Which of the following is an acceptable method to verify the patients identity?

Once you identify what level of assurance you require, you can use these tips below to plan a method of verification, depending on the type of interaction.

Please remember NEVER to ask for a password, PIN, passphrase, or access code! Such codes are meant ONLY to be used by the individual they are assigned to, for logging into systems.

Verifying in person

Usually, verifying the person standing in front of you is the quickest, easiest, and most effective means of verifying identity. The most common method is to require at least one government-issued, photo ID card (e.g., driver's license, state ID card, or Passport) to be presented. This is something that the person has, so you meet the "something you have" category. If you take the time to compare the photo against the person, this method is also something the person is, so you meet the "something you are" category. A few tips on verifying with a photo ID:

• Document that you viewed a photo ID and what kind of ID it was, but because driver's license numbers are protected by information security and privacy laws, do NOT make a copy of the ID or write down the number, unless it is absolutely required to have a copy of such information to provide the service requested.
• Keep in mind that fake photo ID cards exist. Become familiar with the format of the government IDs you use for verification, and check the ID carefully. For example, almost all state driver's licenses have microprint on them, which is very hard to fake. Do a quick lookup online for the correct format of the ID number (for example, to check a state driver's license number format for a state you are not familiar with) to help spot fake numbers. For more information, read this article on How to Spot a Fake ID.
• If the photo on the ID is not clearly the person standing in front of you, or if you require more assurance that this is the person they say they are, consider requiring the individual to present a second ID, which may or may not include a photo. Examples include a Social Security card, credit card, utility bill with correct name and address on it, school ID card, etc. - but remember these are "something you have" means of verification, if they do not contain a photo. And again, do not make a copy of these documents or the identification numbers to retain, unless it is absolutely required to have a copy of such information to provide the service requested. Social Security numbers and credit card numbers are protected by information security and privacy laws.
• If you need a higher level of assurance you can add a "something you know" method to your process. Be careful to ensure, though, that what you ask in person is kept private and secure from others nearby. For example, if you need to ask for such information, consider having the person write it on a piece of paper for you to verify against the record, and then be sure to stick that paper in the shredder while the person is still there with you to see you do that. This way no one else will hear the information, or find it on the paper afterwards.

Cards and biometric readers

Proximity or swipe cards and biometric readers, usually fingerprint, handprint, or hand geometry scanners, are commonplace mechanical ways of providing automated, in-person identity verification. Note that the cards fall into the "something you have" category, while the biometrics fall into the "something you are" category.

Verifying via phone

Verifying identity over the phone requires "something you know" methods. The person doing the verifying will need access to a record about the individual requesting access or information.

• First, if you have caller ID, check that the phone number would be appropriate to the person calling - is it one of the numbers in the existing record you have about them? Is it the appropriate area code? If the call is from an organization, does the phone number begin with the correct standard numbers for that organization?
• If you need a higher level of assurance, tell the person you will call them back, then hang up and dial the number you have in your records. This way you know you are in control of the phone number you are connected to.
• Next, ask questions until you are satisfied the person is who they say they are. Ask a few standard questions such as name, address, and telephone number, but also be sure to ask for something that another person (including family members) is not likely to know. For example, in a higher education setting, consider asking the name of the instructor for a particular class the individual's records show the person took, or, ask what semester they took a certain class. Ask about any breaks in their attendance or classes they dropped which can be verified on the record with grades of “W.” In essence, ask questions from the record likely to be known only by the student and not likely to be known by someone else.
• Listen carefully to the voice and use common sense and intuition to help determine the validity and authenticity of the call - for example if the records show the person to be elderly but the voice sounds young, this could be a red flag. Is the caller's demeanor appropriate (for example, not pressuring you to respond too quickly to properly verify) and the justification for needing to verify over the phone reasonable? 
• Be creative when choosing these "something you know" questions, using the data available to you about the person, and be sure to ask enough that you are reasonably certain this is the person he or she claims to be.

Verifying online, in email or chat

Verifying in email or chat is challenging, due to the need to avoid documenting protected data such as Social Security number, driver's license number, and other identifying information, and due to the lack of strong controls on who can establish and use email and chat accounts. It is best to find another method to verify.

If you absolutely have to verify through email or chat, and you only need a minimum level of assurance that the person is who they say they are, use the following tips.

• Try asking the same sorts of questions outlined in the "Verifying via Phone" section, but don't ask for passwords, passphrases, Social Security numbers, credit card numbers, or driver's license numbers.
• You can also check the technical information supporting the communication. For example, in email, is the email address the message is coming from a legit address, and following a format you recognize as appropriate for the system they are sending from? In chat, is the username one you recognize? It's important not to rely completely on the email address or chat username, though, because those can be easily spoofed. This only provides a hint that the person may be who they claim to be.
• Consider initiating a new email or new chat thread by typing in the email or chat address you have in your records for the person, rather than replying to a message you received. This way you know you are in control of the address you are sending to. Unfortunately, you still do not have a way to truly verify that the person responding to the messages is the person who owns the email or chat account.
• For IU business, can you require that they email you from an IU email address, or use an IU chat service, for example, Lync? These are more reliable than free public email and chat accounts.
• A higher level of assurance is gained if you run a test first, by faxing a blank form or general information page to the number in your existing records, and asking the individual to email or call you back to let you know that the fax was received, or to fill out the form and fax it back.

  What is the purpose of the callback verification procedure?

  Callback verification is simple and low-tech, confirming with a phone call that an invoice or other request for payment is authentic. The procedure and the telephone number to be used are pre-established and are not communicated electronically, keeping the arrangements out of view of thieves.

  What is the definition of screening patient calls?

  Call screening is the practice of identifying incoming calls, and then using that information to decide what action to take.

  Which information item is not included on the patient information form?

  Patient information forms usually do not contain medical histories; these are most often completed on separate forms.)

  What is the purpose of a standard telephone pad?

  A telephone keypad is a keypad installed on a push-button telephone or similar telecommunication device for dialing a telephone number.