Authentication for Organ DonorsDonor Network Uses ID Verification to Ease Enrollment
In an interview (transcript below), he:
- Describes how the authentication technology from IDology Inc. uses two levels of ID verification. One level instantly checks donors' names, addresses and the last four digits of their Social Security numbers against databases. If there's a mismatch, the other level completes a more thorough verification based on answers to detailed questions.
- Suggests that other healthcare organizations might use the authentication technology to support claims processing, customer support and other functions.
- Outlines how the donor network uses encryption for its electronic health records as well as when accessing a national donor database.
- Describes why its IT department verifies the security procedures of hospitals and vendors before exchanging data with them.
Richardson has served as executive director of the Nevada Donor Network since 1995. The network serves southern Nevada, including Las Vegas. He previously served in the same role for Kentucky Organ Donor Affiliates and also worked as administrator of the kidney disease program at University of Louisville School of Medicine.
HOWARD ANDERSON: I understand you are using new technology to confirm the identities of potential organ donors. Why was there a need to add automated ID verification to your online sign-up process?
KEN RICHARDSON: Most states now have a donor registry system that is electronic, and many of them are through the Department of Motor Vehicles. We needed to create a secondary pathway so that people wouldn't have to wait in some of those long lines. And when we first started talking about creating a second pathway, a separate website that would allow people to enter the donor registry, we needed to make sure that we could verify their identity. That's because a donor registry is like a living will. So we want to make sure that the people who are entering this information are actually who they say they are.
ANDERSON: How did you go about selecting what type of authentication technology to use?
RICHARDSON: Well, that was a tough issue for me, because I'm not an IT person; I'm a healthcare administrator. ... So we had our IT department talk to some folks around the country. We talked to other organ banks that were looking at different types of technology, and then we ended up selecting a firm called IDology because they had what I thought was the best ease of use and a really good verification system.
Authentication MethodsANDERSON: Tell us a little bit about how the technology works. I understand it offers two levels of verification, is that right?
RICHARDSON: The lower level of verification can do validity checks with as little information as a name and address. And when you go to the next level, there is a higher level of verification that uses ... many databases to sort of crosscheck on the fly, obtaining different answers to multiple choice questions to see if the person is who they, in fact, claim to be. It's really just amazing to me to realize that within a few seconds, you can verify the identity of someone.
ANDERSON: What determines what level of verification is used for a particular donor?
RICHARDSON: Well, if the initial information, based on the last four digits of the Social Security number, name and address, all match, then you're good to go. If there is a mismatch, or something doesn't come out quite right, then you go to the next layer of verification and begin with multiple questions and determine the answers to the questions. And if they come back true, then you have a valid verification.
Electronic Health RecordsANDERSON: So based on your experience so far, how do you think other healthcare organizations could put the technology to use?
RICHARDSON: Well, the big buzz issue in healthcare today is electronic medical records. But there are a lot of instances where ... you have to protect privacy within healthcare, and you can think of almost countless ways that this type of technology can facilitate billing and claims and customer support. ... It's almost endless.
Role of EncryptionANDERSON: What other technologies are you using to keep the online sign-up process, as well as other communications with donors, secure?
RICHARDSON: Many technologies are provided by governmental agencies or government contractors. The sad part of it is many of these systems have grown up independent of one another, and they're not always compatible and there's not always uniformity across platforms, and that's very frustrating. But we have an electronic medical records system that is encrypted and managed by an offsite location in Denver, Colorado. Then, we also use a national system that uses a different kind of encryption; it's really probably the most comprehensive database in the world, in terms of organ transplantation. It has virtually every patient since around 1984. So it is really a comprehensive database. ...
ANDERSON: And whose database is that latter one you just described?
RICHARDSON: The latter one is the United Network for Organ Sharing, also known as UNOS, based in Richmond, Virginia. They are a government contractor that manages the organ transplant system on behalf of the federal government. They have a government contract with the Health Resources and Services Administration.
Assessing SecurityANDERSON: Finally, how are you addressing security for communications with the hospitals and research organizations that are using the donated organs and tissues?
RICHARDSON: Well, that's a really good question, because it is really sort of exploding. Everyone is recognizing the benefits of electronic communications over more traditional methodologies. What we do is, when we have a vendor or another provider that we want to share information with, we have our IT department evaluate their standards and what kind of security measures are used. That's the first step. And then, we look at compatibility and what type of information we can exchange. So it's rather a thorough process that we have to go through to make sure that we have secure information that is protected for the privacy of the patient.