Health, Technology, Identity, and the Regulatory Environment
Health has both technology and identity ramifications.
- Health has technology ramifications because of all of the technologies used by the health industry—including an increasing reliance on artificial intelligence.
- Health has identity ramifications because we need to know who is receiving healthcare, who is providing healthcare, and who is accessing our healthcare records.
Combine these ramifications with the regulatory environment, and health and healthcare quickly become complex.
Additional Information on Health
Here is a sampling of what John E. Bredehoft of Bredemarket has written on the topic of Health.
(9/4/2025) In Health, Benefits of Identity Assurance Level 2 (IAL2) are CLEAR
Among the listed benefits of the partnership are enhanced security:
“CLEAR1 meets NIST’s Identity Assurance Level 2 (IAL2) standards, a rare feat in the healthcare sector, ensuring robust protection against fraud.”
But is IAL2 that rare in healthcare?
Other vendors, such as Proof, ID.me, and Nametag certainly talk about it.
And frankly (if you ignore telehealth) the healthcare field is ripe for IAL3 implementation.
More at https://bredemarket.com/2025/09/04/in-health-benefits-of-identity-assurance-level-2-ial2-are-clear/
(8/30/2025) Stuck at Second: Syneos Health Setback in India
I last discussed Syneos Health on August 15, in a popular post on early stage commercialization. When I checked for recent news I discovered that Syneos Health received a commercialization setback in India for the QL2107 Injection.
More at https://bredemarket.com/2025/08/30/stuck-at-second-syneos-health-setback-in-india/
(8/15/2025) Pharma Early Stage Commercialization With Syneos Health
While I’ve previously addressed pharma commercialization in terms of ensuring that patients use (and purchase) their medications, commercialization occurs long before that. After all, for a prescription drug to be available on the market, it has to get to the market in the first place.
Here’s how Syneos Health presents the issue…
More at https://bredemarket.com/2025/08/15/pharma-early-stage-commercialization-with-syneos-health/
(8/14/2025) Artificial Intelligence Body Farm: Google AI Grows a Basilar Ganglia
Last month I discussed Google’s advances in health and artificial intelligence, specifically the ability to MedGemma and MedSigLIP to analyze medical images. But writing about health is more problematic. Either that, or Google AI is growing body parts such as the “basilar ganglia.”
More at https://bredemarket.com/2025/08/14/google-ai-basilar-ganglia/
(8/9/2025) Pharmacy Product Marketing to the Proper Hungry People
Health marketing leaders know that pharmacy product marketing can be complex because of the many stakeholders involved. Depending upon the product or service, your hungry people (target audience) may consist of multiple parties.
More at https://bredemarket.com/2025/08/09/pharmacy-product-marketing-to-the-proper-hungry-people/
(7/27/2025) I’m Bot a Doctor, Google MedGemma and MegSigLIP Edition
So I wanted to see how Google offered MedGemma and MedSigLIP. So I found Google’s own July 9 announcement.
In the announcement, Google asserted that their tools are privacy-preserving, allowing developers to control privacy. In fact, developers are frequently mentioned in the announcement. Yes, developers.
More at https://bredemarket.com/2025/07/27/im-bot-a-doctor-google-medgemma-and-medsiglip-edition/
(7/23/2025) I’m Bot a Doctor: Consumer-grade Generative AI Dispensation of Health Advice
In the United States, it is a criminal offense for a person to claim they are a health professional when they are not. But what about a non-person entity?
More at https://bredemarket.com/2025/07/23/im-bot-a-doctor/
(7/15/2025) More On AI-Powered Electronic Health Records
There are actually several companies using AI or other technologies to improve EHR and EMR completion. Here’s a (woefully incomplete) list. Many of these companies also handle other practice management functions required by a medical practice, including intake, telehealth, and payments.
More at https://bredemarket.com/2025/07/15/more-on-ai-powered-electronic-health-records/
(7/14/2025) Increasing Speed and Accuracy of Electronic Health Record (EHR) Note Taking
Electronic health records (EHRs) can be a pain in a particular body part. But Tebra and other firms offer ways to automate portions of the record keeping process. And if these automations work, they also increase EHR accuracy.
(7/13/2025) AI-Analyzing Computed Tomography (CT) Scans
Tasks that used to take minutes or hours now only take seconds.
More at https://bredemarket.com/2025/07/13/ai-analyzing-computed-tomography-ct-scans/
(5/29/2025) Make America Hallucinate Again
Someone took a shortcut in researching and/or writing the MAHA paper…something that all the generative AI companies are saying is a perfectly wonderful thing to do. After all, you won’t lose your job to AI…you will lose your job to someone who uses AI’s “help.” Until AI hallucinates and puts organic food dye-free egg whites on your face.
More at https://bredemarket.com/2025/05/29/make-america-hallucinate-again/
(5/13/2025) What is Protected Health Information?
Many laws and regulations impact health information—not just the Health Information Portability and Accountability Act (HIPAA).
But what IS Protected Health Information?
More at https://bredemarket.com/2025/05/13/what-is-protected-health-information/
(3/25/2025) Verifying That Credential
You probably know the things that prove identity. A biometric modality, including the liveness of that modality. A government-issued identity document that matches the biometric. A sensible location (was the test taker in Ontario, California as expected?).
Now perhaps this is overkill for authenticating a proposal writer, but it may not be if you need a certified plumber.
Or a certified lawyer.
Or a certified doctor.
More at https://bredemarket.com/2025/03/25/verifying-that-credential/
(3/16/2025) Amazon One and Palm/Vein Identity Scanning in Healthcare: Does It Work?
I’ve previously discussed Amazon’s biometric palm/vein identity scanning efforts. But according to Dr. Sai Balasubramanian, M.D., J.D. in Forbes, Amazon is entering a new market, healthcare.
“Amazon announced that it is partnering with NYU Langone to launch Amazon One, a contactless palm screening technology, throughout the health system.”
Which makes sense, as long as the medical professional isn’t wearing gloves. I don’t know if Amazon One can read veins through medical gloves.
(2/22/2025) Determined Perpetrator of Healthcare Violence
I don’t know that Oosto or even Evolv could have prevented this determined hospital attack in York, Pennsylvania.
More at https://bredemarket.com/2025/02/22/determined-perpetrator-of-healthcare-violence/
(2/7/2025) Injection Attack Detection
Note that injection attacks don’t only affect identity systems, but can affect ANY computer system. SentinelOne digs into the different types of injection attacks, including manipulation of SQL queries, cross-site scripting (XSS), and other types. Here’s an example from the health world that is pertinent to Bredemarket readers:
In May 2024, Advocate Aurora Health, a healthcare system in Wisconsin and Illinois, reported a data breach exposing the personal information of 3 million patients. The breach was attributed to improper use of Meta Pixel on the websites of the provider. After the breach, Advocate Health was faced with hefty fines and legal battles resulting from the exposure of Protected Health Information(PHI).
More at https://bredemarket.com/2025/02/07/injection-attack-detection/
(1/29/2025) Clean, the Cleanest I’ve Been (EtO)
There’s a critical difference between biometrics for identification and biometrics for health. Well, MOST biometrics for identification; what I’m about to say doesn’t apply to DNA.
When you capture biometrics from people, you don’t really care about cleanliness. If the person’s fingernails are dirty, you capture the fingerprints anyway. If the eye is infected, you capture the irises anyway.
But when you get into the healthcare arena, cleanliness is next to you-know-what.
And there are technologies for that.
More at https://bredemarket.com/2025/01/29/clean-the-cleanest-ive-been-eto/
(1/25/2025) Can an AI Bot Decipher Medicare?
I’m not the only person interested in AI applications in health. Kerry Langstaff is exploring various AI applications in a series of LinkedIn articles, and her recent article is entitled “How AI Became My Caregiving Superpower: Managing Medical Tests, Doctor Visits, and More.”
More at https://bredemarket.com/2025/01/25/can-an-ai-bot-decipher-medicare/
(1/25/2025) Apple Watch is a Passive Verb
Medical measurements are often skewed by stress from the health experience itself. But if you’re already wearing an Apple Watch, and you always wear an Apple Watch, the passive nature of AFib data collection means you don’t even know you’re being measured.
More at https://bredemarket.com/2025/01/25/apple-watch-is-a-passive-verb/
(1/23/2025) Your LMM Pharmacy
On Threads, Dr. Jen Gunter called our attention to the newly-introduced H.R. 238, “To amend the Federal Food, Drug, and Cosmetic Act to clarify that artificial intelligence and machine learning technologies can qualify as a practitioner eligible to prescribe drugs if authorized by the State involved and approved, cleared, or authorized by the Food and Drug Administration, and for other purposes.”
Ultra-modern healthcare?
More at https://bredemarket.com/2025/01/23/your-lmm-pharmacy/
(1/15/2025) On Animal Health Privacy
Earlier this week I was discussing a particular veterinary software use case with an undisclosed person when I found myself asking how the data processing aspects of the use case complied with HIPAA, the U.S. Health Insurance Portability and Accountability Act.
Then I caught myself, realizing that HIPAA (previously discussed here) does not apply to dogs, cats, cows, or other animals….
More at https://bredemarket.com/2025/01/15/on-animal-health-privacy/
(1/14/2025) Why is Healthcare Identity Critical?
Oosto has highlighted two reasons why it’s critical to identify people in healthcare environments.
Healthcare facilities account for 42% of infant abductions…
Think about it. If all you need to identify yourself (or impersonate someone else) is your name and birthdate, a fraudster could easily gain access to a facility and abduct someone else’s child.
More at https://bredemarket.com/2025/01/14/why-is-healthcare-identity-critical/
(1/10/2025) NEC’s Other “Biometric” Information: Digital Pathology
When I interact with the worldwide company NEC, I am usually dealing with automated biometric identification systems (ABIS).
Of course, ABIS is only a small part of what NEC does. It’s also involved in healthcare.
Consider…artificial intelligence and deep learning-powered digital pathology (“a field involving the digitization and computational analysis of pathology slides”).
More at https://bredemarket.com/2025/01/10/necs-other-biometric-information-digital-pathology/
(12/28/2024) You Need FAT and SAT
On LinkedIn, I was just discussing the difference between a controlled study and a real-world test. Think of a NIST test vs. a benchmark.
Then I started talking about some of the post-contract signature tests in the automated biometric identification system world, including factory acceptance tests and site acceptance tests.
These tests are not unique to ABIS. Healthcare (the other biometric) conducts FAT and SAT also, as Powder Systems notes.
More at https://bredemarket.com/2024/12/28/you-need-fat-and-sat/
(12/20/2024) Adherence Does NOT Require 100% Compliance
Despite the questions about the 80% threshold, Philip Morisky’s basic point remains: you don’t have to take 100% of your medications to be considered adherent from a health perspective.
But I still maintain that for critically important medications, the IDENTITY of the person taking them needs to be known at a level very close to 100%.
More at https://bredemarket.com/2024/12/20/adherence-does-not-require-100-compliance/
(12/19/2024) Hospital Patient Facial Recognition
Of the various biometric modalities, face seems the most promising for the health use case, particularly for hospital patients.
- Fingerprints require you or a medical professional to move your finger(s) to a contact or contactless reader.
- Hand geometry is even more difficult.
- For iris or retinal scans, your eyes have to be open.
- For voice, you have to be awake. And coherent—I’m not sure if a person can be identified by a moan of pain.
- DNA takes at least 90 minutes.
- Gait? Um…no.
More at https://bredemarket.com/2024/12/19/hospital-patient-facial-recognition/
(12/19/2024) Adherence and Identity
Let’s say you are told to take 4 pills a day for 7 days, and the pharmacy gives you a prescription for 28 pills. A week later all the pills are gone.
Does this demonstrate patient adherence to health instructions?
Absolutely not.
Maybe you flushed all 28 pills down the toilet and didn’t ingest a single one.
Or maybe you have been giving some pills to your wildebeest.
In the ideal world, you would want to ensure that the medication was taken by the correct patient, not by a toilet or a wildebeest.
More at https://bredemarket.com/2024/12/19/adherence-and-identity/
(12/17/2024) KYV: Know Your (Healthcare) Visitor
I was recently visiting a loved one in a facility that required identification of visitors. The usual identification method was to present a driver’s license at the desk. The staffer would then print out a paper badge showing the visitor’s name and the validity date.
Like this…
So John “Bederhoft” (sic) enjoyed access that day. Whoops.
More at https://bredemarket.com/2024/12/17/kyv-know-your-healthcare-visitor/
(12/4/2024) Medical Fraudsters: Birthday Party People
I’ve talked about Protected Health Information (PHI) before. Sadly, the health information is not not protected that well, since fraudsters can acquire PHI very easily in some cases.
Sometimes REALLY easily.
For example, I could call a medical provider or go to a pharmacy and say that my name is Donald John Trump.
Do you know how many medical practitioners verify identities?
By asking for the person’s birthdate.
More at https://bredemarket.com/2024/12/04/medical-fraudsters-birthday-party-people/
(11/27/2024) Saving Money When Filling Prescriptions: Not You, The Companies
Healthcare is complicated. When most of us receive prescriptions from our doctor, either the doctor gives us a physical slip of paper with the prescription, or the doctor electronically sends the prescription to your pharmacy of choice. After that, you deal with the pharmacy yourself. Normally it goes smoothly. Sometimes it doesn’t.
More at https://bredemarket.com/2024/11/27/saving-money-when-filling-prescriptions-not-you-the-companies/
(11/11/2024) Dr. Jones MD, NPE
I have a telehealth appointment next week with a medical professional whom I have previously met. And I assume she will participate in the telehealth appointment.
In the future, of course, she may not.
More at https://bredemarket.com/2024/11/11/dr-jones-md-npe/
(10/5/2024) Educating the Fake Abbott Salesperson
A salesperson from Abbott just contacted me via LinkedIn InMail.
Well, she CLAIMED to be from Abbott. I’m not sure.
Anyway, she said she wanted to “get to know each other” because we are “in the same industry.”
Rather than dismissing the InMail out of hand as a #fraud #scam attempt with a #fakefakefake identity, I embraced the opportunity of a teachable moment…
More at https://bredemarket.com/2024/10/05/fake-abbott/
(6/3/2024) It’s Medicare Fraud Prevention Week
Of course my primary interest in the topic is ensuring that only the proper people can access Medicare data, preferably through a robust method of identity verification that uses multiple factors.
Not multiple modalities, especially ones that are well-known such as your Social Security Number and your mother’s maiden name.
Multiple factors, such as your government-issued driver’s license, your biometrics, and your geolocation.
More at https://bredemarket.com/2024/06/03/its-medicare-fraud-prevention-week/
(5/7/2024) LMM v. LMM (Acronyms Are Funner)
It turns out that the health people have a DIFFERENT definition of the acronym LMM. Rather than using it to refer to a large multimodal model, they refer to a large MEDICAL model.
As you can probably guess, the GenHealth.AI model is trained for medical purposes.
More at https://bredemarket.com/2024/05/07/lmm-vs-lmm-acronyms-are-funner/
(3/19/2024) A Few Thoughts on FedRAMP
The 438 U.S. federal agencies (as of today) probably have over 439 different security requirements. When you add state and local agencies to the list, security compliance becomes a mind-numbing exercise.
- For example, the U.S. Federal Bureau of Investigation has its Criminal Justice Information Systems Security Policy (version 5.9 is here). This not only applies to the FBI, but to any government agency or private organization that interfaces to the relevant FBI systems.
- Similarly, the U.S. Department of Health and Human Services has its Health Insurance Portability and Accountability Act (HIPAA) Security Rule. Again, this also applies to private organizations.
But I don’t care about those. (Actually I do, but for the next few minutes I don’t.)
More at https://bredemarket.com/2024/03/19/a-few-thoughts-on-fedramp/
(3/1/2024) Avoiding Deleterious Forensic Nursing
The Hippocratic Oath imposes duties on medical professionals, including this one:
I will follow that system of regimen which, according to my ability and judgment, I consider for the benefit of my patients, and abstain from whatever is deleterious and mischievous.
From https://www.health.harvard.edu/blog/first-do-no-harm-201510138421.
For people like me who do not use the word “deleterious” on a daily basis, it means “harmful often in a subtle or unexpected way.”
The dictates of the Hippocratic Oath lead us to forensic nursing (as defined by 1NURSE.COM), the invasive nature of some forensic techniques, and what companies such as Foster+Freeman are doing to minimize invasive evidence capture.
More at https://bredemarket.com/2024/03/01/avoiding-deleterious-forensic-nursing/
(2/17/2024) Personally Protected: PII vs. PHI
Now there’s obviously an overlap between personally identifiable information (PII) and protected health information (PHI). For example, names, dates of birth, and Social Security Numbers fall into both categories. But I want to highlight two things are are explicitly mentioned as PHI that aren’t usually cited as PII.
More at https://bredemarket.com/2024/02/17/personally-protected-pii-vs-phi/
(11/24/2023) Is Your Healthcare Bot Healthy For You?
A “hallucination” occurs when generative AI is convinced that its answer is correct, even when it is wrong. These hallucinations could be a problem—in healthcare, literally a matter of life or death.
More at https://bredemarket.com/2023/11/24/is-your-healthcare-bot-healthy-for-you/
(10/4/2023) As Digital “Health Certifications” Advance (sort of), Paper Health Certifications Recede
But as we continue to advance digital health identities, the United States is no longer producing a well-known physical identity document.
(8/15/2023) Communicating How Your Firm Fights Synthetic Identities
Industry experience. Perhaps you sell your identity solution to financial institutions, or educational instutions, or a host of other industries (gambling/gaming, healthcare, hospitality, retailers, or sport/concert venues, or others). You need someone with this industry experience.
More at https://bredemarket.com/2023/08/15/communicating-synthetic-identities/
(6/26/2023) From EUDCC to GDHCN: The Evolution of Vaccine Certificates
But according to Masha Borak at Biometric Update, the WHO is just recognizing that the “EU” Digital COVID Certificate has expanded far beyond the EU.
Stella Kyriakides, the European commissioner for health and food safety (announced) that the voluntary certificate program has already been taken up by almost 80 countries.From https://www.biometricupdate.com/202306/united-nations-taking-over-eu-covid-certificate-program-july-1
Last I checked there were not 80 countries in the EU. So this health standards thing took off after the initial hiccups. Although the Wikipedia list of non-EU adopting countries does not include two big players—the United States and China (the same two countries I cited in my August 2021 post).
Therefore, it made sense for WHO to get in on the act with its Global Digital Health Certification Network, allowing worldwide responses to post-COVID issues.
More at https://bredemarket.com/2023/06/26/eudcc-gdhcn/
(11/20/2021) The difference between biometrics and biometrics
Take the word “biometrics.” In my circles, people generally understand “biometrics” to refer to one of several ways to identify an individual.
But for the folks at Merriam-Webster, this is only a secondary definition of the word “biometrics.” From their perspective, biometrics is primarily biometry, which can refer to “the statistical analysis of biological observations and phenomena” or to “measurement (as by ultrasound or MRI) of living tissue or bodily structures.” In other words, someone’s health, not someone’s identity.
More at https://bredemarket.com/2021/11/30/the-difference-between-biometrics-and-biometrics/
(8/16/2021) Update on Covishield and the EUDCC, as long as you can prove you were born
Oh, and there’s another issue that Atick didn’t address, but which bears noting.
All of the health vaccination solutions listed above assume as a given that people will be the owners of a unique, government-authorized digital identity.
As I’ve noted elsewhere, there are people who are fervently opposed to this.
In my country, both some people on the left and some people on the right believe that “governmental digital identity” naturally equates to “governmental digital surveillance,” and that governments shouldn’t be abusing the data that they can obtain from all the vaccinations you get, all the places you travel, all the things you buy, and all the other things that you do.
(5/7/2021) The Digital Green Certificate (EU Green Pass), for and against
In this post I’ll explain what the Digital Green Certificate is, why some people think this health measure is essential to the continuance of civilization, and why some people think it destroys civilization as we know it.
Or something like that.
More at https://bredemarket.com/2021/05/07/the-digital-green-certificate-eu-green-pass-for-and-against/
(4/23/2021) There is a draft proposal (from GIPHT and CDISC) for vaccine certificate interoperability, but will the players pay attention?
I’ve gone on ad nauseum about the plethora of vaccine certificate options that are being developed by public and private entities.
Wouldn’t it be nice if all of these different options were able to talk to each other, so that my existing blue certificate would talk to health systems that require the orange certificate or the red certificate?
Bredemarket 