The digitalization of the world economy has created demand for privacy enhancing identity solutions that support civil liberties and improve security. Running parallel to the need for trusted identities in cyberspace is the need for identities to be interoperable so that individuals can manage multiple credentials and choose which to use for a particular transaction or activity. The demand to establish a more secure identity ecosystem requires solutions to be user friendly and convenient including equitable access to the tools that establish this online identity credential for everyone, not only the affluent.
Learn more about NSTIC’s work to help advance the initiative of establishing a trusted identity in cyberspace, what implications this could have on patient identification in healthcare, why choosing a patient identification platform that is standardized is critical, and more!
Generative AI for Technical Writer or Information Developers
National Association for Trusted Identities in Cyberspace - Establishing Trusted Identities in Cyberspace
1. M2SYS Healthcare Solutions
Free Online Learning Podcasts
Podcast length – 38:56
Topic: “Establishing a Trusted Identity in Cyberspace”
Background on NSTIC, Creating an Identity “Ecosystem,” The Impact of
Identity Theft, Right to Privacy, Value of Standards Based Patient ID in
Healthcare, NSTIC and the ONC, Interoperability, Trusted ID Reducing
Medical ID Theft, NSTIC Pilot Projects
Jim Shiere, Senior Advisor with the National Strategy for Trusted
Identities in Cyberspace (NSTIC)
and
2. Topics Covered in Podcast:
NSTIC Mission & Objectives – What is an Identity Ecosystem?
Processes & Structure to Meet NSTIC Goals
Trusted Identities – Why is Now the Right Time?
Balance Between Identities and Privacy
Value of a Trusted Identity for Patients in Healthcare
Identity Theft Implications
3. Topics Covered in Podcast (continued):
NSTIC and the ONC – Working Together to Created Trusted
Identities for Patients
The Value of A Standardized Biometric Patient Identification
Solution
Trusted Identity Impact on Medical Identity Theft
NSTIC Pilot Projects
4. NSTIC – National Strategy for Trusted Identities in Cyberspace
• Launched by the White House in 2011
• Main goal is to establish an “identity ecosystem”
• Individuals can voluntarily choose from a single or multiple digital
identities of their choice to conduct business on the Internet anywhere
at anytime
• Based on 4 fundamental guiding principles:
• Interoperability – If you choose an identity (Google for example) – you
have the opportunity to interoperably use it anywhere. Helps alleviate
the problem of creating a user name and password for each new site
you visit. Idea is to create one credential to be used anywhere.
• Security & Resiliency – Single factor authentication (e.g. – passwords)
are “hopelessly” broken and increasingly are a vector of attack – 60% of
network intrusions are a result of bad password management. NSTIC
envisions a way to replace the password with better
methods
NSTIC Mission & Objectives – What is a “Trusted
Identity?”
5. NSTIC Mission & Objectives – What is a “Trusted
Identity?” (continued)
• Multi-factor authentication seen as a more secure identity
• Privacy – How can we foster the creation of an identity ecosystem that
presents privacy enhancing options to individuals?
• Current interoperable sign on credentials don’t allow for a clear
understanding of what privacy controls are in place to protect
information
• NSTIC looking to enshrine better privacy policies to foster more
control over personal information
• Usability – any online, interoperable credential solution should be easy
to use and convenient
Processes and Structure
• What is NSTIC doing to foster the vision of an identity ecosystem?
• Thrust #1: Funding – providing pilot project funding to private company
projects who are innovating and launching initiatives to help advance
the principles of an identity ecosystem and catalyze the market for
these solutions
6. Processes & Structure to Meet NSTIC Goals
• Pilot Example – American Association of Motor Vehicle Administration
(AAMVA) and the INOVA Healthcare System (based in Virginia)
• Pilot basis – How can INOVA patients access their online records
using a Google or Microsoft account for login to avoid having to
create a new account. The AAMVA will automatically proof your
identity so INOVA can grant authorization.
• NSTIC has awarded over $17 in funding to the private sector and
several states for pilots
• Thrust #2: Lead federal government – rallying the government sector to
be early adopters to the “identity ecosystem”
• Example – “Federal Cloud Credential Exchange” – government is
deploying a platform to accept third party credentialing to access
government services. Idea is to move more government services
online in a cost effective and efficient way but still follow security
and privacy guidelines.
7. Processes & Structure to Meet NSTIC Goals
• Expect to hear more in the coming months about which
government agencies will be deploying the trusted identity
initiative
• Thrust #3: Facilitating private sector led groups – referred to as “The
Identity Ecosystem Steering Group” (IDSG) to convene the private sector
to establish a framework of rules, policies and standards which will
provide the policy foundation for how the private sector can leverage
the identity ecosystem
• NSTIC provided grant funding to support the group for the first two
years, the group has since transformed into an independent entity
• If individuals or business are looking to play a larger role in the
initiative, participation in the IDSG is a great place to engage
(www.idecosystem.org) – open to all (businesses, individuals, non-
profits, etc.)
• Many IDSG stakeholders groups exist that cover a range of topics
(state and local governments, privacy, etc.)
8. Trusted Identities – Why is Now the Right Time?
• The “hopelessly broken” nature of user names and passwords
• Increasingly a vector of attack for criminals to access sensitive
information to enable identity theft and other forms of fraud
• NSTIC’s goals are aimed to provide more usable and secure identity
credentialing solutions to provide a safer way to do business online and
build consumer trust
• NSTIC envisions a better way forward to authenticate ourselves online
by playing more of a “facilitator” role and support entities
• Ultimately, it’s the private sector that will step up and provide tools and
tech for more secure online transactions
• There needs to be a more open and comprehensive study and
discussion on the issue of privacy and how it impacts the creation of an
identity ecosystem
• Urgency exists to solidify a national strategy – now is the right time
9. Identity Theft Implications
• The proliferation of data available on individuals to provide better
products and services online has fueled the rise in ID theft – in other
words, the quest to improve product and service quality seeded the
growth of ID theft cases
• NSTIC has stepped in to help change the thought process of online
individual information and shift the focus to privacy and protection
• NSTIC asks the question – if you are sharing information online for
business transactions, why is it necessary to share anything other
than basic information necessary to complete the transaction?
• NSTIC is focusing on the concept of “data minimization”
• Identity theft erodes consumer trust in online transactions
• NSTIC believes it can build a better set of online identity tools to
minimize risk and increase privacy
10. Balance Between Identities and Privacy
• Privacy remains a fundamental guiding principle of the national strategy
for online trusted identities
• NSTIC is focused on ensuring that privacy advocates have a seat at the
table to help mold the online identity initiative and how the identity
ecosystem will evolve
• Another way NSTIC is promoting privacy enhancing solutions is through
the Federal Cloud Credential Exchange (FCCX) which enshrines the fair
information practice princples – learn more at:
www.nist.gov/nstic/fccx.html
Did you know?
A copy of NSTIC’s strategy is available online. You
can access a copy by following this link:
www.whitehouse.gov/sites/default/files/rss_vie
wer/NSTICstrategy_051511.pdf
11. • At heart of NSTIC and Office of the National Coordinator for Health
Information Technology (NSTIC) collaboration is looking at how NSTIC’s
drive to establish trusted identities (identities that provide security and
privacy – both important in the context of HIPAA)
• Identity ecosystem that NSTIC envisions allows patients to have
voluntary access to identity credentials with stronger privacy and
security enhancing features
• This fits into the ONC strategy of open access to health data with more
secure, safe, and privacy enhancing tools
• Viewing, downloading and exchange of health data information is
enabled through a trusted identity ecosystem
• Patients want the assurance that their private health data is being
adequately protected during the access and exchange process
• Trusted identities help to advance the goal of true interoperability
• ONC is actively engaged in the IDSG and follow several pilots closely
(INNOVA)
Value of a Trusted Identity for Patients in Healthcare
How the ONC and NSTIC are Working Together
12. The Value of A Standardized Biometric Patient
Identification Solution
• NSTIC’s role isn’t to point to specific methods of authentication for the
market – instead their role is a facilitator of pilot projects, opening
dialog, and ensuring all stakeholders have a seat at the table
• NSTIC focuses on allowing private entities to factor in identity
management technologies as part of the overall solution
• Most people understand the value of standards based identity
management approaches – fundamentally important for the overall
identity management ecosystem moving forward (enshrined in NSTIC
interoperability principles)
• Overall, patient identification standards based solutions are getting a
close look as a piece of the overall identity ecosystem
13. Most Effective Security Technologies to Protect
Patient Data Access
• The shift from paper to electronic health records necessitates a shift
change in how to effectively protect patient data
• Patient data information used to be limited and siloed – the advent of
EHR’s, HIEs, Meaningful Use mandates, and an increased interest in
leveraging the power of big data to perform population management
has increased the availability of electronic information that is easier to
transport (and steal)
• Critical that a security protocol be in established & observed to:
• Validate a patient’s identity & ensure they are who they say they are
both in person and online (e.g. – patient portals)
• Biometrics for patient identification is increasing and a viable tool to
verify a patient’s identity with near 100% accuracy – can also be used at
each touch point along the continuum of care to authenticate identity
before service/procedure is rendered
14. Trusted Identity Impact on Medical Identity Theft
• NSTIC is specifically coordinating its efforts to establish a trusted identity
precisely to help stem the rising tide of medical ID theft
• Medical identity theft looming crisis demands better ways for patients to
access health data online especially in the wake of increased adoption of
electronic health records (EHRs)
• NSTIC timing was ideal for the healthcare industry as the struggles to
protect identities increases
• NSTIC provides a set of tools and fosters an ecosystem that enables
patient trust
• ONC’s vision of open, secure, and private access to health data is
manifested in NSTIC’s initiatives with an improved approach to identity
• Pilots within federal government provide valuable case studies to help
advance trusted identities in healthcare
• Expect to see continued dialog and collaboration between ONC and
NSTIC to stem medical ID theft with more secure trusted identities
15. NSTIC Pilot Projects
INNOVA
• Pilot premise is to help enable more convenient yet secure ways for
patients to log in and access their health data online
• Prior to patients logging into a portal for access to health data, a
customized list of questions only the patient would know the answers to
is provided by the Virginia MVA
• Establishes much stricter security protocols for online healthcare data
access
• Provides a much more authoritative resource for verifying patient
identities
• Creating growing interest in healthcare for access to a powerful set of
tools to better verify patient identities while creating convenience and
fostering privacy
16. Thank you to Jim for his time and
knowledge on this podcast!
Please follow NSTIC on Twitter
(@nsticnpo) and visit their Web site at:
www.nist.gov/nstic@nstic or check out
their blog at: www.nist.gov/blog.html
17. John Trader
Director of Communications
M2SYS Healthcare Solutions
1050 Crown Pointe Pkwy.
Suite 850
Atlanta, GA 30338
jtrader@m2sys.com
770-821-1734
www.m2sys.com/healthcare
Podcast home page: http://www.m2sys.com/healthcare/healthcare-biometrics-
podcasts/
: twitter.com/rightpatient
: facebook.com/rightpatient
: linkedin.com/company/m2sys-technology
Contact Information