Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Jan 2013 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered.

Published byTerrence Heady Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Jan 2013 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered."— Presentation transcript:

1 1 Jan 2013 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off May 2014 Working Group Meeting May 6, 2014 CONSUMER IDENTITY AND PERSONAL HEALTH Presented by: Tim McKay, Ph.D., CISSP Kaiser Permanente

2 2 Jan 2013 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Agenda State of Online Consumer Identity Identity and Healthcare The Value of Individually Identifiable Health Information Identity Standards

3 3 Jan 2013 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Consumer Identity in 2014 A fragmented space of N of 1 solutions o One set of credentials = access to one service o Exceptions: facebook, Google o One factor dominant o Exceptions: Google, ebay, some financial institutions o No population sensitivity A (largely) self-asserted space Convenience over privacy o Site driven o Consumer driven

4 4 Jan 2013 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Consumer Identity in Healthcare Who you are matters... sometimes o Stand-alone app vs. connections to medical records Privacy matters... sometimes o HIPAA and non-HIPAA entities o Metadata and “anonymous” uses of data o Social media credential use Portability matters... sometimes o HIE initiated o Consumer initiated  Zero reuse of consumer credentials between health systems  No metadata standards to enable accurate record matching.  No accepted standards for account creation and maintenance.

5 5 Jan 2013 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Why is an individual’s health information of value to others? Use to obtain health care services o Physical o Virtual Use to market goods and services Use for general identity spoofing for financial gain o Demographic information o Financial information o Health information for targeted individuals  Sale of celebrity information  Blackmail Exercise control over another

6 6 Jan 2013 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Developing standards for consumer health identities Why are identity standards important? o Reduce inappropriate disclosure o Ensure the integrity of an individual’s medical record National Institute of Standards and Technology (NIST) 800-63-2 (Electronic Authorization) 800-162 (Role Based Access) National Solution for Trusted Identities in Cyberspace (NSTIC): Identity Solutions will be o Privacy enhancing and voluntary o Secure and resilient o Interoperable o Cost effective and easy to use Identity Ecosystem Steering Group o Promotes goals of NSTIC o Quarterly plenary—ongoing workgroups (including healthcare) o Focus on demonstration projects and an identity framework o Not currently planning to be a standards organization

7 7 Jan 2013 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Creating Consumer Health Identity Standards Account Creation and Identity Provisioning o Identity proofing o User ID rules o Password rules... or maybe not Authentication o Account controls o Multi-factor authentication o Biometric use Establishment of Account Proxy Identities Account Maintenance o Forgot user ID and forgot password o Account de-provisioning o Account reinstatement o Suspected fraudulent use Identity portability o Meta data for identity assertion o “Home” and “Guest” account rules

8 8 Jan 2013 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Issues Consumer Health Identity Standards Must Address Controls which backfire o Increasing password strength and length o Password expiration Controls which are population relevant o Who is the target user? o How are needs of vulnerable populations addressed? Controls which respect autonomy o Set minimum bars o Raise the bars for higher-risk transactions  Data transfer to third parties  New cross-entity identity assertions o Provide enhanced controls on an elective basis

9 9 Jan 2013 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks of Health Level Seven International, Inc. Reg. U.S. Pat & TM Off Consumer Identity and Personal Health THANK YOU Tim McKay tim.a.mckay@kp.org

Download ppt "1 Jan 2013 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered."

Similar presentations

Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March 11, 2015.

Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March 11, 2015.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.

HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.
Personal Guidance. Positive Change. SM Secure Access for Web-based Patient Portals and Applications Chris Brooks, Senior Vice President of Technology,

Personal Guidance. Positive Change. SM Secure Access for Web-based Patient Portals and Applications Chris Brooks, Senior Vice President of Technology,
1 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks.

1 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks.
Leveraging a Single Platform - Connecting a Statewide Healthcare Ecosystem Michigan Association of Health Plans Rick Murdock Executive Director Michigan.

Leveraging a Single Platform - Connecting a Statewide Healthcare Ecosystem Michigan Association of Health Plans Rick Murdock Executive Director Michigan.
Electronic Submission of Medical Documentation (esMD) for Medicare FFS Presentation to HITSC Provenance Workgroup January 16, 2015.

Electronic Submission of Medical Documentation (esMD) for Medicare FFS Presentation to HITSC Provenance Workgroup January 16, 2015.
IDESG Goals & Work-plans for 2013 and beyond Brett McDowell IDESG Management Council Chair

IDESG Goals & Work-plans for 2013 and beyond Brett McDowell IDESG Management Council Chair
Functional component terminology - thoughts C. Tilton.

Functional component terminology - thoughts C. Tilton.
Digital ID and Authentication as a Platform Peter Watkins.

Digital ID and Authentication as a Platform Peter Watkins.
Cross Sector Digital Identity Initiative March 12, 2014 Hearing on the National Strategy for Trusted Identities in Cyberspace (NSTIC) Cross Sector Digital.

Cross Sector Digital Identity Initiative March 12, 2014 Hearing on the National Strategy for Trusted Identities in Cyberspace (NSTIC) Cross Sector Digital.
1 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks.

1 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered trademarks.
Update on Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.

Update on Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.
Building Trusted Transactions Identity Authentication & Attribute Exchange In Public and Private Federations OASIS Conference September 2010 Joni Brennan,

Building Trusted Transactions Identity Authentication & Attribute Exchange In Public and Private Federations OASIS Conference September 2010 Joni Brennan,
Security of Computerized Medical Information: Threats from Authorized Users James G. Anderson, Ph.D. Purdue University.

Security of Computerized Medical Information: Threats from Authorized Users James G. Anderson, Ph.D. Purdue University.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
User Authentication Recommendations Transport & Security Standards Workgroup December 10, 2014.

User Authentication Recommendations Transport & Security Standards Workgroup December 10, 2014.
Five Easy Steps to Tech Transfer Using Knowledge Based Authentication in New Account Registration on KP.org Tim McKay, Ph.D., CISSP, SOUPS 2010.

Five Easy Steps to Tech Transfer Using Knowledge Based Authentication in New Account Registration on KP.org Tim McKay, Ph.D., CISSP, SOUPS 2010.
ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.

ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.

Similar presentations

Ads by Google