Health Care Identity Management
Contents
Full Title
Health Care Identity Management can be performed in multiple ways and use cases should be provided for each. This document shows the Personal Health Information flows focusing on those that are involved in Patient Identification.
Context
On March 4, CMS and ONC published two proposed rules in the Federal Register which requires the use of application programming interfaces (APIs) built with Fast Healthcare Interoperability Resources (FHIR) to share both clinical and claims data with consumers, third-party applications, and others within the health care ecosystem. In order to do so, there is a need to solve for at least four specific areas:
- How do we identify unique users across systems using person-centric mobile technologies?
- How do we securely authenticate individuals across systems using modern, open standards?
- Once a patient is identified at one organization, how do we cross-facility match a patient to their records?
- What does a consumer-directed, electronic federated consent approach look like?
See the wiki page Health Care Digital Identity for a description of the Identifiers used in health care to address these areas.
Solutions
The following are specific data flows used in Health Care Identity Management. These should create a complete taxonomy of such flows.
| # | From | To | Media | Notes |
| 1 | Patient | PCP | Physical | Walks in the door |
| 2 | ID Documents | PCP | Physical | Patient hands them to the receptionist |
| 3 | Health History | PCP | Open | Today the patient files out a form - tomorrow their smart phone |
| 4 | PCP EHR AuthZ code | Patient | Open | Either Paper (QR code) or Phone (device) Present |
| 5 | Trusted device SW | device | Digital | Download SW to patient device (phone or computer) |
| 6 | QR code | PCP on line | Digital | Allows patient to establish a IAL2 authentication |
| 7 | EHR Data | device | Digital | copy of patient data (perhaps part of a referral) |
| 8 | Patient's Credential | device | digital | digital reference to patient's IAL2 identity proofing |
| 9 | Patient's Credential | specialist | digital | this allows specialist to create a IAL2 proofing |
| 10 | Patient's EHR | specialist | digital | patient data, perhaps part of a referral document |
| 11 | Patient's Credential | TTP | digital | this allows TTP to create a remote IAL2 proofing |
| 12 | ||||
| 13 | ||||
| 14 | ||||
| 15 | ||||
| 16 | ||||
| 17 | ||||
| 18 | ||||
| 19 | ||||
| 20 | ||||
| 21 | ||||
| 22 | ||||
| 23 | ||||
| 24 | ||||
| 25 | ||||
| 26 | ||||
| 27 | ||||
| 28 | ||||
| 19 |
References
- ONC for Health IT Draft Trust Exchange Framework
- carin Consumer ID & Authentication is largely based on NIST 800-63-3 IAL 2
- The Kantara Consent & Information Sharing Work Group has published a Consent Receipt Standard.
- Identification for Development (ID4D) The World Bank. The Role of Digital Identification for Healthcare:The Emerging Use Cases
- Digital Identity Demonstrates its Crucial Role in Transforming Healthcare from the GSMA - the mobile telcos and friends.
- The Kantara Identity Incubator supports development of solutions including the Mobile Authentication for First Responders
