SAN FRANCISCO, June 29 /PRNewswire/ -- Soon-to-be-implemented health care
privacy laws passed by Congress in 1996, along with an increased threat of
e-mail tampering, has lit a fire under the medical profession's search for a
system to ensure secure electronic transmission of sensitive medical
MEDePass, Inc., the California Medical Association's high tech start-up,
yesterday became the first company in the U.S. to offer a solution to online
security concerns when it issued its first digital certificate (computer files
that act as electronic identification cards, or signatures). The certificates
enable physicians and others in the health care industry to verify their
online identities and conduct protected electronic communications via e-mail
and the Internet.
As federal Health Insurance Portability and Accountability Act (HIPAA)
regulations go into effect over the next few years, physicians, health plans,
insurers, e-commerce health care vendors -- in fact, all sectors of the
medical community -- must have a technology system in place to protect the
confidentiality of medical information. Failure to comply with HIPAA
regulations carries federal penalties as high as $250,000 and/or ten years in
Even without federal requirements, physicians, other health care
providers, and their patients have come to realize that e-mail and other
Internet-based communication is subject to tampering. Anyone with basic
technical savvy can "spoof" an e-mail address to make it appear as if the
sender is someone known to the recipient -- in effect stealing the e-mail
address holder's identity. In the absence of technical safeguards, it is
impossible for the person whose identity has been stolen to deny that they
sent the fraudulent e-mail.
This kind of fraud is a growing problem for online banking and credit card
transactions. In the health care field, the fraud will pose a serious threat
to patient confidentiality if the sender can spoof the identity of a physician
in order to, for example, obtain confidential medical information or purchase
controlled products over the Web.
Fears about the lack of online security have discouraged physicians and
other health care providers from using the Internet to transmit
patient-identifiable information such as medical bills, colleague-to-colleague
consultations, and e-commerce orders. With the proper security tools, however,
physicians can be assured that every time they e-mail a patient, exchange
patient information with a colleague, go online to buy regulated medical
supplies such as syringes, or bill an HMO, they are communicating with the
party they intended to, and the information they transmit is accessible to the
intended recipient only.
While the financial community has used similar technology behind these
certificates for years (as has the Department of Defense to encrypt military
information), MEDePass is the first to secure medical information using what
is known as "public key infrastructure." Other entrants in the race to protect
medical communications include the AMA and other private vendors.
"The key to protecting the confidentiality of health care information,"
Jack Lewin, M.D., MEDePass CEO and CMA Executive Vice President says, "is to
ensure and protect physician identities. Physicians are at the center of all
health care communications -- with their patients, their colleagues,
hospitals, health plans, government agencies, and a growing number of e-health
vendors and applications.
"Patients must be confident that when their physicians transmit sensitive
medical information, both the physician's identity, and the identities of the
physicians the information is sent to, are firmly established -- and that the
information is safe from prying eyes."
To earn the confidence of physicians and their patients, MEDePass is
partnering with state medical associations, building on their relationships
with local medical communities to guarantee that only fully licensed and
qualified physicians receive the MEDePass digital certificates. Physician
associations in Massachusetts, Pennsylvania, Virginia, Missouri, Wisconsin,
Nevada, Oregon and Washington have shown strong interest in using the MEDePass
model to secure their physicians' communications. The Social Security
Administration, the multi-state St. Joseph's Health System, and Kaiser
Permanente have agreed to recognize MEDePass certificates as online physician
Significantly, MEDePass digital certificates will be owned and controlled
by the physician community. Other online security solutions would put such
control in the hands of private corporations. The MEDePass model, which will
be fully compliant with the new HIPAA regulations, provides the level of
assurance that patients, physicians and other participants in the health care
field need to feel fully confident about sharing information electronically.
California physicians who wish to pre-register for MEDePass digital
certificates can do so at http://www.medepass.com .
Dedicated to the health of all Californians, CMA represents more than
34,000 California physicians from all regions, modes of practice and medical
SOURCE California Medical Association