health – Page 4 – Bredemarket

Why is Healthcare Identity Critical?

Oosto has highlighted two reasons why it’s critical to identify people in healthcare environments.

Healthcare facilities account for 42% of infant abductions…

Think about it. If all you need to identify yourself (or impersonate someone else) is your name and birthdate, a fraudster could easily gain access to a facility and abduct someone else’s child.

(H)ealthcare workers experience violence—both physical and verbal—at a shockingly 5 times higher rate than other industries. This violence accounts for up to 73% of all nonfatal workplace injuries caused by violence.

Again, if you don’t know who you’re dealing with, bad things can happen. I’ll admit that identity verification doesn’t solve this-people can attack healthcare workers even if their identities are known-but the danger of unidentified assaults is great.

Oosto discusses these and other healthcare topics in a recent podcast: “Healthcare Under Pressure: Bringing a Championship Mindset to Healthcare Security.“

NEC’s Other “Biometric” Information: Digital Pathology

(Image: AI-predicted cell detection results of Biomy’s DeepPathFinder™. From the January 10, 2025 NEC press release.)

When I interact with the worldwide company NEC, I am usually dealing with automated biometric identification systems (ABIS).

Of course, ABIS is only a small part of what NEC does. It’s also involved in healthcare.

Consider…artificial intelligence and deep learning-powered digital pathology (“a field involving the digitization and computational analysis of pathology slides”).

Per today’s press release:

“NEC Corporation (NEC; TSE: 6701) and Biomy, Inc. (Biomy) have signed a Memorandum of Understanding (MoU) for a joint marketing partnership to develop and expand artificial intelligence/deep learning (AI/DL)-based analytical platforms in the field of digital pathology. Through this partnership, the two companies aim to promote precision medicine for cancer patients and contribute to the advancement of the healthcare industry.”

So what is Biomy contributing?

“Biomy, which aims to realize personalized medicine through pathological AI technology, has developed DeepPathFinder™, a proprietary, cloud-based, AI/DL automated digital pathology analytical platform.”

And NEC?

“NEC has positioned healthcare and life sciences as a core pillar of its growth strategy. With a strong foundation in image analysis and other AI technologies, NEC has a long history of providing medical information systems such as electronic medical records to healthcare institutions.”

As I’ve said before, healthcare must deal with privacy concerns (protected health information, or PHI) similar to those NEC addresses in its other biometric product line (personally identifiable information, or PII). I personally can’t do nefarious things if I fraudulently acquire your digital pathology slide, but some bad actors could. Presumably the Biomy product is well protected.

Know Your…Everyone

It all started with “Know Your Customer,” a shorthand phrase used by financial institutions and related entities who need to know who their customers are.

But then various governments, industries, and entities got into the act with their own variants, such as “Know Your Business.”

I was curious about how many of these “know your” variants I’ve discussed in the Bredemarket blog. Here’s what I found:

Know Your Business. Who is actually running your business? Putin?
Know Your Competitor. Bredemarket can help with that.
Know Your Customer. We don’t live in small towns any more.
Know Your (LinkedIn) InMailer. LinkedIn has a problem with InMails from fake people.
Know Your Recruiter. Also here. Especially the fake ones.
Know Your Teacher. Especially the fake ones.
Know Your (Healthcare) Visitor. Who is visiting your patients or interacting with your medical staff?

I’m sure I’ll come up with some others.

You Need FAT and SAT

On LinkedIn, I was just discussing the difference between a controlled study and a real-world test. Think of a NIST test vs. a benchmark.

Then I started talking about some of the post-contract signature tests in the automated biometric identification system world, including factory acceptance tests and site acceptance tests.

These tests are not unique to ABIS. Healthcare (the other biometric) conducts FAT and SAT also, as Powder Systems notes.

“When manufacturing complex machinery in industries such as pharmaceuticals or fine chemicals, extensive equipment testing must be carried out before commissioning.

“It requires thorough functional, performance, and safety tests of intricate systems. These may comprise many components and interdependencies. Challenging though it may be, these must be systematically assessed before they’re put into operation. This approach is broadly known as acceptance testing.

“There are many forms of acceptance testing. Two closely related approaches that often come in for confusion are Factory Acceptance Testing (FAT) and Site Acceptance Testing (SAT). Both are critical stages in the verification and validation of equipment and systems within industrial and manufacturing contexts. However, they differ significantly in terms of location, timing, purpose, scope, participants, outcomes, and testing environment.”

You should read the entire article to learn about the significant differences between the two test types. But let me highlight one point:

“Factory acceptance testing typically involves a more rigorous and comprehensive testing process. This testing procedure includes the detailed verification of system components to ensure they function correctly and meet design specifications.”

This is based on the fact that it’s less costly to fix problems early at the factory than to fix them later out in the field.

Whether you’re testing pharmaceutical machinery or ABIS, both factory and site acceptance tests are absolutely critical. Skipping one of the two tests does not save costs.

What Coauthor “Wrapped” About My LinkedIn Activity

So I checked out Coauthor’s me-too LinkedIn-themed copycat of Spotify Wrapped, like many of you did. Here’s the (unedited) post it wrote for me—not too bad:

= = =

Here’s my 2024 LinkedIn Rewind, by Coauthor.studio:

After 30 years in identity and biometrics, 2024 showed me that verification only goes so far. The real challenge isn’t just confirming who someone is – it’s understanding what they might do.

From employment fraudsters with verified credentials to healthcare imposters with stolen birthdates, this year proved that identity verification alone can’t prevent deception. But it also showed how combining technical expertise with human insight can help protect organizations and individuals.

Key observations from 2024:

Identity verification without intent analysis is incomplete

Employment fraud evolves faster than verification methods

Healthcare identity remains dangerously vulnerable

The best fraud prevention combines technology and psychology

Product marketing must address both verification and trust

Three posts that captured these themes:

“Employment Fraud and Identity Verification”

On why verifying someone’s identity only goes so far

https://www.linkedin .com/feed/update/urn:li:activity:7268454996734545921/

“Rich Powaza’s Disappearance”

Real consequences of fraudulent behavior

https://www.linkedin .com/feed/update/urn:li:activity:7253092940393193472/

“Get Off My Lawn”

Changing workplace norms and responsibilities

https://www.linkedin .com/feed/update/urn:li:activity:7262320817898758145/

Through Bredemarket, I delivered over 100 content and analysis projects helping organizations navigate these challenges. I also conducted research on employment fraud tactics and moderated communities helping others avoid scams.

Looking ahead: 2025 will require even more sophisticated approaches to identity verification and fraud prevention. The fraudsters aren’t going away – but neither am I. I’ll continue helping organizations implement effective identity strategies while advocating for ethical AI use and employment practices.

To the wildebeests following along: remember that verification is just the start. The real value comes from understanding intent and building trust.

#fraud #identity #security #productmarketing

—

Get your 2024 LinkedIn Rewind! Go to coauthor.studio

Adherence Does NOT Require 100% Compliance

(Green and red medicine bottle image from Google Gemini)

As many of you know, I spend the majority of my time in identity/biometrics, where in some cases a 99% accuracy rate is considered woefully inadequate. Imagine if your bank had a million customers and 10,000 of them couldn’t login…or 10,000 fraudsters COULD log in. The bank would throw a fit with its biometric vendor.

So perhaps my experience resulted in…um, bias when I wrote the following in my recent post on adherence and identity:

“Let’s say you are told to take 4 pills a day for 7 days, and the pharmacy gives you a prescription for 28 pills. A week later all the pills are gone.

“Does this demonstrate patient adherence to health instructions?”

Perhaps you spotted the implicit assumption that taking 28 of 28 pills (100%} constitutes adherence, while taking 27 of 28 pills (96.4%} constitutes NON-adherence.

Tain’t so, Sherlock, as Philip Morisky pointed out in a comment on my LinkedIn post on adherence and identity. He said, in part:

“…the threshold at 80% means that even if you do not have access to the medication for 6 out of 30 days, you are still considered adherent.”

Morisky presumably knows what he’s talking about, since he works for a company called…adherence. And Philip’s father, Dr. Donald Morisky, developed the Morisky Medication Adherence Scale (MMAS) for medication self-reporting.

But what of this 80% threshold?

It’s commonly cited…like the statement that 30% of crime scene latent prints come from palms.

But the 80% adherence threshold is not universally accepted, as this National Library of Medicine study notes.

“Based on Haynes’s early empirical definition of sufficient adherence to antihypertensive medications as taking ≥80% of medication, many researchers used this threshold to distinguish adherent from non-adherent patients. However, we propose that different diseases, medications and patient’s characteristics influence the cut-off point of the adherence rate above which the clinical outcome is satisfactory (thereafter medication adherence threshold).”

This particular study concluded that…more research is needed.

“…we cannot reject or confirm the validity of the historical 80% threshold. Nevertheless, the 80% threshold was clearly questioned as a general standard.”

Despite the questions about the 80% threshold, Philip Morisky’s basic point remains: you don’t have to take 100% of your medications to be considered adherent from a health perspective.

But I still maintain that for critically important medications, the IDENTITY of the person taking them needs to be known at a level very close to 100%.

Hospital Patient Facial Recognition

(Hospitalized wildebeest facial recognition image from Google Gemini)

It’s no secret that I detest the practice of identifying a patient by their name and birthdate. A fraudster can easily acquire this knowledge and impersonate a patient.

The people that I hang around with promote biometrics as a better solution to authentication of a hospital patient whose identity was previously verified. Of course, this crowd promotes biometrics as the solution to EVERYTHING. My former Motorola coworker Edward Chen has established a company called Biometrics4ALL.

But the need to identify patients is real. Are you about to remove Jane’s appendix? You’d better make sure that’s Jane on the operating table. And yes, that mistake has happened. (The hospital was very sorry.)

Of the various biometric modalities, face seems the most promising for the health use case, particularly for hospital patients.

Fingerprints require you or a medical professional to move your finger(s) to a contact or contactless reader.
Hand geometry is even more difficult.
For iris or retinal scans, your eyes have to be open.
For voice, you have to be awake. And coherent—I’m not sure if a person can be identified by a moan of pain.
DNA takes at least 90 minutes.
Gait? Um…no.

Unlike the other modalities, the patient doesn’t have to do anything for facial recognition. Even if asleep or sedated, a medical professional can capture an image of a patient’s face. There are some accuracy considerations; I don’t know how well the algorithms work with closed eyes or a wide open mouth. But it looks promising.

Imprivata agrees that facial recognition is a valuable patient identification method.

“By capturing and analyzing unique facial characteristics such as the distance between the eyes and the shape of the nose, this technology can generate a unique identifier for each patient. This identifier is then linked to the patient’s electronic health record (EHR), ensuring that medical staff access the correct records. This method significantly reduces the risk of misidentification and the occurrence of duplicate records, thereby enhancing patient safety.”

However, I can think of one instance in which patient facial recognition would be challenging.

Burn victims.

If the patient were enrolled before the injury, the combination of disfigurement and bandaging would limit the ability to compare the current face to the previously enrolled one.

But this can be overcome. After all, we figured out how to recognize the faces of people wearing masks.

Adherence and Identity

(Wildebeest patient image from Google Gemini)

Adherence

In healthcare, “adherence” refers to a patient who complies with the recommendations of a medical professional. For example, if a doctor tells a diabetic to lay off the Double Big Gulp soft drinks, the patient should comply. A National Library of Medicine study explains why this is important:

“Patient adherence is vital for the quality of health care outcomes and treatment efficacy, and reduces the economic burden on the healthcare system.”

So if you don’t practice adherence, you could experience adverse health care outcomes…like death.

You would think that would be persuasive enough, but we have to mention “the economic burden.” But it’s sadly true. If a patient is treated multiple times for the same preventable condition, that’s money down the drain. Or bedpan.

But there’s a big hole in adherence measurement.

Adherence measurement

Let’s say you are told to take 4 pills a day for 7 days, and the pharmacy gives you a prescription for 28 pills. A week later all the pills are gone.

Does this demonstrate patient adherence to health instructions?

Absolutely not.

Maybe you flushed all 28 pills down the toilet and didn’t ingest a single one.

Or maybe you have been giving some pills to your wildebeest.

(Medicated wildebeest image from Google Gemini)

In the ideal world, you would want to ensure that the medication was taken by the correct patient, not by a toilet or a wildebeest.

When adherence identity is important

I will grant that this is ridiculous for a vitamin.

But what about a chemotherapy drug? How will you know that the right patient is taking it and adhering to the medical plan?

Will you ask the patient for their name and date of birth, and consider your adherence monitoring job done?

Give me a…fracture.

KYV: Know Your (Healthcare) Visitor

Who is accessing healthcare assets and data?

Healthcare identity verification and authentication is often substandard, as I noted in a prior Bredemarket blog post entitled “Medical Fraudsters: Birthday Party People.” In too many cases, all you need to know is a patient’s name and birthdate to obtain fraudulent access to the patient’s protected health information (PHI).

But healthcare providers need to identify more than just patients. Providers need to identify their own workers, as well as other healthcare workers.

Know Your Visitor

Healthcare providers also need to identify visitors. When a patient is in a hospital, a rehabilitation facility, or a similar place, loved ones often desire to visit them. (So do hated ones, but we won’t go there now.)

I was recently visiting a loved one in a facility that required identification of visitors. The usual identification method was to present a driver’s license at the desk. The staffer would then print out a paper badge showing the visitor’s name and the validity date.

Like this…

So John “Bederhoft” (sic) enjoyed access that day. Whoops.

Oh, and I could have handed my badge to someone else after a shift change, and no one would have been the wiser.

Let’s apply “somewhat you why”

There’s a more critical question: WHY was John “Berdehoft” visiting (REDACTED PHI)? Was I a relative? A friend? A bill collector?

My proposed sixth factor of identity verification/authentication, “somewhat you why,” would genuinely help here.

Somewhat you why “applies a test of intent or reasonableness to any identification request.”

Maybe I should have said “and” instead of “or.”

Visiting a relative shows intent AND reasonableness.
Visiting a debtor shows intent but (IMHO) does NOT show reasonableness.

Do you need to analyze healthcare identity issues for your healthcare product or service? Or create go-to-market content for the same? Or proposals?

Contact me at Bredemarket’s “CPA” page.

Hospital-acquired Delirium is Only Temporary

Until recently I had never heard of hospital-acquired delirium before. From UCLA Health:

“(T)he type of confusion you describe isn’t unusual in older adults who have been hospitalized. Sometimes referred to as hospital-acquired delirium, it’s a temporary but severe form of mental impairment that affects up to one-third of patients over the age of 70, particularly those undergoing surgery or those in intensive care. The condition is marked by periods of confused thinking, jumbled memory, difficulty understanding speech, agitation, disorientation and even hallucinations.

“The duration of hospital-acquired delirium can be as brief as a few hours or…can continue for several days.”