Difference between revisions of "Health Care Identity Management"
(→Solutions) |
(→References) |
||
| Line 80: | Line 80: | ||
*[https://www.healthit.gov/sites/default/files/draft-trusted-exchange-framework.pdf ONC for Health IT Draft Trust Exchange Framework] | *[https://www.healthit.gov/sites/default/files/draft-trusted-exchange-framework.pdf ONC for Health IT Draft Trust Exchange Framework] | ||
*[https://www.carinalliance.com/our-work/consumer-id-authentication/ carin Consumer ID & Authentication] is largely based on NIST 800-63-3 IAL 2 | *[https://www.carinalliance.com/our-work/consumer-id-authentication/ carin Consumer ID & Authentication] is largely based on NIST 800-63-3 IAL 2 | ||
| − | + | ||
| − | |||
| − | |||
| − | |||
[[Category:Identity]] | [[Category:Identity]] | ||
[[Category:Use Case]] | [[Category:Use Case]] | ||
[[Category:Health]] | [[Category:Health]] | ||
Revision as of 15:47, 6 July 2019
Contents
Full Title
Health Care Identity Management can be performed in multiple ways and use cases should be provided for each. This document shows the Personal Health Information flows focusing on those that are involved in Patient Identification.
Context
On March 4, CMS and ONC published two proposed rules in the Federal Register which requires the use of application programming interfaces (APIs) built with Fast Healthcare Interoperability Resources (FHIR) to share both clinical and claims data with consumers, third-party applications, and others within the health care ecosystem. In order to do so, there is a need to solve for at least four specific areas:
- How do we identify unique users across systems using person-centric mobile technologies?
- How do we securely authenticate individuals across systems using modern, open standards?
- Once a patient is identified at one organization, how do we cross-facility match a patient to their records?
- What does a consumer-directed, electronic federated consent approach look like?
See the wiki page Health Care Digital Identity for a description of the Identifiers used in health care to address these areas.
Solutions
The following are specific data flows used in Health Care Identity Management. These should create a complete taxonomy of such flows.
| # | From | To | Media | Notes |
| 1 | Patient | PCP | Physical | Walks in the door |
| 2 | ID Documents | PCP | Physical | Patient hands them to the receptionist |
| 3 | Health History | PCP | Open | Today the patient files out a form - tomorrow their smart phone |
| 4 | PCP EHR AuthZ code | Patient | Open | Either Paper (QR code) or Phone (device) Present |
| 5 | Trusted device SW | device | Digital | Download SW to patient device (phone or computer) |
| 6 | QR code | PCP on line | Digital | Allows patient to establish a IAL2 authentication |
| 7 | EHR Data | device | Digital | copy of patient data (perhaps part of a referral) |
| 8 | Patient's Credential | device | digital | digital reference to patient's IAL2 identity proofing |
| 9 | Patient's Credential | specialist | digital | this allows specialist to create a IAL2 proofing |
| 10 | Patient's EHR | specialist | digital | patient data, perhaps part of a referral document |
| 11 | TTP Entity Statement | patient device | digital | information to allow patient to trust the TPP |
| 12 | Patient's Credential | TTP | digital | this allows TTP to create a remote IAL2 proofing |
| 13 | ||||
| 14 | ||||
| 15 | ||||
| 16 | ||||
| 17 | ||||
| 18 | ||||
| 19 | ||||
| 20 | ||||
| 21 | ||||
| 22 | ||||
| 23 | ||||
| 24 | ||||
| 25 | ||||
| 26 | ||||
| 27 | ||||
| 28 | ||||
| 19 |
References
- ONC for Health IT Draft Trust Exchange Framework
- carin Consumer ID & Authentication is largely based on NIST 800-63-3 IAL 2
