KYP is the new KYC: How Healthcare Organizations Can Address Medical Identity Fraud


With medical fraud on the rise, it’s critical that all sectors of healthcare have a Know Your Patient (KYP) process in place that properly screens and verifies their patients as close to real-time as possible to prevent getting scammed by a fraudster.

In recent months, the healthcare sector has been rocked by a series of high-profile cybersecurity incidents. Prospect Medical and HCA Healthcare, two of the largest healthcare groups in the U.S., were attacked, resulting in the exposed personal data of millions of patients. These attacks are just the latest examples of the escalating threat cybercriminals pose to the healthcare sector.

The scope of recent data breaches has also meant a surge in identity theft cases. The FTC’s website received more than 1.1 million identity theft reports in 2022. It’s highly likely this number will change for the worse this year. Now more than ever, healthcare institutions must know and trust that each patient is who they say they are. It’s critical that all sectors of healthcare have a Know Your Patient (KYP) process in place where they properly screen and verify their patients to prevent getting scammed by a fraudster.

The Severity of Medical Fraud

Given the nature of the healthcare industry and the sensitive data it stores in its systems, these institutions have been lucrative targets for cybercriminals for years. Personally identifiable information (PII) from names, addresses, Social Security numbers, and medical records is valuable to cybercriminals who can sell it on the black market or use it to commit identity theft. In addition to violating their privacy, victims also face potential financial risk if criminals get ahold of their credit card and bank account information. Should they require medical care, they are susceptible to receiving incorrect medical records, resulting in misdiagnosis. Doctors may even administer life-threatening healthcare and services not suitable for a patient’s medical condition.

What is KYP?

In the age of telehealth, patients can request and receive prescriptions and care without having any in-person contact with their provider. Without any verification procedures in place, it’s impossible for healthcare providers to know that the patient they are communicating with behind the screen is who they claim to be. This is where KYP programs come into play. Financial institutions employ a similar method, called Know Your Customer (KYC), to confirm their clients’ identities and prevent criminals from committing financial fraud and theft. KYP procedures have a similar goal, but instead, they prevent medical fraud like prescription and insurance fraud, in addition to ensuring their patients are of legal age to obtain certain medications and procedures.

See also: Next-Gen Online Fraud Detection: The Journey is the Destination

Building a KYP Program

The digital onboarding process has two requirements that must be met. On the one hand, it must be able to accurately confirm patients’ identities for the institution, and on the other, it must be a seamless and frictionless experience for the patient to avoid any frustrations with the process.

There are five key steps to building a strong KYP program:

  • Step 1: When the patient creates an account online, they must provide a government-issued ID, such as their passport or driver’s license. This can be captured through their computer’s webcam or smartphone. Then, they will be prompted to take a live selfie to ensure the user behind the screen belongs to the ID document.
  • Step 2: Organizations must confirm that the person in the selfie matches the picture on the ID and that the ID document is legitimate and not altered in any way.
  • Step 3: Institutions should leverage fraud detection analytics to ensure the identity meets any minimum age requirements and isn’t involved with fraudulent activity to reduce the potential for risks and losses.
  • Step 4: Pharmacies, hospitals, clinics, and medical offices can now deny or approve the patient’s new online account and any attempted purchases based on the results.
  • Step 5: Once the patient’s online account is approved, pharmacies and offices can approve online treatment and prescription requests in the future by prompting the user to take a new selfie upon every login. Online identity verification technology, like biometric-based authentication, can verify the patient’s identity by comparing the new selfie to the one that was captured during account creation. This ongoing process will ensure the user is the same one who created the account and not a fraudster logging in with stolen credentials.

KYP as the Future of Healthcare

While cybersecurity incidents themselves may not always be avoidable, medical fraud can often be prevented. By adopting a KYP program that carefully vets and authenticates every online user, healthcare organizations can protect their patients’ identities. This process will soon become a critical function of the healthcare sector as data breaches and other cybersecurity incidents threaten consumer privacy and security.

Bala Kumar

About Bala Kumar

As Chief Product Officer of Jumio, Bala Kumar is responsible for the company’s product vision and strategy and is leading the execution of Jumio’s digital identity platform. A former TransUnion executive, he brings more than two decades of product innovation and leadership experience to Jumio.

Leave a Reply

Your email address will not be published. Required fields are marked *