Health Care Identity Management
Full Title
Health Care Identity Management can be performed in multiple ways and use cases should be provided for each. This document shows the Personal Health Information flows focusing on those that are involved in Patient Identification.
Context
On March 4, CMS and ONC published two proposed rules in the Federal Register which requires the use of application programming interfaces (APIs) built with Fast Healthcare Interoperability Resources (FHIR) to share both clinical and claims data with consumers, third-party applications, and others within the health care ecosystem. In order to do so, there is a need to solve for at least four specific areas:
- How do we identify unique users across systems using person-centric mobile technologies?
- How do we securely authenticate individuals across systems using modern, open standards?
- Once a patient is identified at one organization, how do we cross-facility match a patient to their records?
- What does a consumer-directed, electronic federated consent approach look like?
See the wiki page Health Care Digital Identity for a description of the Identifiers used in health care to address these areas.
Solutions
The following are specific data flows (exchanges of messages) used in Health Care Identity Management. These should create a complete taxonomy of such flows.
| # | From | To | Media | Notes |
| 1 | Patient | PCP | Physical | Walks in the door |
| 2 | ID Documents | PCP | Physical | Patient hands them to the receptionist |
| 3 | Health History | PCP | Open | Today the patient files out a form - tomorrow their smart phone |
| 4 | PCP EHR AuthZ code | Patient | Open | Either Paper (QR code) or Phone (device) Present |
| 5 | Trusted device SW | device | Digital | Download SW to patient device (phone or computer) |
| 6 | QR code | PCP on line | Digital | Allows patient to establish a IAL2 authentication |
| 7 | EHR Data | device | Digital | copy of patient data (perhaps part of a referral) |
| 8 | Patient's Credential | device | digital | digital reference to patient's IAL2 identity proofing |
| 9 | Patient's Credential | specialist | digital | this allows specialist to create a IAL2 proofing |
| 10 | Patient's EHR | specialist | digital | patient data, perhaps part of a referral document |
| 11 | TTP Entity Statement | patient device | digital | information to allow patient to trust the TPP |
| 12 | Patient's Credential | TTP | digital | this allows TTP to create a remote IAL2 proofing |
| 13 | ||||
| 14 | ||||
| 15 | ||||
| 16 | ||||
| 17 | ||||
| 18 | ||||
| 19 | ||||
| 20 | ||||
| 21 | ||||
| 22 | ||||
| 23 | ||||
| 24 | ||||
| 25 | ||||
| 26 | ||||
| 27 | ||||
| 28 | ||||
| 19 |
Details of use of exchanges
These are all use cases that are described else where. This is just a listing of the information exchanges.
The Patient Visit to their PCP
The source of nearly all first visit information is the patient visiting their Primary Care Physician (PCP). The first 3 exchanges are just the physical appearance of the patient, typically with their (1) driver's license, (2) insurance card and (3) other payment card. At the first, and periodic other, visit, the patient asked to enter or update their medical histories. A similar even occurs at dentist and other specialist sites. The result is a care plan and now something new, an authorization code to access the PCP's EHR.
This authorization code (perhaps a QR bar code) is used to carry the proofing event that the patient had on-site to their online experience. It allows the PCP EHR to have IAL2 assurance as to the identity of the patient.
The Patient Visit to the PCP EHR site online
The Patient Visit to a Specialist
The Patient Interactions with Trusted Third parties
==The Patient in an emergency Visit
TK
References
- ONC for Health IT Draft Trust Exchange Framework
- carin Consumer ID & Authentication is largely based on NIST 800-63-3 IAL 2
