Idea: Patient OTP Verification in openIMIS Claims Workflow
Content
Summary
Integrating an OTP verification step into the openIMIS claims workflow adds a crucial layer of security by requiring real-time patient consent at the point of care. Before a healthcare provider can finalize and submit a claim to the national insurance fund, the central system sends a temporary SMS code to the patient, who must provide it to the billing clerk to authorize the transaction. This simple authentication mechanism ensures the beneficiary is physically present and agrees to the billed services, effectively eliminating common fraud like "ghost billing" and upcoding while protecting health financing pools from massive financial leakage.
Overview
Process Group: Knowledge Management & User Support |
| |
|---|---|---|
Function | Function: Development & Community Engagement |
|
Source | Source: Analysis from potential implementation countries |
|
Related |
|
|
Prioritisation
Score |
|
|---|---|
Current Relevance |
|
Future Relevance |
|
Global Good |
|
Local Funding |
|
Patient OTP Verification in openIMIS Claims Workflow
1. Overview
This documentation outlines the integration of a One-Time Password (OTP) verification module into the openIMIS (Insurance Management Information System) claims workflow. By requiring patients to authenticate claims via their mobile devices at the point of checkout, the system ensures that the national insurance authority only processes claims that have been explicitly verified by the beneficiary receiving the care.
2. Background & Problem Statement
In traditional digital health insurance platforms, claims are processed based entirely on data submitted by the healthcare provider. This creates a critical validation blind spot: the central payer has no real-time method to verify if the patient was physically present or if they actually received the billed services.
Without patient-level authentication at the point of service, the system is highly vulnerable to phantom billing, upcoding, and data entry errors, leading to significant financial leakage for the national health fund.
3. Primary Objectives
The implementation of the OTP verification step is designed to achieve the following:
Enforce Explicit Consent: Ensure no medical claim is submitted to the national fund without the beneficiary’s real-time approval.
Establish Non-Repudiation: Create a secure, unalterable digital audit trail confirming patient attendance.
Bridge Payer-Beneficiary Disconnect: Open a direct communication channel (SMS/USSD) between the Central Payer and the Insuree at the exact moment of care.
Maintain Operational Efficiency: Integrate smoothly into existing openIMIS and EMR workflows without creating significant bottlenecks at hospital checkout desks.
4. Functional Workflow (Step-by-Step)
The OTP verification process integrates directly into the standard patient journey within openIMIS.
Step 1: Admission & Registration
The patient arrives at the healthcare facility. The registration desk verifies their identity and active policy status via their insurance ID or National ID within openIMIS. The system retrieves and confirms the patient's registered mobile phone number.
Step 2: Care Delivery & Claim Generation
The patient receives consultations, diagnostics, or medications. During checkout, the billing clerk or healthcare provider compiles these services into a digital claim draft within the openIMIS system.
Step 3: Triggering the OTP
When the provider initiates the "Submit Claim" action, openIMIS intercepts the request. The claim is placed in a temporary “Pending Verification” state. An API call is automatically triggered to the Central National Insurance system.
Step 4: OTP Dissemination & Patient Confirmation
The central system generates a secure, time-sensitive OTP and sends it via SMS to the patient’s registered mobile number.
Example SMS: "Your OTP to approve a claim of $50 at City Hospital is 4829. Do not share this code unless you received these services."
The patient provides this code to the checkout clerk.
Step 5: Final Verification and Submission
The clerk inputs the OTP into openIMIS. The system cross-references the code with the Central Payer's server. Upon a successful match, the claim status upgrades to “Submitted” and enters the standard adjudication queue.
5. Claim Controls & Exception Handling
To ensure the system remains resilient and does not deny care due to technical issues, strict operational controls are embedded into the module:
Control Feature | System Behavior |
Time-to-Live (TTL) | OTP codes automatically expire after a defined window (e.g., 10 minutes) to prevent delayed, off-site, or fraudulent entries. |
Rate Limiting | OTP generation is capped (e.g., maximum 3 attempts per claim) to protect against point-of-sale brute-force attacks and reduce SMS gateway costs. |
Fallback / Bypass Protocol | In the event of a network outage or if a patient lacks mobile access, authorized hospital supervisors can bypass the OTP using a manual justification code. Claims submitted via the bypass protocol are automatically flagged by openIMIS for High-Risk Post-Adjudication Audit. |
6. Anti-Fraud Mechanisms (Minimizing False Claims)
By shifting verification to the point of service, the OTP module acts as a primary defense against common healthcare fraud topologies:
Eliminating "Ghost Claims" (Phantom Billing): Providers cannot generate claims using stolen or leaked insurance IDs. The physical presence of the patient, and access to their mobile device, is strictly required to release the funds.
Deterring Upcoding and Unbundling: Because the OTP message includes a summary of the costs or services, patients act as auditors. Providers are disincentivized from adding unauthorized medications or inflating service tiers.
Breaking Collusion Loops: Internal fraud, where rogue hospital staff create and approve false claims in isolation, is neutralized since external validation is strictly required.
7. Systemic Impact on Health Financing
Integrating patient-driven verification fundamentally improves the economics of national health financing:
Financial Sustainability & Reduced Leakage
By preemptively stopping fraudulent and inflated claims, national insurance pools retain critical capital. These savings can be directly reinvested into expanding benefit packages, lowering premiums, and accelerating Universal Health Coverage (UHC) initiatives.
Data Integrity for Strategic Purchasing
Real-time verification provides the central insurance board with highly accurate facility utilization data. Administrators can confidently use this data for performance-based financing, targeted capital distribution, and structured national budgeting.
Shifting the Administrative Burden
Historically, health funds spend massive amounts of time and money on retroactive audits, manual fraud detection, and legal efforts to claw back disbursed funds. This system shifts the paradigm: fraud prevention occurs before disbursement, drastically reducing the back-end administrative burden on the national payer.