Healthcare fraud costs $36 billion per year. Telehealth fraud is accelerating. And every biometric verification system that stores patient data creates a new HIPAA liability. POY Verify proves patients are real humans without ever creating Protected Health Information.
Healthcare fraud is not a niche problem. At $36 billion annually in the United States alone, it represents one of the largest categories of financial crime in the country. And the problem is getting worse as healthcare delivery moves online.
Telehealth adoption exploded during the pandemic and has remained elevated since. But with the convenience of remote care came a new attack surface. An estimated 8% of telehealth appointments involve some form of fraud - fake patient accounts, identity theft for prescription access, phantom billing, and insurance claim manipulation.
The consequences extend beyond financial losses. Fraudulent patient accounts contaminate medical records, create dangerous drug interaction risks when prescriptions are obtained under stolen identities, and undermine the trust that patients and providers need for effective telehealth care.
One of the fastest-growing fraud vectors in healthcare is pharmacy benefit abuse. Bad actors create fake patient accounts to obtain controlled substance prescriptions through telehealth platforms, then fill them at multiple pharmacies. The DEA estimates that online prescription fraud has increased by over 300% since 2022.
Traditional patient verification - asking for insurance cards, government IDs, date of birth - does nothing to stop sophisticated fraud rings that have access to stolen identity packages. What these systems cannot do is confirm that a living, breathing human being is actually present at the other end of the connection.
Healthcare organizations face a unique regulatory challenge with biometric verification. Under HIPAA, biometric identifiers such as fingerprints, voiceprints, and facial images are classified as Protected Health Information (PHI) when associated with a patient's healthcare record. This means that any system that collects biometric data for patient verification must comply with HIPAA's full data handling requirements:
The average cost of a healthcare data breach reached $10.93 million in 2025 - the highest of any industry for the fifteenth consecutive year. Biometric data breaches are particularly devastating because, unlike passwords or credit card numbers, you cannot change your face or fingerprints. Once compromised, biometric data remains compromised permanently.
The HIPAA paradox: Healthcare needs biometric verification to prevent fraud, but storing biometric data creates the exact type of high-value target that makes healthcare the most breached industry. POY Verify resolves this by using biometrics for verification without ever storing them.
POY Verify eliminates the HIPAA biometric paradox through its zero-data architecture. Biometric liveness detection confirms a real patient is present, but no biometric data ever leaves the patient's device or reaches any server.
On-device liveness detection confirms a real patient is present. All processing happens in the device's secure enclave.
→A one-way cryptographic hash is generated. The raw biometric data is immediately discarded on-device. No PHI is created.
→The hash confirms the patient is a real, unique human. No images, scans, or biometric templates are transmitted or stored.
HIPAA regulates Protected Health Information - data that identifies a patient and relates to their healthcare. POY Verify's architecture ensures that no such data is ever created during the verification process:
For healthcare organizations that have spent years and millions building HIPAA compliance infrastructure, adding a verification layer that creates zero additional compliance burden is transformative.
Before a telehealth appointment begins, patients complete a 30-second POY verification that confirms a real human is present. This prevents bot-created fake appointments, identity theft-based prescription fraud, and phantom billing. The verification integrates directly into existing telehealth platforms through POY's SDK and API.
Controlled substance prescriptions through telehealth require robust patient verification. POY Verify adds a liveness detection layer that confirms the person requesting the prescription is physically present - not a deepfake, recorded video, or automated script. This directly addresses the DEA's concerns about online prescription fraud without creating new data handling obligations.
Insurance fraud often involves submitting claims for services that were never rendered to real patients. By verifying human presence at the point of service, POY Verify creates a tamper-proof record that a real patient was involved in the encounter - without storing any patient-identifying information. This gives insurers confidence in claim legitimacy while protecting patient privacy.
Clinical trials face a growing problem with fake participants - individuals who enroll in multiple trials simultaneously using different identities to collect compensation. POY Verify's uniqueness detection confirms that each participant is a distinct human being, protecting trial data integrity without collecting additional personal information from vulnerable patient populations.
Patient portals contain some of the most sensitive information about individuals - medical history, diagnoses, medications, insurance details. Traditional login security (username and password) is inadequate against credential stuffing and account takeover attacks. POY Verify adds biometric liveness as a second factor that cannot be phished, stolen, or replayed, all without creating new PHI records.
The financial impact of patient identity fraud extends far beyond direct losses:
The zero-data advantage: POY Verify eliminates the most expensive category of healthcare data risk - biometric data storage - while providing stronger patient verification than any data-collecting alternative.
Healthcare operates under overlapping regulatory frameworks. POY Verify's zero-data approach simplifies compliance across all of them:
POY Verify integrates with the healthcare technology ecosystem without disrupting existing workflows:
Most healthcare development teams complete integration within five business days. The developer documentation includes healthcare-specific implementation guides and compliance checklists.
No. POY Verify's zero-data architecture processes biometrics entirely on-device and discards them immediately after generating a one-way cryptographic hash. No biometric images, templates, or identifiable data are ever transmitted or stored. Since no PHI is created, HIPAA's data handling requirements for biometrics do not apply.
POY Verify uses on-device liveness detection to confirm a real human is present at the time of the appointment. This prevents fake patient accounts, prescription fraud, and insurance claim abuse by ensuring every telehealth session involves an actual person - not a bot, deepfake, or stolen identity.
Yes. POY Verify integrates via a lightweight SDK and REST API that works alongside existing EHR systems, patient portals, and telehealth platforms. It adds a human verification step without replacing existing patient identity management workflows.
Nothing leaves the device. Biometric liveness analysis runs entirely within the device's secure enclave. A one-way hash is generated to confirm humanness, then all raw biometric data is immediately discarded on-device. No images, scans, or biometric templates are ever transmitted to POY Verify's servers.
Join healthcare organizations using zero-data verification to stop fraud and simplify compliance. Verification takes under 30 seconds.
Start Verifying Humans Read the Whitepaper