, adding convenience as well as peace of mind, according to Jim Albin, chief information officer of ThedaCare.

Mastercard is bringing its expertise in developing identity management solutions for the financial industry to the healthcare sector as digital access to healthcare is now considered essential following the disruption of 2020.

"Verifying patient identity is a crucial step in protecting sensitive healthcare data, either shared or in a single service – but current processes simply are not fit for a digital world. Paper-based authentication (traveling in-person to show a utility bill with your home address on it, for example) of patient identity is inconvenient, inefficient and prone to error," Sarah Clark, senior vice president digital identity at Mastercard, told Fierce Healthcare.

With ThedaCare, the technology is being used to verify patients' identities so they can have secure access to their health data, but the technology also could be used to integrate other data flows such as income verification and other financial information.

"It can mean greater convenience in enrolling on insurance plans, easier claiming procedures, more efficient and reliable transfer of medical records to other providers and reduce medical fraud by protecting patient data," Clark said.

Mastercard's ID verification solution is designed to comply with the National Institute of Standards and Technology (NIST) Identity Assurance Level 2 (IAL2), the federal government's highest level of assurance for remote consumer-facing identity proofing. The NIST IAL2 benchmark is aligned with the ONC Cures Act Final Rule for secure patient access to their medical record, the company said.

RELATED: Industry Voices—Patient matching issues won't go away with interoperability. Here's why

The solution is being launched as a new federal regulation goes into effect Monday that that will give patients easier access to their digital health records through their smartphones. The Department of Health and Human Services is pushing the industry, through upcoming interoperability regulations, to open up an app ecosystem that enables patients to engage with healthcare on their smartphones and through health apps.

The Office of the National Coordinator for Health IT interoperability rules rely on the OAuth 2.0 protocol for authorization—a secure protocol used on travel and banking software applications—to ensure patient security. But this approach still relies on portal logins and passwords, according to Valdes.

The patient ID solution launched by Mastercard and b.well advances interoperability by going beyond portals, logins and passwords, Valdes said.

"Patients have portals, passwords, and logins for every doctor, health system, and insurance carrier they interact with. It's difficult to maintain and not all their information is aggregated. What Mastercard's solution allows us to is handle identity verification outside of a portal," she said.

She added, "We believe this is going to be the rising standard for all digital health companies. This is the future of interoperability and also empowers applications and trusted third parties to connect beyond just a one-to-one provider relationship and into health information networks and health information exchanges."