Web Security Firm Building Reputation in Medical Field

companies to make sales to banking companies, is hoping it can cross industry lines on the strength of its successes in the health-care market.

Arcot, a two-year-old company that regards financial services as potentially the biggest outlet for its so-called camouflaging technique for digital authentication, has gained a major opening into the personal health and patient-records area through the Intel Corp. Internet Authentication Services initiative, announced this month.

Intel, the semiconductor leader, has identified "e-health" as a key growth opportunity for personal computer networks with advanced bandwidth capabilities. The company has licensed Arcot's WebFort technology to ensure that private records are safe from unauthorized access.

The American Medical Association is supporting a digital credentialing system, which is expected to be in full swing by next year. The system, based on the Intel framework, is described as the equivalent of portable "on-line health cards" that verify the identity of the person signing on. Physician services organizations such as Healtheon/WebMD and consumer Internet sites such as WellMed also signed on.

B.N. "Nat" Kausik, chief technology officer of Arcot Systems, said in a recent interview that the Intel connection is confined to health-care authentication, and that there is no expectation of a direct carryover to financial services or any other Internet community. But he said the growth of WebFort is bound to be noticed, and Arcot will have more opportunities to demonstrate that its unique approach to digital certification -- a valid certificate is hidden among many others so that only an authorized party can pick out the right one -- is better than other available versions of cryptographic authentication.

"We don't want to spend our energies converting people to our point of view" in debates over technical standards, Mr. Kausik said. "It is more effective to let our customers tell the story, and 150,000 physicians logging on to send patient records tells the story more effectively than anything else."

Mr. Kausik was referring to a previously announced deal Arcot had reached with the medical servicing company IDX Systems Corp. A more recent signing of that type was infoMedX.com. The Intel program could boost the user numbers substantially -- by hundreds of thousands this year, said Arcot chief executive officer Chet Silvestri.

Arcot, which is based in Palo Alto, Calif., estimates there are 50 million available end-users, or "seats," in the health-care market that are susceptible to its treatment for patient confidentiality. That is exceeded by 60 million customers and employees of financial companies. Mr. Kausik said Arcot -- which includes former Visa International and First Data Corp. executive Scott Loftesness on its board of advisers -- is close to some significant payment industry progress, but he said he was not at liberty to discuss details.

Arcot is touting WebFort and the camouflaging of certificates as a superior, immediately available alternative to smart cards, and better suited than competing approaches to large-scale Internet customer bases and their administrative challenges.

"We give smart-card-level security with the advantages of software and a standard PKI," or public key encryption infrastructure, Mr. Kausik said. If smart cards ever live up to their mass-distribution promise, he said, "software solutions" such as Arcot's will coexist. "We will succeed at solving real problems and the market will notice."

Since its official product launch in May, Arcot has gotten so deep into health care -- beating out the more established PKI vendors Entrust Technologies Inc. and Verisign Inc. for the Intel program -- because "it is all about usability," Mr. Kausik said.

"Elsewhere you get into technology debates, but in health care the technology is less important to people," he said. "They just want the best security there is, they are open-minded, and usability is key."

Ronald J. Whittier, senior vice president and general manager of Intel content services, made a statement that has been applied by others to Internet banking: "Making the Web a more trusted place is key to helping the health-care industry move to the Internet."

Mr. Whittier added, "We are enabling a new level of trust for e-health services that that can make doctors more efficient, reduce health-care costs, and improve patient satisfaction and care."

The medical establishment has reason to move quickly, because it is under a federal mandate to provide strong authentication of on-line patient communications. Information security experts say that cannot hurt the cause of digital certificates in banking, government, and other contexts.

Over the next decade, "physicians will routinely navigate cyberspace with important information about patients and their care, and the AMA needs to take the lead role in determining how best to do that securely," said Dr. Richard Corlin, speaker of the American Medical Association's House of Delegates. "By working with Intel to deliver physician credentials, the AMA is anticipating the needs of our patients and our members and rising to meet those needs."

For reprint and licensing requests for this article, click here.
MORE FROM AMERICAN BANKER