Faced With Heightened Privacy Laws & Threat of Online Identity Theft, Medical Community Races to Solve Health Care Data Security Puzzle

California Medical Association Start-Up First to Offer Online Security


Jun 29, 2000, 01:00 ET from California Medical Association

    SAN FRANCISCO, June 29 /PRNewswire/ -- Soon-to-be-implemented health care
 privacy laws passed by Congress in 1996, along with an increased threat of
 e-mail tampering, has lit a fire under the medical profession's search for a
 system to ensure secure electronic transmission of sensitive medical
     MEDePass, Inc., the California Medical Association's high tech start-up,
 yesterday became the first company in the U.S. to offer a solution to online
 security concerns when it issued its first digital certificate (computer files
 that act as electronic identification cards, or signatures). The certificates
 enable physicians and others in the health care industry to verify their
 online identities and conduct protected electronic communications via e-mail
 and the Internet.
     As federal Health Insurance Portability and Accountability Act (HIPAA)
 regulations go into effect over the next few years, physicians, health plans,
 insurers, e-commerce health care vendors -- in fact, all sectors of the
 medical community -- must have a technology system in place to protect the
 confidentiality of medical information. Failure to comply with HIPAA
 regulations carries federal penalties as high as $250,000 and/or ten years in
     Even without federal requirements, physicians, other health care
 providers, and their patients have come to realize that e-mail and other
 Internet-based communication is subject to tampering. Anyone with basic
 technical savvy can "spoof" an e-mail address to make it appear as if the
 sender is someone known to the recipient -- in effect stealing the e-mail
 address holder's identity. In the absence of technical safeguards, it is
 impossible for the person whose identity has been stolen to deny that they
 sent the fraudulent e-mail.
     This kind of fraud is a growing problem for online banking and credit card
 transactions. In the health care field, the fraud will pose a serious threat
 to patient confidentiality if the sender can spoof the identity of a physician
 in order to, for example, obtain confidential medical information or purchase
 controlled products over the Web.
     Fears about the lack of online security have discouraged physicians and
 other health care providers from using the Internet to transmit
 patient-identifiable information such as medical bills, colleague-to-colleague
 consultations, and e-commerce orders. With the proper security tools, however,
 physicians can be assured that every time they e-mail a patient, exchange
 patient information with a colleague, go online to buy regulated medical
 supplies such as syringes, or bill an HMO, they are communicating with the
 party they intended to, and the information they transmit is accessible to the
 intended recipient only.
     While the financial community has used similar technology behind these
 certificates for years (as has the Department of Defense to encrypt military
 information), MEDePass is the first to secure medical information using what
 is known as "public key infrastructure." Other entrants in the race to protect
 medical communications include the AMA and other private vendors.
     "The key to protecting the confidentiality of health care information,"
 Jack Lewin, M.D., MEDePass CEO and CMA Executive Vice President says, "is to
 ensure and protect physician identities. Physicians are at the center of all
 health care communications -- with their patients, their colleagues,
 hospitals, health plans, government agencies, and a growing number of e-health
 vendors and applications.
     "Patients must be confident that when their physicians transmit sensitive
 medical information, both the physician's identity, and the identities of the
 physicians the information is sent to, are firmly established -- and that the
 information is safe from prying eyes."
     To earn the confidence of physicians and their patients, MEDePass is
 partnering with state medical associations, building on their relationships
 with local medical communities to guarantee that only fully licensed and
 qualified physicians receive the MEDePass digital certificates. Physician
 associations in Massachusetts, Pennsylvania, Virginia, Missouri, Wisconsin,
 Nevada, Oregon and Washington have shown strong interest in using the MEDePass
 model to secure their physicians' communications. The Social Security
 Administration, the multi-state St. Joseph's Health System, and Kaiser
 Permanente have agreed to recognize MEDePass certificates as online physician
     Significantly, MEDePass digital certificates will be owned and controlled
 by the physician community. Other online security solutions would put such
 control in the hands of private corporations. The MEDePass model, which will
 be fully compliant with the new HIPAA regulations, provides the level of
 assurance that patients, physicians and other participants in the health care
 field need to feel fully confident about sharing information electronically.
     California physicians who wish to pre-register for MEDePass digital
 certificates can do so at http://www.medepass.com .
     Dedicated to the health of all Californians, CMA represents more than
 34,000 California physicians from all regions, modes of practice and medical

SOURCE California Medical Association