How are folks addressing the authentication of providers (or their staff) into an IVR system that provides eligibility information about members? This question can also be generalized to any means of communication - how do you authenticate a live caller who claims to be from a provider office, or a web user?
The IVR system in question is typically used to check eligibility on the spot for a presenting patient. It can be a contracted or non-contracted provider calling the IVR, so maybe the provider is known in some way to the healthplan or maybe not. Requiring that the provider register in some fashion to be able to get eligibility information from an IVR seems to be reasonable so long as current capability is still available while performing the registration process. One of the things we're kicking around is allowing a non-registered provider to receive extremely basic information (eligible Y/N, since what date, copay =$x), and maybe not even confirm back the name of the member whose ID was entered, just confirm what number was entered. For a registered provider who identifies him/herself via a login & PIN, we would confirm back the member's name, provide all the basic information plus whatever else is appropriate. Any thoughts? Maria Hatz HIPAA Project Management This electronic message transmission, including any attachments, contains information from PacifiCare Health Systems Inc. which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. If you have received this electronic transmission in error, please notify the sender immediately by a "reply to sender only" message and destroy all electronic and hard copies of the communication, including attachments. --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-privacy as: archive@mail-archive.com To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org