60 likes | 184 Views
Privacy and Security Workgroup. NSTIC Approach November 2 , 2012. January 1, 2016. The Identity Ecosystem: Individuals can choose among multiple identity providers and digital credentials for convenient, secure, and privacy-enhancing transactions anywhere, anytime. .
E N D
Privacy and Security Workgroup NSTIC Approach November 2, 2012
January 1, 2016 The Identity Ecosystem: Individuals can choose among multiple identity providers and digital credentials for convenient, secure, and privacy-enhancing transactions anywhere, anytime. Secure, online patient access to health information Streamlinedprovideraccess to multiple systems Privacy-enhancing Secure Interoperable Cost-effectiveand easy to use Ability to include identity attributes will enhance privacy Improved care through secure exchange of electronic medical records
Today – Patients and providers need multiple credentials OpenID/LOA1
Implementing 3rd Party Credentials Implementing 3rd Party Credentials adds complexities for EHR vendors Open ID/LOA1 OpenID/LOA1 PKI SAML/LOA3 SAML/LOA3 OpenID/LOA1 OpenID/LOA1
Middle Layer Authentication Service • Cloud based • Service authenticates users • Patients and providers can re-use credentials across multiple Health IT services • Translate between different protocols (open ID, PKI, SAML, etc.) • Passes verification of authentication to EHR
EHR Certification Criteria EHR Certification Criteria for Two-factor Authentication Authentication takes place in E H R system Provider EHR Provider EHR Third-Party Service Authentication takes place via third-party service