Not many years ago, the physician’s NPI (National Provider Identifier) was a number that was to be protected and guarded as closely as one’s social security number. Today, a quick web search enables a complete stranger to obtain a physician’s NPI with ease as it is now publicly listed on countless websites.

With the increasing availability of software that synthesizes voices completely using protocols like WaveNet, Tacotron, or one of the many developing iterations of Deep Voice, there is a massive risk of the exploitation of the NPI to refill or prescribe medications that are not authorized by the physician holding the NPI. Not only is the identifier available on the web, but attached to it often is personal information such as residential addresses that have often been overlooked.

To further elaborate, Deep Learning Speech Synthesis is a form of automated speech synthesis that can learn how an individual enunciates words with their specific phonetic notation and replication of voice. In other words, a computer algorithm that can speak just like the primary individual, by typing the words on a screen. Quite similar to a text-to-speech engine, and it can be remarkably accurate. This technology is not exclusive to large data centers anymore. With the advent of deep learning using consumer-available hardware, it has become increasingly easy to perform this with a personal computer at home. The exploitation of such a process can lead to the misuse of pharmaceutical compounds that could help facilitate drug trafficking, or handout prescriptions to non authorized individuals, all of which could initiate legal action against the criminal or even the physician as a potential inquiry.

A Deep Voice phone call to a pharmacy for refilling a prescription can be unchallenging and accessible if vocal and phone number confirmations are to be used. Any potential call back from the pharmacy on the registered phone number of the physician can be intercepted using different technologies.

One such example is from 2017 as quoted by a release from the United States Department of Justice in Southern Florida.

“(Miguel de Paula Arias) Arias, stole the identities of six retired and semi-retired senior citizen physicians and their Medicare accounts used to submit claims for services provided to patients… Arias submitted fraudulent and fictitious claims for purportedly providing medical services to Medicare using the victim doctors’ identities”.1

Complications from such incidents may burden the physician from the legal front as well. What does this mean for the future of telephone calls and prescriptions?

Financial institutions such as banks have already long dismissed the accuracy of voice verification authentication systems citing many security risks and have switched to more secure methods such as 2-factor authentication (2FA). However, the independent physician often has multiple patients in numbers that frequently exceed double digits. Therefore a 2FA may be a cumbersome method of security. A more secure and intuitive method such as biometric authentication would be ideal. An example would be as follows:

A patient sends the physician a secure text/call for refilling a prescription. Upon evaluation through telehealth, the physician calls the pharmacy to authorize the refill. The pharmacy/pharmacist can send an instant “push” notification to the physician’s cellphone. The physician uses their fingerprint or iris to authenticate the prescription and the refill is now authorized.

If this process sounds familiar, it is. It is closely related to the same DEA compliant method that was developed by the company “Identity Automation” to help institutions and physicians prescribe controlled substances. The difference would be that a similar solution could be implemented as a baseline structure of security for all calls to a pharmacy to refill or order prescriptions while ensuring that any biometric data stored is substantially encrypted.

This is a resolution not only for the NPI but for other systems as well. Numbers are but a means to identify and grant access. Their unencrypted use to grant access should not be encouraged. Shifting the power to biometrics instead of the number allows for a more secure America both for the patient and the physician.