Making health care more effective, efficient, and secure for Canadians
Introduction
As in most developed countries, health care in Canada comprises a significant portion of the economy: in 2015, such spending โ almost $5,800 per person โ amounted to 10.4% of our GDP*. To compete and prosper in a technology-driven world, Canadians need secure, ubiquitous, and convenient digital identity systems, and a sector as important as health care โ in both its public and private-sector aspects โ stands to benefit greatly from digital identity in at least three ways.
First, and most obviously, through improved efficiencies. The need to identify oneself when seeking access to health services comes up frequently in every process: booking a doctorโs appointment, picking up a prescription, checking into a hospital, registering in a new province. Even health care professionals need to identify themselves when requesting access to patient records or prescribing medications. At each step, a secure digital identity could eliminate minutes, hours, or even weeks of delay currently caused by the need to show or send physical copies of identity cards or other credentials. A system made faster through digital identities would be a less expensive system, freeing up resources that could be used in higher-impact areas.
Second, by reducing the risk of heath care fraud โ a continuing concern for governments and taxpayers. Provincial health cards may be applied for with forged documents, or, being physical, they may be forged themselves. Paper-based prescriptions may be falsified, or filled in the wrong personโs name. Health service providers may bill payors (whether governments or insurance companies) for services not actually rendered. And while the total cost of health care fraud is difficult to estimate, it is likely that the expensive processes and manpower devoted to keeping fraud in check could be significantly reduced through digital identity systems.
Finally, by improving health outcomes, which is a goal that patients, governments, and private-sector providers alike can support. Getting the right services to the right person without error โ and preventing services or drugs being given to the wrong person โ with the speed, efficiency, and convenience that secure digital identities enable, is key to raising the effectiveness of the health system as a whole. In short: healthier Canadians, at less cost.
This paper sets out five guiding principles that we think should lie at the foundation of any broadly-adopted digital identity system, and walks through three examples of how such capabilities could improve our health care system for the benefit of all Canadians.
Our principles
Digital identity is easy to theorize about, but architecting and implementing a comprehensive, secure, and sustainable system is another matter entirely โ and an important part of getting it right is having a clearly articulated set of principles to guide the effort. We believe that there are five:
User control & convenience
No one wants to entrust a system with their personal details if those details are going to be transferred to and stored by numerous parties โ especially if this happens without the userโs control or knowledge. At the same time, an identity system must be convenient and easy to use; if it isnโt, it wonโt be adopted by Canadians already used to intuitive apps on mobile devices.
Ubiquity
Security risks abound when people have to create different identities and passwords for each public and private service they access: theyโll often default to a single, easy-to-remember (and easy to crack) password, for example. At the same time, a digital identity that only applies to a handful of services will probably not be well adopted. A ubiquitous system is a more convenient and more secure system.
Security via abstraction
Even with the best user controls, identity data will end up in the hands of many different players in the health care ecosystem. A highly effective way of securing that data is to โabstractโ it, by replacing a private identifier with a publicly-available one (like a personโs email address) or by replacing it with a randomized number that serves as an authorized โtokenโ for the purposes of the transaction โ and is not useful for any other purpose.
Standards & openness
In any dynamic system, itโs difficult to predict what the future will look like โ so itโs important to build todayโs solutions on universally-agreed standards. Not only does this reduce costs by eliminating the expense of building and then later having to adapt custom, one-off solutions, but it enables solutions built by others in the future to โplug intoโ the initial solution. Openness as an approach encourages adoption, innovation, and flexibility.
Trusted brand
No user is likely to adopt an identity solution built or maintained by an organization they donโt trust; the question of identity is simply too important, and the impact of identity theft too great, to leave this to chance. Further, building a solution will require the cooperation and coordination of many players, and these players need to trust each other and the organization leading the effort.
Example 1: Prescriptions
The simplest example of the impact digital identity can have on the system โ and on the patient experience โ is the doctorโs visit and prescription process.
Hereโs how it could work in a future with digital identities.
A person has a cough they canโt seem to shake. Because theyโre new in town, they use an online, government-provided registry to find a local doctor, easily verifying their credentials because the doctorโs licence is shown and has been digitally authenticated by the provincial ministry of health. Using their mobile device (since theyโre out shopping at the time), they access their doctorโs website and book an appointment, authorizing it with the digital identity they carry in their deviceโs mobile wallet. The appointment instantly appears in their calendar with a reminder notice enabled for the day before.
When they arrive, a quick tap with their phone sends their identification to the officeโs admission system, which marks them as โin the waiting roomโ. With a reference to their digital identity, it also time codes their file for ministry billing purposes as soon as theyโve been called into the examination room.
The doctor prescribes some medicine for the patientโs cough, and digitally signs the prescription so the pharmacy can validate both that the prescription is intended for this particular patient and that it was written by a licensed doctor โ ensuring that a โchain of custodyโ is preserved from start to finish. The doctor sends that prescription electronically to the patientโs preferred pharmacy.
The patient goes to their pharmacy to pick up the prescription. The pharmacist brings the medicine, and the patient authenticates themselves with their phone by providing a โtokenizedโ version of their digital identity. Certain that this is the right patient, the pharmacist hands over the prescription, accepts secure payment via the patientโs digital wallet (a debit card, weโd like to assume), and uses the patientโs tokenized identity to submit the insurance claim for the bulk of the price.
Example 2: Payments
As our patient leaves the doctor, the office automatically submits a services bill to the provincial ministry of health, detailing the services provided, the time required to provide them, and including the patientโs identity to fully authenticate the invoice. Authenticated real-time invoices substantially reduce the risk of billing error and billing fraud, reducing overhead for medical practices and for the ministry of health. Whatโs more, without having to allow significant time for billings to be reconciled between the two parties, it may become possible over the longer term for ministries to remit payments to doctors on a near-real-time basis.
Similar benefits would accrue to situations where medical service providers bill private insurance companies โ for example, in the provision of physiotherapy services to auto accident victims. Digital identities would enable providers to authenticate each billable session, and the reduction of fraud risk that this entails for the insurance company (which would be far more sure that a bill is tied to a specific, verified patient) would enable them to pay providers more rapidly โ while also reducing some of the overhead they currently devote to sniffing out fraud.
Example 3: Records
Letโs say that a patient finds a new job in another province, and moves there with their family. For the first few weeks after arriving, part of their activity will be devoted to registering for government services in their new province โ including health services.
Instead of having to visit a ministry office in person to present their identification documents (birth certificate, driverโs licence, etcโฆ) and their various proofs of residency (utility bills or the like), the patient would be able to use their digital identity on a government website, proving both who they are and where they live in one simple, digital action. Even their health card would arrive in digital form (followed by, much later, the physical version); should an illness strike a family member soon after the move, they would be able to access local health services as smoothly as any other provincial residents.
Finally, having found a new family doctor, the patient would be able to use their digital identity to grant access to their medical records from the other province, enabling the doctor to benefit immediately from a comprehensive set of background information on the patient. The patient could also give permission to their doctor to share some or all of their medical records with specialists as required, giving them full control over who their information is shared with, for how long, and why.
In the same way, a digital identity would allow the patient to access their own records online. Personal access to medical records would improve patientsโ sense of ownership over their own data and health, allowing them to check immunization histories for their families, and with the help of apps, to make certain decisions without necessarily having to book a new doctorโs appointment.
In this sense, digital identity is not just about โmay I?โ but about โmay you?โ, as well. In other words, not only would digital identity make it easier for patients to gain access to healthcare services, but it would also give them the ability to control โ in real time โ which providers may access their confidential records for the purpose of giving them better-informed medical care.
Conclusion
Health care by its nature is often complicated and uncertain, and providing consistent and effective services across a country as big as ours has been a remarkable accomplishment. Digital identity promises to make this system even better:
More efficient, by reducing paperwork, reconciliation effort, and investigative overhead.
More secure, by reliably verifying the identity of each patient at system registration and when accessing services.
More effective, by reducing communication errors and fraudulent access to medicines, and by ensuring instant access to the right information when needed.
The potential is both exciting and close at hand. Digital identity capabilities can be rolled out over time, working with and improving the existing system in incremental steps ๊ท and sparking new innovations and services along the way. Following the principle of ubiquity, moreover, a digital identity system that works for health care should also be designed to work equally well for all other government services. Weโll take a close look at some of these service categories in upcoming white papers.
If youโre interested in collaborating with Interac on the future of Digital ID, drop us a line at digitalid@interac.ca
* Source: Canadian Institute for Health Information
https://www.cihi.ca/en/how-does-canadas-health-spending-compare-internationally