Nationwide and Regional Health Information Networks and Federated Identity for Authentication and HIPAA Compliance Christina Stephan, MD Co-Chair Liberty.

Slides:



Advertisements
Similar presentations
Manatt manatt | phelps | phillips New York State Health Information Technology Summit Initiative Overview and Update Rachel Block, Project Director United.
Advertisements

National HIT Agenda and HIE John W. Loonsk, M.D. Director of Interoperability and Standards Office of the National Coordinator Department of Health.
| Implications for Health Information Exchange – MetroChicago January 2011.
The U.S. Health Information Technology Agenda – and the Web John W. Loonsk, MD Director of Interoperability and Standards Office of the National Coordinator.
Cheryl M. Stephens Executive Director Community Health Information Collaborative July 17, 2006 Community Health Information Collaborative and the Northeast.
IT Security Policy Framework
A university wide electronic research ethics review system?
Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.
1 The Challenges of Creating an Identity Management Infrastructure for the University of California David Walker Karl Heins Office of the President University.
Community of Interest for Patient Identifiers AGENDA 1.NHII’s Unique Health Information Identification Requirements - Soloman I. Appavu, SIG Leader 2.Identification.
Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.
August 2004 Providing Industry-wide Security and Identity Management Solutions.
Network Identity Kai Kang 27 th October Outline Introduction –Definition –Five drivers –Basic services –Roadmap Network Identity management approaches.
T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
Adopt & Adapt Tips on Enterprise Data Management Annette Pence September 10, 2009 MITRE.
Identity & Access Management DCS 861 Team2 Kirk M. Anne Carolyn Sher-Decaustis Kevin Kidder Joe Massi John Stewart.
Thee-Framework for Education & Research The e-Framework for Education & Research an Overview TEN Competence, Jan 2007 Bill Olivier,
A Primer on Healthcare Information Exchange John D. Halamka MD CIO, Harvard Medical School and Beth Israel Deaconess Medical Center.
IT Security Challenges In Higher Education Steve Schuster Cornell University.
LEVERAGING THE ENTERPRISE INFORMATION ENVIRONMENT Louise Edmonds Senior Manager Information Management ACT Health.
Building Public Health / Clinical Health Information Exchanges: The Minnesota Experience Marty LaVenture, MPH, PhD Director, Center for Health Informatics.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
Internet2 – InCommon and Box Marla Meehl Colorado CIO 11/1/11.
State Alliance for e-Health Conference Meeting January 26, 2007.
Cyber Authentication Renewal Project Executive Overview June – minute Brief.
Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.
Chapter 6 – Data Handling and EPR. Electronic Health Record Systems: Government Initiatives and Public/Private Partnerships EHR is systematic collection.
Liberty, Privacy & The Public Sector. 2 Agenda  Liberty & Privacy  E-government and identity  The promise of e-government  Importance of identity.
State HIE Program Chris Muir Program Manager for Western/Mid-western States.
Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Overview of IHE IT Infrastructure Patient Synchronized Applications.
HIT Policy Committee NHIN Workgroup Recommendations Phase 2 David Lansky, Chair Pacific Business Group on Health Danny Weitzner, Co-Chair Department of.
1 Networked PHR, a framework for personal health applications & services Anne Chapman, Senior Program Manager Personal Health Records, Intel.
E-Authentication: Enabling E-Government Presented to PESC May 2, 2005 The E  Authentication Initiative.
1 7 th CACR Information Workshop Vulnerabilities of Multi- Application Systems April 25, 2001 MAXIMUS.
Integrating Federated Identity and Web services in the RHIO Environment John Richardson Vice-Chair, Liberty Alliance eHealth SIG Intel Corporation Digital.
Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin
Whose Responsibility is it? Karen Korb TELUS Health Solutions November 24, 2009 Privacy and Confidentiality in the EHR:
Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.
Identity Management Working Group 2006 Member Meeting Tempe, AZ Barry Ribbeck Rice University.
IT Security Policy Framework ● Policies ● Standards ● Procedures ● Guidelines.
The Practical Challenges of Implementing a Terminology on a National Scale Professor Martin Severs.
Public Health Data Standards Consortium
Issues in State-Wide Regional Healthcare Information Organizations Paul Macielak, Esq. New York Health Plan Association June 28, 2005.
Kevin W. Ryan JD, MA Associate Director – ACHI Assistant Professor – UAMS COPH Rural TeleCon ’06 10th Annual Conference of the Rural Telecommunications.
Promoting excellence in social security Building on sector wide commonalities to enhance the benefits of Information.
Sept 13-15, 2004IHE Interoperability Workshop 1 Integrating the Healthcare Enterprise Patient Identifier Cross-referencing Charles PARISOT GE Healthcare.
National Cybersecurity Center of Excellence Increasing the deployment and use of standards-based security technologies Mid-Atlantic Federal Lab Consortium.
HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Moving the National Health Information Technology Agenda Forward The Fourth Health Information Technology Summit March 28, 2007 Robert M. Kolodner, MD.
Discussion - HITSC / HITPC Joint Meeting Transport & Security Standards Workgroup October 22, 2014.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Creating a European entity Management Architecture for eGovernment Id GUIDE Keiron Salt
19-20 October 2010 IT Directors’ Group meeting 1 Item 6 of the agenda ISA programme Pascal JACQUES Unit B2 - Methodology/Research Local Informatics Security.
Office of the National Coordinator for Health Information Technology ONC Update for HITSP Board U.S. Department of Health and Human Services John W. Loonsk,
© DataCard Corporation. All rights reserved. TRENDS IN eGOVERNMENT Drivers, applications and technologies.
1 HIPAA’s Impact on Depository Financial Institutions 2 nd National Medical Banking Institute Rick Morrison, CEO Remettra, Inc.
Sachin H. Jain, MD, MBA Office of the National Coordinator for Health IT United States Department of Health and Human Services The Nation’s Health IT Agenda:
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
Law Enforcement Information Sharing Program (LEISP) Federated Identity Management Pilot February 27, 2006.
IT Infrastructure Plans
Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)
Unit 5 Systems Integration and Interoperability
Regional Health Information Exchange: Getting There
Identity & Access Management
Objectives Describe the purposes of the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 Explore how the HITECH Act.
HLN Consulting, LLC® November 8, 2006
ONC Update for HITSP Board
Presentation transcript:

Nationwide and Regional Health Information Networks and Federated Identity for Authentication and HIPAA Compliance Christina Stephan, MD Co-Chair Liberty Alliance eHealth SIG National Library of Medicine Health Informatics Fellow, University of Minnesota

13th Annual HIPAA Summit2 Consortium of over 150 diverse member companies and organizations developing open standards that anyone can implement, addressing the whole issue of identity: Public Policy compliance Privacy Business requirements Interoperability conformance testing & certification Vision: A networked world in which individuals, businesses, organizations and institutions can more easily interact and collaborate with one another while respecting the privacy and security of shared identity information. The Liberty Consortium

13th Annual HIPAA Summit3 There are more than 400 million Liberty-enabled identities and clients world wide estimate, source: Liberty Alliance The Liberty Alliance is the ONLY global body working to define and drive open technology standards, privacy and business guidelines for federated identity management.

Federated Identity in a Nutshell What is network identity? The role and importance of network identity management. Federation: How it works Federated Identity in the Healthcare Organization Setting The evolution of network identity management Identity Management Standards Federated Identity Concepts

13th Annual HIPAA Summit5 Users Network Identity User Name: John Smith PIN: Credit card number Social security number Drivers license Passport Entertainment preferences Notification preferences Employee authorization Business calendar Dining preferences Education history Medical history Financial assets… A network identity is a user's overall global set of attributes constituting their various accounts Attributes can include:

13th Annual HIPAA Summit6 Identity Impacts Everything Identity Impacts Everything-- including electronic health records and personal health records. Identity is not an option, everyone and everything has an identity. Identity allows access to interactions in the health care environment and related transactions of value.

13th Annual HIPAA Summit7 Identity Impacts Everything Identity Data is the information held about people, businesses and assets that enables those entities to be identified. This could include user ID, password, role, contact information, access rights and other account or user-related information. Identity Management is the effective management and leveraging of identity data. It involves a combination of technology, business process implementation and governance. An Identity Management architecture consists of a structural design for the IdM services, Identity data, underpinning technology and their relationships, consistent with the socio- political and business constraints.

13th Annual HIPAA Summit8 Identity Impacts Everything Identity and privacy has, at times, been compromised and/or placed at-risk. The result is a growing lack of trust, without trust, adoption of HIT and use of personal health information on the internet will be stymied. Challenges of protecting personal identity information and personal health information Threatens the adoption of EHRs and PHRs as well as eCommerce growth.

13th Annual HIPAA Summit9 Federation and Identity Management Federation is the way the world works today (drivers license, national ID, SIM cards…) Federation facilitates scalable, efficient, user-friendly, cross- domain Identity Management. Without Identity Management, federation fails…interactions and transactions become more difficult, if not impossible. Federation is a foundation for pseudonymous and anonymous secure business relationships.

13th Annual HIPAA Summit10 The Importance of Identity Proper Identity Management makes a difference! Fraud and Identity Theft prevention: A distributed system can help, and so can the attribute and profile information sharing. Secure and trusted usage and sharing of: Personal Health Information and organizational identity information. Personal Health and Financial information Individual healthcare provider and organizational data for both remote and local intranet domain access

13th Annual HIPAA Summit11 Evolution of Federated Network Identity Separate Cards, Each Bank Linked Cards w/in Bank Networks Seamless Access Across all Networks Linkage of Circles of Trust.com Bank ATM Network A Bank ATM Network B Bank ATM Network C Bank A ATM Card Bank B ATM Card Bank C ATM Card Individual Accounts with Many Web Sites.com Bank A ATM Card Bank B ATM Card Bank C ATM Card Federated Accounts within Circles of Trust.com Bank ATM Network A Bank ATM Network B Bank ATM Network C

13th Annual HIPAA Summit12 Emergence and Convergence of Federated Identity Management (FIM) Standards OrganizationStandard(s) OASIS (Organization for the Advancement of Structured Information Standards) SAML: Security Assertion Markup Language; A standard language for making security assertions and attributes available in a federated setting. The Liberty AllianceID-FF: Identity Federation Framework ID-WSF Identity Web Services Framework An open source federated identity standard with an emphasis on user privacy. The Shibboleth ProjectShibboleth: A standard developed for use by academic institutions. Microsoft, IBMWS-Federation: A proposed web services standard, on e of several such as WS-Security, WS-Authorization, WS-Privacy

Identity Management Terminology Key Concepts: Principle, Identity Provider, Single Sign On Services Provider, The Circle of Trust Discovery Service

13th Annual HIPAA Summit14 Key Concepts: I Further definitions from the Glossary, found at: Federation – The act of establishing a relationship between two entities, an association comprising any number of Service Providers and Identity Providers. Principal – a person or user, a system entity whose identity can be authenticated. IdP, Identity Provider – a service which authenticates and asserts a Principals identity – usually the entry point into a Circle of Trust. Single Sign-On (SSO) – the Principals ability to authenticate with one system entity (Identity Provider) and have that authentication honored by other system entities, often Service Providers.

13th Annual HIPAA Summit15 Federated Identity: Key Concepts: II Further definitions from the Glossary, found at: Circle of Trust – a group of service providers and identity providers that have business relationships based on Liberty architecture and operational agreements and with whom users can transact business in a secure and apparently seamless environment. Circles of Trust represent the second wave of identity federation, after SSO and federated account linking. DS – Discovery Service – provides discovery of Identity-based Web Services. Service Provider e.g. Pharmacy Identity-Based Web Service Provider e.g. ePrescriptions.com Identity Provider Authentication Federation Discovery Service Personal Profile Principal e.g. Patient Circle of Trust

Federated Identity in the Healthcare Organization Setting The Current Situation: Identity Silos

13th Annual HIPAA Summit17 Identity Silos in Healthcare Clinic Identity silo Specialty care Identity silo Laboratory Identity silo Pharmacy Identity silo Hospital Identity silo Administrative/payor identity silo There are many identity silos in healthcare This impedes sharing of health information and has a negative impact on health care effectiveness.

13th Annual HIPAA Summit18 Many duplicative Identity Silos in Healthcare Clinic Identity silo Specialty care Identity silo Laboratory Identity silo Pharmacy Identity silo Hospital Identity silo Administrative/payor identity silo Clinic Identity silo Specialty care Identity silo Laboratory Identity silo Pharmacy Identity silo Hospital Identity silo Administrative/payor identity silo

The Benefits of Federated Identity in Healthcare Security: Interoperability Regulatory Compliance Operational Efficiency Cost Reduction

13th Annual HIPAA Summit20 The Benefits of Federated Identity in Healthcare BenefitExamples Security User authentication: Multiple access levels HIPAA Compliance Supports authentication levels Enables detailed audit logs of records access Improved Operational Efficiency Single sign on Management of UserID distinct from applications Readily scalable to include new organizational participants Cost Reduction/Avoidance Support operations for identity administration Decrease development time Standards accelerate implementation-reduce need for disparate interfaces, Interoperability Allows integration of legacy systems Eases new deployments, Federated identity is more secure

13th Annual HIPAA Summit21 Benefits of network technology without compromising security or control over Personal Health Information (PHI) For Patients: Convenience of single sign-on More control over privacy and PHI Improved access Facilitates communication with providers & payers Improved patient trust and quality of care For Providers: Reduced medical errors Better and more services, new revenue opportunities Improved access Improved operating efficiencies Reduces IT costs Easier, faster HIPAA compliance Improved patient trust and quality of care Federated Identity and Health Care Federated Identity Management plumbing standards that: Wide-spread adoption Convergence with other standards Federated authentication model Built on standards Privacy & security best practices Conformance testing & certification Provides for multi-product interoperability

13th Annual HIPAA Summit22 Should Federated Identity management be adopted in Healthcare?

13th Annual HIPAA Summit23 YES! An Identity management Architecture will allow: Better privacy protection.Better privacy protection. More secure transactions involving personal health information.More secure transactions involving personal health information. Regulatory compliance requires accurate complete access audit trails.Regulatory compliance requires accurate complete access audit trails.

13th Annual HIPAA Summit24 The adoption of Federated Identity in healthcare is NOT a TECHNOLOGY issue it is a POLICY issue…

13th Annual HIPAA Summit25 So what are the barriers to adoption of Federated Identity? Some barriers include: Some barriers include: Individuals, organizations, governments face risk of loss of privacy, loss of data integrity, loss/theft of identity. Individuals, organizations, governments face risk of loss of privacy, loss of data integrity, loss/theft of identity. Currently, there is no coordinated government effort for identity management in healthcare. Currently, there is no coordinated government effort for identity management in healthcare. Chicken and egg scenario: Health care is delivered locally, but funding/payors are national organizations. Chicken and egg scenario: Health care is delivered locally, but funding/payors are national organizations.

13th Annual HIPAA Summit26 The Challenges Trust is implicitly legislated between government entities but does not mean it happens. Multiple stakeholders of different perspectives attitudes and objectives are involved. Tension between Federal and state and local and functional departments, or policy and operations. No mandate for use of specified architecture or standard (its coming!). Distributed governance without centralization of authority. Funding: Who and how to finance, Governance: Who and how to govern? Currently rare use of cross boundary/enterprise services within healthcare.

13th Annual HIPAA Summit27 What are the implications of delayed adoption of Federated Identity? Higher per transaction costs with diminished return benefit use of web-based services. For example, in the UK, only 5% of the population uses e- government based services: 34% of citizens polled indicated they would prefer not to use the internet for public services since it is not secure- ICM Hedra 2002 (similar in the US)34% of citizens polled indicated they would prefer not to use the internet for public services since it is not secure- ICM Hedra 2002 (similar in the US) 57% of senior level civil servants believe security concerns are impeding the public adoption of web-based e- government services -eGovernment Bulletin % of senior level civil servants believe security concerns are impeding the public adoption of web-based e- government services -eGovernment Bulletin 2003 Identity theft has become a major issue globally.

13th Annual HIPAA Summit28 So how do we encourage adoption of Federated Identity Management?

13th Annual HIPAA Summit29 Fostering adoption of web-based services for healthcare… Create the next generation architecture which supports user privacy features and security.Create the next generation architecture which supports user privacy features and security. Existing systems should be leveraged to the greatest extent possible across health care- cannot afford to rip and replace.Existing systems should be leveraged to the greatest extent possible across health care- cannot afford to rip and replace. Foster adoption of collaborative working models which address inter organizational issues.Foster adoption of collaborative working models which address inter organizational issues. Increase use of open standards.Increase use of open standards.

13th Annual HIPAA Summit30 ~ 150 diverse member companies and organizations representing leaders in IT, mobility, government, service provision, system integration and finance from across the globe Management Board and Sponsor members include: Who is the Liberty Alliance?

13th Annual HIPAA Summit31 Call to Action: Join Us! Become Engaged: Visit us at the Interoperability Demonstration Project See the specifications and white papers at: Become a member! For more information: Liberty brings value to our Healthcare members: Federated Identity Management plumbing standards that: Support key elements of NHIN interoperability Make it much easier for patients, providers and payers to share results of authentication Enable easier, faster HIPAA and other best practice compliance Conformance and compliance testing that assure base levels of interoperability and functionality

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.