Presentation is loading. Please wait.

Presentation is loading. Please wait.

Personal Guidance. Positive Change. SM Secure Access for Web-based Patient Portals and Applications Chris Brooks, Senior Vice President of Technology,

Published byAutumn Oulton Modified over 9 years ago

Similar presentations

Presentation on theme: "Personal Guidance. Positive Change. SM Secure Access for Web-based Patient Portals and Applications Chris Brooks, Senior Vice President of Technology,"— Presentation transcript:

1 Personal Guidance. Positive Change. SM Secure Access for Web-based Patient Portals and Applications Chris Brooks, Senior Vice President of Technology, WebMD Health Services October 30, 2013

2 MISSION: To provide expert guidance that inspires people to take charge of their health. WHAT WE DO: We offer health, wellness, and care transparency solutions that help large organizations with complex populations improve people’s health, productivity, and happiness. WHS Key Statistics 500 Employees Over 225 Customers Registered Users: 7.1 million Activated personal health records: 4.7 million Completed health assessments: 1.5 million per year

3 © WebMD Health Services Group, Inc. All rights reserved. 3 Meaningful Use of Electronic Health Records is a United States National Imperative This mandate isn’t just about improving care coordination and quality … it is also about patient engagement

4 © WebMD Health Services Group, Inc. All rights reserved. 4 Stage 2 of of the CMS Incentive Program Sets Goals for Patient Engagement  Core Measure 7: Provide patients the ability to view online, download and transmit their health information within four business days of the information being available to the EP.  Core Measure 17: Use secure electronic messaging to communicate with patients on relevant health information.

5 © WebMD Health Services Group, Inc. All rights reserved. 5 Electronic Health Information Providers Face Stringent Security and Privacy Requirements HIPAA Omnibus Rule for 2013: “Significant risk of harm” test replaced by more objective “probability of compromise” test.  Regulatory (HIPAA, HITECH) drivers  Patient / user trust and brand reputation

6 © WebMD Health Services Group, Inc. All rights reserved. 6 There are Competing Forces at Play When it Comes to Electronic Health Information Access  Ease of use and access from a wide range of devices (desktops, tablets, smartphones) is key to driving patient engagement Yet  Providers must still ensure robust authentication standards are in place

7 © WebMD Health Services Group, Inc. All rights reserved. 7 Example: Mobile App Authentication  WebMD Health Services recently shipped a native iOS and Android “tiny habits” app called “Daily Victory”  Key attributes:  No access to or sharing of personal health information  Allows user to share daily wellness activities with WebMD and a small social network  Authentication:  Initial authorization code to provision app  No password or PIN required  Revocable access

8 © WebMD Health Services Group, Inc. All rights reserved. 8 Evaluate Authentication Needs based on Risk and Engagement Requirements Sensitivity of InformationHighNone Engagement and Frequency of Use High / Frequent Low/ Infrequent Mobile Fitness Tracker Patient / Physician Communication Blood Sugar Tracker Health Information Research Personal Health Record “In Case of Emergency” E-cards? Provider Medical Imaging Mobile Viewer

9 © WebMD Health Services Group, Inc. All rights reserved. 9 How Might Authentication Approaches Map to this? HighNone Engagement and Frequency of Use High / Frequent Low/ Infrequent PIN auth Multi-factor Auth Strong Password “Remember Me” Risk-based Auth Sensitivity of Information

10 © WebMD Health Services Group, Inc. All rights reserved. 10 How Might Authentication Approaches Map to this? HighNone Engagement and Frequency of Use High / Frequent Low/ Infrequent PIN auth Multi-factor Auth Strong Password “Remember Me” Risk-based Auth Initial one-time authentication with optional or automatic “remember me” for future visits. Possible remote revocation (e.g., “forget this device”). Sensitivity of Information

11 © WebMD Health Services Group, Inc. All rights reserved. 11 How Might Authentication Approaches Map to this? HighNone Engagement and Frequency of Use High / Frequent Low/ Infrequent PIN auth Multi-factor Auth Strong Password “Remember Me” Risk-based Auth Short PIN or similar shorter- than-password code for application entry after initial authentication Sensitivity of Information

12 © WebMD Health Services Group, Inc. All rights reserved. 12 How Might Authentication Approaches Map to this? HighNone Engagement and Frequency of Use High / Frequent Low/ Infrequent PIN auth Multi-factor Auth Strong Password “Remember Me” Risk-based Auth Sensitivity of Information Full (presumably strong) password required for access to any personal information.

13 © WebMD Health Services Group, Inc. All rights reserved. 13 How Might Authentication Approaches Map to this? HighNone Engagement and Frequency of Use High / Frequent Low/ Infrequent PIN auth Multi-factor Auth Strong Password “Remember Me” Risk-based Auth Variable level of authentication based on pre-determined risk of both the current user session as well as the intended user activity. Sensitivity of Information

14 © WebMD Health Services Group, Inc. All rights reserved. 14 How Might Authentication Approaches Map to this? HighNone Engagement and Frequency of Use High / Frequent Low/ Infrequent PIN auth Multi-factor Auth Strong Password “Remember Me” Risk-based Auth Use at least two factors (know / has / is) for authentication. Rotating tokens, SMS codes, “dongles”, and biometrics are examples. Sensitivity of Information

15 © WebMD Health Services Group, Inc. All rights reserved. 15 Closing Thoughts Context is critical! Know your risks and adapt your approach accordingly. Engagement can suffer in the face of enhanced authentication strength. When appropriate, allow the user to manage their own risk.

16 Personal Guidance. Positive Change. SM Secure Access for Web-based Patient Portals and Applications Chris Brooks, Senior Vice President of Technology, WebMD Health Services October 30, 2013

Download ppt "Personal Guidance. Positive Change. SM Secure Access for Web-based Patient Portals and Applications Chris Brooks, Senior Vice President of Technology,"

Similar presentations

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.

Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.
HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.

HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.
Leading Change Melanie Nelson – Cerner Corporation

Leading Change Melanie Nelson – Cerner Corporation
© 2010 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. AT&T Security Consulting Risk.

© 2010 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. AT&T Security Consulting Risk.
 The Health Insurance Portability and Accountability Act of 1996.  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.

 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
1 Jan 2013 © 2002-2013 Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered.

1 Jan 2013 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered.
Understanding Meaningful Use Presented by: Allison Bryan MS, CHES December 7, 2012 Purdue Research Foundation 2012 Review of Stage 1 and Stage 2.

Understanding Meaningful Use Presented by: Allison Bryan MS, CHES December 7, 2012 Purdue Research Foundation 2012 Review of Stage 1 and Stage 2.
Lee Hang Lam Wong Kwun Yam Chan Sin Ping Wong Cecilia Kei Ka Mobile Phone OS.

Lee Hang Lam Wong Kwun Yam Chan Sin Ping Wong Cecilia Kei Ka Mobile Phone OS.
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
Security Controls – What Works

Security Controls – What Works
Virtual Event Solutions When Webconferencing is not the Right Tool Enterprises are turning to webcasting and virtual events to deliver their message to.

Virtual Event Solutions When Webconferencing is not the Right Tool Enterprises are turning to webcasting and virtual events to deliver their message to.
Proposed Meaningful Use Criteria for Stage 2 and 3 John D. Halamka.

Proposed Meaningful Use Criteria for Stage 2 and 3 John D. Halamka.
Secure Your Future Now ….. Logical Access Control and Data Security Brought to you by Support & Maintenance by DCS Global Info.

Secure Your Future Now ….. Logical Access Control and Data Security Brought to you by Support & Maintenance by DCS Global Info.
Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.

Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.
MEANINGFUL USE UPDATE 2014 Mark Huang, M.D. Chief Medical Information Officer Rehabilitation Institute of Chicago Associate Professor Department of PM.

MEANINGFUL USE UPDATE 2014 Mark Huang, M.D. Chief Medical Information Officer Rehabilitation Institute of Chicago Associate Professor Department of PM.
Adapting to a Mobile IT Landscape: From IT Silo to Enterprise Strategy Kimberly Hancher Chief Information Officer (CIO) U.S. Equal Employment Opportunity.

Adapting to a Mobile IT Landscape: From IT Silo to Enterprise Strategy Kimberly Hancher Chief Information Officer (CIO) U.S. Equal Employment Opportunity.
MARISA TORRIERI Associate Editor, Physicians Practice.

MARISA TORRIERI Associate Editor, Physicians Practice.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 5 Personal Health Records Electronic Health Records for Allied.

Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 5 Personal Health Records Electronic Health Records for Allied.
A First Look at Meaningful Use Stage 2 John D. Halamka MD.

A First Look at Meaningful Use Stage 2 John D. Halamka MD.

Similar presentations

Ads by Google