1 / 17

Electronic Submission of Medical Documentation (esMD) Identity Proofing Sub-Workgroup

Electronic Submission of Medical Documentation (esMD) Identity Proofing Sub-Workgroup. October 31, 2012. Schedule for Identity Proofing SWG. Standards for Identity Proofing. NIST 800-63-1 Level 4 Identity Proofing Requirements. FBCA Identification Requirements by Assurance Level.

azra
Download Presentation

Electronic Submission of Medical Documentation (esMD) Identity Proofing Sub-Workgroup

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Electronic Submission of Medical Documentation (esMD)Identity Proofing Sub-Workgroup October 31, 2012

  2. Schedule for Identity Proofing SWG

  3. Standards for Identity Proofing

  4. NIST 800-63-1 Level 4 Identity Proofing Requirements

  5. FBCA Identification Requirements by Assurance Level

  6. Gaps and Operational Issues • Policy for Individual Identity Proofing – NIST Assurance Level 4 • Policy for Organizational Identity Proofing (e.g. for group certificate) • Solicit additional criteria for organizational IdP as part of policy creation • Method for updating policy as environmental conditions change • May have specific requirements based on type of organization (e.g. DME) • PMD process – Ordering provider signs and send documents to DME which signs and submits to CMS • Need to address “revocation of identities” (e.g. person dies, organization no longer does business) – may have implications for claim/documentation submission post “revocation” • May need to consider legal issues with delegation for rights to corporations that must survive termination of the relationship. • RA federation (what is required from the RA IdP by the CA for credential issuance) (RA sends information in secure manner to CA) all defined in the CPS (Policy OID) • Policy for RA Certification (including duration and termination) • Policy and process for “certification” of certification agencies • Agreement by FBCA cross-certified CA’s to recognize the policies and process – may need to explore at FBCA level – Debbie and Wendy • Specifics • Biometrics required – NIST Assurance Level 4 • Policy for acceptance of prior in-person verification (antecedent) • Frequency and conditions for reapplication (max – 3 years?)

  7. Electronic Submission of Medical Documentation (esMD)Digital Signature and Delegation of Rights Sub-Workgroup October 31, 2012

  8. Schedule for Identity Proofing SWG

  9. Standards for Digital Signatures

  10. Standards for Delegation of Rights

  11. Gaps and Operational Issues • Elements of the signature artifact (specific standard that includes these elements) • Digest of Message • Time stamp • Purpose • Long term validation • Evidence Record e.g. RFC 4998 • Long-Term access to CRL (e.g. via OCSP) • Delegation of Rights • Proxy Certificates • Issues with creation, revocation, and industry support • Assertions • Issues with revocation • Both cases – need definition of rights granted, duration, …

  12. Additional Material – esMDAoR • Reference from prior AoR call materials

  13. esMD Initiative Overview Registration Authority Certificate Authority Provider Directories Gateway Provider Entity Payer Entity esMD UC 1: Provider Registration Contractors / Intermediaries Agent esMD UC 2: Secure eMDR Transmission Provider (Individual or Organization) Payer Payer Internal System esMD AoR Level 1 Digital Identities Bundle Signatures

  14. AoR -- Phased Scope of Work Level 1 – Current Focus • Focus is on signing a bundle of documents prior to transmission to satisfy an eMDR • Define requirements for esMD UC 1 and UC 2 Signature Artifacts • May assist with EHR Certification criteria in the future • Digital signature on aggregated documents (bundle) Level 2 - TBD Digital signature on an individual document • Focus is on signing an individual document prior to sending or at the point of creation by providers • Will inform EHR Certification criteria for signatures on patient documentation Level 3 - TBD • Digital signature to allow traceability of individual contributions to a document • Focus is on signing documents and individual contributions at the point of creation by providers • Will inform EHR Certification criteria for one or multiple signatures on patient documentation

  15. Topics for Digital Identities and AoR Workgroup Effort • Identity proofing • Digital identity management • Encryption • Digital signatures and artifacts • Delegation of Rights • Author of Record

  16. Initiative Requirement Summary

  17. User Story / Workflow • Overall User Story Components • All Actors obtain and maintain a non-repudiation digital identity • Provider registers for esMD (see UC1)* • Payer requests documentation (see UC2)* • Provider submits digitally signed document (bundle) to address request by payer • Payer validates the digital credentials, signature artifacts and, where appropriate, delegation of rights *User Stories for UC 1 and 2 have already been defined. Workgroup will help define bullets 1) and 4)

More Related