SAN FRANCISCO, June 29 /PRNewswire/ -- Soon-to-be-implemented health care privacy laws passed by Congress in 1996, along with an increased threat of e-mail tampering, has lit a fire under the medical profession's search for a system to ensure secure electronic transmission of sensitive medical information. MEDePass, Inc., the California Medical Association's high tech start-up, yesterday became the first company in the U.S. to offer a solution to online security concerns when it issued its first digital certificate (computer files that act as electronic identification cards, or signatures). The certificates enable physicians and others in the health care industry to verify their online identities and conduct protected electronic communications via e-mail and the Internet. As federal Health Insurance Portability and Accountability Act (HIPAA) regulations go into effect over the next few years, physicians, health plans, insurers, e-commerce health care vendors -- in fact, all sectors of the medical community -- must have a technology system in place to protect the confidentiality of medical information. Failure to comply with HIPAA regulations carries federal penalties as high as $250,000 and/or ten years in jail. Even without federal requirements, physicians, other health care providers, and their patients have come to realize that e-mail and other Internet-based communication is subject to tampering. Anyone with basic technical savvy can "spoof" an e-mail address to make it appear as if the sender is someone known to the recipient -- in effect stealing the e-mail address holder's identity. In the absence of technical safeguards, it is impossible for the person whose identity has been stolen to deny that they sent the fraudulent e-mail. This kind of fraud is a growing problem for online banking and credit card transactions. In the health care field, the fraud will pose a serious threat to patient confidentiality if the sender can spoof the identity of a physician in order to, for example, obtain confidential medical information or purchase controlled products over the Web. Fears about the lack of online security have discouraged physicians and other health care providers from using the Internet to transmit patient-identifiable information such as medical bills, colleague-to-colleague consultations, and e-commerce orders. With the proper security tools, however, physicians can be assured that every time they e-mail a patient, exchange patient information with a colleague, go online to buy regulated medical supplies such as syringes, or bill an HMO, they are communicating with the party they intended to, and the information they transmit is accessible to the intended recipient only. While the financial community has used similar technology behind these certificates for years (as has the Department of Defense to encrypt military information), MEDePass is the first to secure medical information using what is known as "public key infrastructure." Other entrants in the race to protect medical communications include the AMA and other private vendors. "The key to protecting the confidentiality of health care information," Jack Lewin, M.D., MEDePass CEO and CMA Executive Vice President says, "is to ensure and protect physician identities. Physicians are at the center of all health care communications -- with their patients, their colleagues, hospitals, health plans, government agencies, and a growing number of e-health vendors and applications. "Patients must be confident that when their physicians transmit sensitive medical information, both the physician's identity, and the identities of the physicians the information is sent to, are firmly established -- and that the information is safe from prying eyes." To earn the confidence of physicians and their patients, MEDePass is partnering with state medical associations, building on their relationships with local medical communities to guarantee that only fully licensed and qualified physicians receive the MEDePass digital certificates. Physician associations in Massachusetts, Pennsylvania, Virginia, Missouri, Wisconsin, Nevada, Oregon and Washington have shown strong interest in using the MEDePass model to secure their physicians' communications. The Social Security Administration, the multi-state St. Joseph's Health System, and Kaiser Permanente have agreed to recognize MEDePass certificates as online physician credentials. Significantly, MEDePass digital certificates will be owned and controlled by the physician community. Other online security solutions would put such control in the hands of private corporations. The MEDePass model, which will be fully compliant with the new HIPAA regulations, provides the level of assurance that patients, physicians and other participants in the health care field need to feel fully confident about sharing information electronically. California physicians who wish to pre-register for MEDePass digital certificates can do so at http://www.medepass.com . Dedicated to the health of all Californians, CMA represents more than 34,000 California physicians from all regions, modes of practice and medical specialties.
SOURCE California Medical Association