1 Jan 2013 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered.

Slides:



Advertisements
Similar presentations
Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March 11, 2015.
Advertisements

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.
Personal Guidance. Positive Change. SM Secure Access for Web-based Patient Portals and Applications Chris Brooks, Senior Vice President of Technology,
1 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks.
Leveraging a Single Platform - Connecting a Statewide Healthcare Ecosystem Michigan Association of Health Plans Rick Murdock Executive Director Michigan.
Electronic Submission of Medical Documentation (esMD) for Medicare FFS Presentation to HITSC Provenance Workgroup January 16, 2015.
IDESG Goals & Work-plans for 2013 and beyond Brett McDowell IDESG Management Council Chair
Functional component terminology - thoughts C. Tilton.
Digital ID and Authentication as a Platform Peter Watkins.
Cross Sector Digital Identity Initiative March 12, 2014 Hearing on the National Strategy for Trusted Identities in Cyberspace (NSTIC) Cross Sector Digital.
1 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks.
Update on Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.
Building Trusted Transactions Identity Authentication & Attribute Exchange In Public and Private Federations OASIS Conference September 2010 Joni Brennan,
Security of Computerized Medical Information: Threats from Authorized Users James G. Anderson, Ph.D. Purdue University.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
User Authentication Recommendations Transport & Security Standards Workgroup December 10, 2014.
Five Easy Steps to Tech Transfer Using Knowledge Based Authentication in New Account Registration on KP.org Tim McKay, Ph.D., CISSP, SOUPS 2010.
ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.
HIPAA Health Insurance Portability & Accountability Act of 1996.
HIPAA – Health Insurance Portability & Accountability Act and the Privacy Act MSgt Nechele M. Chambers Senior Enlisted Liaison TRICARE Area Office-Europe.
Identity and Access Management Business Ready Security Solutions.
Banks and the Privacy of Medical Information 8 th National HIPAA Summit March 8, 2004 Joy Pritts, JD Health Policy Institute Georgetown University
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
HIT Standards Committee Hearing on Trusted Identity of Patients in Cyberspace November 29, 2012 Jointly sponsored by HITPC Privacy and Security Tiger Team.
Identifying the Baseline IDESG Security Committee Discussion 10/23/
1 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks.
Privacy and Security Tiger Team Recommendations Adopted by The Health IT Policy Committee Relevant to Consumer Empowerment May 24, 2013.
Privacy and Security Tiger Team Today’s Discussion: Query/Response Scenarios for Health Information Exchange and MU3 RFC Comments April 30, 2013.
Privacy and Security Tiger Team Today’s Discussion: MU3 RFC Comments May 8, 2013.
Update on Interoperability Roadmap Comments Sections G, F and E Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.
1 Healthcare Privacy and Security: Concepts and Challenges Dixie B. Baker, Ph.D. Chair, HIMSS Privacy and Security Advocacy Task Force.
TFTM Interim Trust Mark/Listing Approach Paper Analysis of Current Industry Trustmark Programs and GTRI PILOT Approach Discussion Deck TFTM Committee.
State Alliance for e-Health Conference Meeting January 26, 2007.
Federated or Not: Secure Identity Management Janemarie Duh Identity Management Systems Architect Chair, Security Working Group ITS, Lafayette College.
COMPDIRS NATHAN DORS APRIL 16, AGENDA  IAM – who we are, what we do  HRP Modernization & Workday  What’s new in IAM?  Identity.UW soft.
Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.
Chapter 2 Standards for Electronic Health Records McGraw-Hill/Irwin Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved.
Geneva, Switzerland, September 2014 Identity Based Attestation and Open Exchange Protocol (IBOPS) Scott Streit Chief Scientist.
HIT Policy Committee NHIN Workgroup Recommendations Phase 2 David Lansky, Chair Pacific Business Group on Health Danny Weitzner, Co-Chair Department of.
NIST Update: Part Deux Elaine Newton, PhD NIST
Presented by: Presented by: Tim Cameron CommIT Project Manager, Internet 2 CommIT Project Update.
Health Insurance Portability and Accountability Act (HIPAA) CCAC.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
Understanding HIPAA (Health Insurandce Portability and Accountability Act)
The Challenges of Online Identity Assurance in a Judicial Setting Alison Knight, Supervisors: Prof. Steve Saxby (Law) & Dr. Mark Weal (ECS) Law ILAWS dog.
HIPAA Vendor Readiness Siemens/HDX Audio Telecast July 24, 2002.
Cloud Computing, Policy Management and Standardization Europe Identity Conference 2011 John Sabo, Director Global Government Relations, CA Technologies.
Project MED INF 403 DL Winter 2008 Group 3. Group Members Michael Crosswhite Maureen Farrell Julia Hernandez R Steven McDonald Jennifer Ogg David Robbins.
Is HIPAA Ready for the EHR? Practical and Legal Considerations of the Interoperable Electronic Health Record Barry S. Herrin, CHE, Esq. Smith Moore LLP.
HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.
NSTIC and the Identity Ecosystem Jim Sheire Senior Advisor NSTIC National Program Office, NIST 14 November 2012.
The U. S. Health Care System Challenges, Opportunities and Solutions Fifth National HIPAA Summit Clinical Data Standards and the Creation of an Interconnected,
Configuring Electronic Health Records Privacy and Security in the US Lecture b This material (Comp11_Unit7b) was developed by Oregon Health & Science University.
Attribute Delivery - Level of Assurance Jack Suess, VP of IT
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Framing Identity Management Recommendations Transport & Security Standards Workgroup November 19, 2014.
Case Study: Applying Authentication Technologies as Part of a HIPAA Compliance Strategy.
E-C OMMERCE : T HE E -C ONSUMER AND THE ATTACKS AGAINST THE PERSONAL DATA Nomikou Eirini Attorney at Law, Piraeus Bar Association Master Degree in Web.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
11 | Managing User Info Jeremy Foster Michael Palermo
Higher Education’s Role in the Identity Ecosystem
Service Organization Control (SOC)
Concerns of a Privacy Advocate – and How to Respond
Healthcare Privacy: The Perspective of a Privacy Advocate
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
HIPAA Privacy and Security Update - 5 Years After Implementation
Presentation transcript:

1 Jan 2013 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off May 2014 Working Group Meeting May 6, 2014 CONSUMER IDENTITY AND PERSONAL HEALTH Presented by: Tim McKay, Ph.D., CISSP Kaiser Permanente

2 Jan 2013 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Agenda State of Online Consumer Identity Identity and Healthcare The Value of Individually Identifiable Health Information Identity Standards

3 Jan 2013 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Consumer Identity in 2014 A fragmented space of N of 1 solutions o One set of credentials = access to one service o Exceptions: facebook, Google o One factor dominant o Exceptions: Google, ebay, some financial institutions o No population sensitivity A (largely) self-asserted space Convenience over privacy o Site driven o Consumer driven

4 Jan 2013 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Consumer Identity in Healthcare Who you are matters... sometimes o Stand-alone app vs. connections to medical records Privacy matters... sometimes o HIPAA and non-HIPAA entities o Metadata and “anonymous” uses of data o Social media credential use Portability matters... sometimes o HIE initiated o Consumer initiated  Zero reuse of consumer credentials between health systems  No metadata standards to enable accurate record matching.  No accepted standards for account creation and maintenance.

5 Jan 2013 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Why is an individual’s health information of value to others? Use to obtain health care services o Physical o Virtual Use to market goods and services Use for general identity spoofing for financial gain o Demographic information o Financial information o Health information for targeted individuals  Sale of celebrity information  Blackmail Exercise control over another

6 Jan 2013 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Developing standards for consumer health identities Why are identity standards important? o Reduce inappropriate disclosure o Ensure the integrity of an individual’s medical record National Institute of Standards and Technology (NIST) (Electronic Authorization) (Role Based Access) National Solution for Trusted Identities in Cyberspace (NSTIC): Identity Solutions will be o Privacy enhancing and voluntary o Secure and resilient o Interoperable o Cost effective and easy to use Identity Ecosystem Steering Group o Promotes goals of NSTIC o Quarterly plenary—ongoing workgroups (including healthcare) o Focus on demonstration projects and an identity framework o Not currently planning to be a standards organization

7 Jan 2013 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Creating Consumer Health Identity Standards Account Creation and Identity Provisioning o Identity proofing o User ID rules o Password rules... or maybe not Authentication o Account controls o Multi-factor authentication o Biometric use Establishment of Account Proxy Identities Account Maintenance o Forgot user ID and forgot password o Account de-provisioning o Account reinstatement o Suspected fraudulent use Identity portability o Meta data for identity assertion o “Home” and “Guest” account rules

8 Jan 2013 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Issues Consumer Health Identity Standards Must Address Controls which backfire o Increasing password strength and length o Password expiration Controls which are population relevant o Who is the target user? o How are needs of vulnerable populations addressed? Controls which respect autonomy o Set minimum bars o Raise the bars for higher-risk transactions  Data transfer to third parties  New cross-entity identity assertions o Provide enhanced controls on an elective basis

9 Jan 2013 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Consumer Identity and Personal Health THANK YOU Tim McKay

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.