Health Care Digital Identity
On March 4, CMS and ONC published two proposed rules in the Federal Register which requires the use of application programming interfaces (APIs) built with Fast Healthcare Interoperability Resources (FHIR) to share both clinical and claims data with consumers, third-party applications, and others within the health care ecosystem. In order to do so, there is a need to solve for at least four specific areas:
- How do we identify unique users across systems using person-centric mobile technologies?
- How do we securely authenticate individuals across systems using modern, open standards?
- Once a patient is identified at one organization, how do we cross-facility match a patient to their records?
- What does a consumer-directed, electronic federated consent approach look like?
There is no shortage of standards making organizations looking at identity. Some of the ones we have been tracking here include:
- HL7 and FHIR which is attempting to solve health information interchange internationally, but thinks high assurance identification is just too expensive.
- OAuth 2.0 which has had enormous success and is not trying to move on to GNAP is a strong foundation for authorizing access to people personal information.
- OpenID Connect with has been adopted by most of the large social media for user identification and is slowing moving to more identity assurance.
- Kantara UMA which has tried to place control of a user's personal information in their own hands and has tried to relate that to healthcare.
- OpenID HEART which tried to adapt UMA, OAuth and other standards to health care but has yet to address identity assurance.
- Kantara Health Identity Assurance Work Group has created principles and insights provided to ONC to help healthcare with identity assurance.
1 Identification of individuals with mobile devices
Developments for user-centric authentication is becoming common both with smart phones and with late-binding tokens that are already appearing in user's hands. Two methods will be addressed in the immediate future: (1) smart phones with native apps and (2) hand held devices that can be kept in the person's possession and used for authentication. Each device will come with their own personal user Identifier. That way the user can change authentication devices as technologies advance. The binding of the user's device Identifier with the user's medical and state-supplied Identifiers will be a separate process that gives technologies the space to innovate while maintaining user access to all of their medical (and other) records.
We have prototyped a Health Care Native Application running now on Android and Windows devices and will be adding Apple iOS apps in the near future. These apps give the user immediate control of their own Identifiers and Medical Records access codes. The apps authenticate the person holding the phone by one of several proof-of-possession actions and then accept a request for access from the provider. They can also display some of the information access methods on a locked phone in the hands of a first responder. The information is coded into the user device ID and from there to a records locator (solution #3).
2 Secure Authentication with Open Standards
Open standards exist today for self-issued identifiers and new standards are evolving rapidly for new technologies like W3C Web Authentication and Block-chain technologies. These can and will be deployed for the bulk of the population with IAL 2 (NIST 800-63-3) as an aspirational goal. But the absolute requirement is that all patients that present themselves for emergency treatment will be treated with whatever level of assurance is possible and high assurance will be layered onto the medical records as it becomes available.
Mutual authentication will be required so that the patient will know who is asking for the information and for what purpose (solution #4). This will give the user confidence that the health care network is operating for their benefit and that all providers and all services are fully compliant with HIPPA and other appropriate regulations. The patient will also know how to access any medical record that is being created with their personal information and to maintain an access method to that record.
3 Cross-facility matching of individuals
Each facility that creates a user record will need to have their own identifier(s) for that record(s). Rather than try to enforce a single use Identifier on all providers, it is expected that a better success ratio would result from complete acceptance of a multiplicity of records and some clearing house that was specifically designed to allow the user to get access and transfer capability for all records no matter where they resided. This will also allow the user more granular control (if they wish) to determine which records will be shared with which providers. The solution to this problem is the same as the solution to problem #1, the medical records matching service. Since this service is first of all, a service supporting the patient's rights to control access to their own information (solution #4), the choice of the records matching service will be made by the patient. Each service will have the capability to collect any information that the user wished to accumulate and release it only as the user directs. The service will be accessible at any time by the user (and by FirstNet) but providers will only have access as they acquire access tokens from the user. First responders can use the access codes or phone numbers on cell phones to access the records. Any such access will be reported to the patient.
4 Electronic Federated Consent
This is a fruitful time for solving user consent with a user experience that will match with their experience on other sites.
FirstNet access should have an override of user consent for any recorded needed in emergency situations. Most particularly it is important for user directives (DNR, etc) and emergency contacts to be immediately available to first responders.
- ONC for Health IT Draft Trust Exchange Framework
- carin Consumer ID & Authentication is largely based on NIST 800-63-3 IAL 2
- The Kantara Consent & Information Sharing Work Group has published a Consent Receipt Standard.
- Identification for Development (ID4D) The World Bank. The Role of Digital Identification for Healthcare:The Emerging Use Cases
- Digital Identity Demonstrates its Crucial Role in Transforming Healthcare from the GSMA - the mobile telcos and friends.
- The Kantara Identity Incubator supports development of solutions including the Mobile Authentication for First Responders