Presentation is loading. Please wait.

Presentation is loading. Please wait.

Electronic Submission of Medical Documentation (esMD) Identity Proofing Sub-Workgroup October 31, 2012.

Published byBarbra Lyons Modified over 9 years ago

Similar presentations

Presentation on theme: "Electronic Submission of Medical Documentation (esMD) Identity Proofing Sub-Workgroup October 31, 2012."— Presentation transcript:

1 Electronic Submission of Medical Documentation (esMD) Identity Proofing Sub-Workgroup October 31, 2012

2 Schedule for Identity Proofing SWG DateTopicDeliverable(s) September 26, 2012Standards (NIST/FBCA) List and review of standards October 3, 2012Industry examplesList and review industry examples October 10, 2012Requirements for identity Requirements for individuals and organizations October 17, 2012RA requirements“Certification” process for RAs October 24, 2012RA processesCombine RA with …, frequency, revocation October 31, 2012Gaps in policy and standards Identify gaps in standards, process and policy and make recommendations November 7, 2012Review SWG recommendation Review final report

3 Standards for Identity Proofing Document LinkTitle & Version / NotesDate NIST SP 800-63-1Electronic Authentication GuidelineDec 2011 FBCA X.509 Certificate Policy X.509 Certificate Policy for the Federal Bridge Certification Authority, Version 2.25 Dec 9 2011 FICAM Roadmap and Implementation Guidance Federal Identity, Credential, and Access Management Roadmap and Implementation Guidance, Version 2.0 Dec 2 2011

4 NIST 800-63-1 Level 4 Identity Proofing Requirements In PersonRemote Basis for issuing credentials In-person appearance and verification of: a)a current primary Government Picture ID that contains Applicant’s picture, and either address of record or nationality of record (e.g., driver’s license or passport), and; b)either a second, independent Government ID document that contains current corroborating information (e.g., either address of record or nationality of record), OR verification of a financial account number (e.g., checking account, savings account, loan or credit card) confirmed via records. Not Applicable RA and CSP actions Primary Photo ID: RA inspects photo-ID and verifies via the issuing government agency or through credit bureaus or similar databases. Confirms that: name, DoB, address, and other personal information in record are consistent with the application. Compares picture to Applicant and records ID number. Secondary Government ID or financial account a)RA inspects secondary Government ID and if apparently valid, confirms that the identifying information is consistent with the primary Photo-ID, or; b)RA verifies financial account number supplied by Applicant through record checks or through credit bureaus or similar databases, and confirms that: name, DoB, address, and other personal information in records are on balance consistent with the application and sufficient to identify a unique individual. [Note: Address of record shall be confirmed through validation of either the primary or secondary ID.] Current Biometric RA records a current biometric (e.g., photograph or fingerprints) to ensure that Applicant cannot repudiate application. Credential Issuance CSP issues credentials in a manner that confirms address of record. Not Applicable

5 FBCA Identification Requirements by Assurance Level LevelIdentification Requirements Medium (all policies) Identity shall be established by in-person proofing before the Registration Authority, Trusted Agent or an entity certified by a State or Federal Entity as being authorized to confirm identities; information provided shall be verified to ensure legitimacy. A trust relationship between the Trusted Agent and the applicant which is based on an in-person antecedent may suffice as meeting the in-person identity proofing requirement. Credentials required are one Federal Government-issued Picture I.D., one REAL ID Act compliant picture ID1, or two Non-Federal Government I.D.s, one of which shall be a photo I.D. (e.g., Non-REAL ID Act compliant Drivers License). Any credentials presented must be unexpired. Clarification on the trust relationship between the Trusted Agent and the applicant, which is based on an in-person antecedent identity proofing event, can be found in the “FBCA Supplementary Antecedent, In-Person Definition” document. For PIV-I, credentials required are two identity source documents in original form. The identity source documents must come from the list of acceptable documents included in Form I-9, OMB No. 1115-0136, Employment Eligibility Verification. At least one document shall be a valid State or Federal Government-issued picture identification (ID). For PIV-I, the use of an in-person antecedent is not applicable.

6 Gaps and Operational Issues Policy for Individual Identity Proofing – NIST Assurance Level 4 Policy for Organizational Identity Proofing (e.g. for group certificate) Solicit additional criteria for organizational IdP as part of policy creation Method for updating policy as environmental conditions change May have specific requirements based on type of organization (e.g. DME) PMD process – Ordering provider signs and send documents to DME which signs and submits to CMS Need to address “revocation of identities” (e.g. person dies, organization no longer does business) – may have implications for claim/documentation submission post “revocation” May need to consider legal issues with delegation for rights to corporations that must survive termination of the relationship. RA federation (what is required from the RA IdP by the CA for credential issuance) (RA sends information in secure manner to CA) all defined in the CPS (Policy OID) o Policy for RA Certification (including duration and termination) o Policy and process for “certification” of certification agencies o Agreement by FBCA cross-certified CA’s to recognize the policies and process – may need to explore at FBCA level – Debbie and Wendy Specifics Biometrics required – NIST Assurance Level 4 Policy for acceptance of prior in-person verification (antecedent) Frequency and conditions for reapplication (max – 3 years?)

7 Electronic Submission of Medical Documentation (esMD) Digital Signature and Delegation of Rights Sub-Workgroup October 31, 2012

8 Schedule for Identity Proofing SWG DateTopicDeliverable(s) September 26, 2012StandardsList and review of standards October 3, 2012Standards and industry examples List and review of additional standards industry examples October 10, 2012Transaction and AoR digital signature and delegation process Document digital signature and delegation of rights process October 17, 2012Transaction and AoR signature and delegation artifacts Document digital signature and delegation of rights artifacts October 24, 2012Validation process for non-repudiation review Document validation process with assurance of non-repudiation of signer and delegation(s) October 31, 2012Gaps in policy and standards Identify gaps in standards, process and policy and make recommendations November 7, 2012Review SWG recommendation Review final report

9 Standards for Digital Signatures Standard and LinkIssued byVersion / Date FBCA X.509 Certificate Policy X.509 Certificate Policy for the Federal Bridge Certification Authority, Version 2.25 Dec 9 2011 FIPS PUB 186-3Digital Signature StandardJun 2009 XML DigSig XML Signature Syntax and Processing (Second Edition), W3C Recommendation Jun 10 2008

10 Standards for Delegation of Rights Standard and LinkIssued byVersion / Date OASIS SAML Assertions Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML), Version 2.0 All SAML v2.0 files Mar 15 2005 IETF RFC 3820Internet X.509 Public Key Infrastructure Proxy Certificate Profile Jun 2004

11 Gaps and Operational Issues Elements of the signature artifact (specific standard that includes these elements) Digest of Message Time stamp Purpose Long term validation Evidence Record e.g. RFC 4998 Long-Term access to CRL (e.g. via OCSP) Delegation of Rights Proxy Certificates Issues with creation, revocation, and industry support Assertions Issues with revocation Both cases – need definition of rights granted, duration, …

12 Additional Material – esMD AoR Reference from prior AoR call materials

13 Provider Entity Payer Entity esMD Initiative Overview Payer Provider (Individual or Organization) Provider (Individual or Organization) Contractors / Intermediaries Agent Payer Internal System Gateway esMD UC 2: Secure eMDR Transmission esMD UC 1: Provider Registration esMD AoR Level 1 Digital Identities Bundle Signatures Certificate Authority Registration Authority Provider Directories

14 AoR -- Phased Scope of Work 14 Level 1 – Current Focus Level 2 - TBD Level 3 - TBD Digital signature on aggregated documents (bundle) Digital signature to allow traceability of individual contributions to a document Digital signature on an individual document Focus is on signing a bundle of documents prior to transmission to satisfy an eMDR Define requirements for esMD UC 1 and UC 2 Signature Artifacts May assist with EHR Certification criteria in the future Focus is on signing an individual document prior to sending or at the point of creation by providers Will inform EHR Certification criteria for signatures on patient documentation Focus is on signing documents and individual contributions at the point of creation by providers Will inform EHR Certification criteria for one or multiple signatures on patient documentation

15 Topics for Digital Identities and AoR Workgroup Effort 1.Identity proofing 2.Digital identity management 3.Encryption 4.Digital signatures and artifacts 5.Delegation of Rights 6.Author of Record 15

16 Initiative Requirement Summary InitiativeIdentify Proofing Digital Identity Management Signing (Exchange Artifact) Encryption Delegation of Rights Author of Record DS4POrg/IndividualYes Direct ProjectAddress/ServerYes No esMDOrg/IndividualYes Healthcare Directories Org/IndividualYes No LCCOrg/IndividualYes Query HealthOrg/IndividualYes No Transitions of Care Org/IndividualYes 16 Mandatory Optional with consequences Optional Future Uses

17 User Story / Workflow Overall User Story Components 1)All Actors obtain and maintain a non-repudiation digital identity 2)Provider registers for esMD (see UC1)* 3)Payer requests documentation (see UC2)* 4)Provider submits digitally signed document (bundle) to address request by payer 5)Payer validates the digital credentials, signature artifacts and, where appropriate, delegation of rights *User Stories for UC 1 and 2 have already been defined. Workgroup will help define bullets 1) and 4)

Download ppt "Electronic Submission of Medical Documentation (esMD) Identity Proofing Sub-Workgroup October 31, 2012."

Similar presentations

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Electronic Submission of Medical Documentation (esMD) Face to Face Informational Session esMD Requirements, Priorities and Potential Workgroups – 2:00pm.

Electronic Submission of Medical Documentation (esMD) Face to Face Informational Session esMD Requirements, Priorities and Potential Workgroups – 2:00pm.
© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.

© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
EsMD Author of Record L1 Use Case Meeting Friday, August 3, 2012.

EsMD Author of Record L1 Use Case Meeting Friday, August 3, 2012.
Department of Health and Human Services Personal Identity Verification Training APPLICANT.

Department of Health and Human Services Personal Identity Verification Training APPLICANT.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
PPA Use Case Context Diagram – Information Exchange Paths – General Case 0 Payer Organization Payer Organization Provider / Provider Organization Contractors.

PPA Use Case Context Diagram – Information Exchange Paths – General Case 0 Payer Organization Payer Organization Provider / Provider Organization Contractors.
Electronic Submission of Medical Documentation (esMD) for Medicare FFS Presentation to HITSC Provenance Workgroup January 16, 2015.

Electronic Submission of Medical Documentation (esMD) for Medicare FFS Presentation to HITSC Provenance Workgroup January 16, 2015.
Electronic Submission of Medical Documentation (esMD) to DirectTrust.org December 3, 2014.

Electronic Submission of Medical Documentation (esMD) to DirectTrust.org December 3, 2014.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.

ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.
Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct, 17 2012.

Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,
The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,

The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
Federal Approach to Electronic Credentials For services to citizens, businesses, other governments, and employees Mary J. Mitchell Office of Electronic.

Federal Approach to Electronic Credentials For services to citizens, businesses, other governments, and employees Mary J. Mitchell Office of Electronic.
Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.

Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.
Electronic submission of Medical Documentation (esMD) Author of Record Presentation to HITSC July 17, 2013 MELANIE COMBS-DYER, RN Deputy Director, Provider.

Electronic submission of Medical Documentation (esMD) Author of Record Presentation to HITSC July 17, 2013 MELANIE COMBS-DYER, RN Deputy Director, Provider.
I DENTITY M ANAGEMENT Joe Braceland Mount Airey Group, Inc.

I DENTITY M ANAGEMENT Joe Braceland Mount Airey Group, Inc.

Similar presentations

Ads by Google