Health Care Digital Identity
Contents
Full Title
A means for creating Identifiers and references to Electronic Health Records for people seeking health care in the US.
Context
On March 4, CMS and ONC published two proposed rules in the Federal Register which requires the use of application programming interfaces (APIs) built with Fast Healthcare Interoperability Resources (FHIR) to share both clinical and claims data with consumers, third-party applications, and others within the health care ecosystem. In order to do so, there is a need to solve for at least four specific
Problems
- ) How do we identify unique users across systems using person-centric mobile technologies?
- ) How do we securely authenticate individuals across systems using modern, open standards?
- ) Once a patient is identified at one organization, how do we cross-facility match a patient to their records?
- ) What does a consumer-directed, electronic federated consent approach look like?
Solutions
1 Identification of individuals with mobile devices
Developments for user-centric authentication is becoming common both with smart phones and with late-binding token that are already appearing in user's hands.
2 Secure Authentication with Open Standards
Open standards exist today for self-issued identifiers and new standards are evolving rapidly for new technologies like W3C Web Authentication and Block-chain technologies.
3 Cross-facility matching of individuals
Each facility that creates a user record will need to have their own identifier(s) for that record(s). Rather than try to enforce a single use Identifier on all providers, it is expected that a better success ratio would result from complete acceptance of a multiplicity of records and some clearing house that was specifically designed to allow the user to get access and transfer capability for all records no matter where they resided. This will also allow the user more granular control (if they wish) to determine which records will be shared with which providers.
4 Electronic Federated Consent
This is a fruitful time for solving user consent with a user experience that will match with their experience on other sites.