Health Identity Management and Role-Based Access Control in a Federated NHIN Model The e-Authentication Project Phase 3 Co-presenters: Richard Moore, President eHealth Ohio and John Fraser, CEO MEDNETWorld.com Presented to: HIMSS 2009

Abstract Nationwide Health Information Network (NHIN) requires the secure connection of health organizations within and across state borders. The e-Authentication Pilot Study Phase 2 concluded in the development of a healthcare specific configuration of a Shibboleth network architecture and the development of healthcare related directory objects for role-based authorization. The technology was successfully demonstrated at the HIMSS 2008 IHE Showcase and is a part of the NHIN2. Phase 3 software improvements include Shibboleth 2.x and SAML 2.x for protocol, assertions and bindings. Phase 3 expands supported services including; Record Location Services (RLS), proprietary Electronic Health Records (EHR), Personal Health Record Service (PHR) and Public Health Immunization Record Services. Also by incorporating virtual server technology Phase 3 reduces the time to implementation and ongoing administrative support of a network.

Nationwide Health Information Network (NHIN) requires the secure connection of health organizations within and across state borders. The e-Authentication Pilot Study Phase 2 concluded in the development of a healthcare specific configuration of a Shibboleth network architecture and the development of healthcare related directory objects for role-based authorization.

The technology was successfully demonstrated at the HIMSS 2008 IHE Showcase and is a part of the NHIN2. Phase 3 software improvements include Shibboleth 2.x and SAML 2.x for protocol, assertions and bindings.

Phase 3 expands supported services including; Record Location Services (RLS), proprietary Electronic Health Records (EHR), Personal Health Record Service (PHR) and Public Health Immunization Record Services. Also by incorporating virtual server technology Phase 3 reduces the time to implementation and ongoing administrative support of a network.

HIMSS description of benefits Primary Objective The e-Authentication Project investigates open source, national/international standards and virtual server solutions to a secure NHIN. Benefits Audience will gain an understanding how Federal standards for Identity management and Authentication as defined by the GSA, NIST, ASTM, HL7, HITSP, IHE, OASIS, Internet2 and Liberty Alliance can be used by RHIOs for federated single sign-on. Learn how open source software developed by the International Internet2 project and funded by the National Science Foundation can be leveraged for role-based authorization by RHIOs. Learn how multiple state RHIOs can form a trust network that minimizes the burden on the user to securely access information. Learn how virtual server use can reduce the time to implementation and ongoing administrative support of a network.

Primary Objective

The e-Authentication Project investigates open source, national/international standards and virtual server solutions to a secure NHIN.

Benefits

Audience will gain an understanding how Federal standards for Identity management and Authentication as defined by the GSA, NIST, ASTM, HL7, HITSP, IHE, OASIS, Internet2 and Liberty Alliance can be used by RHIOs for federated single sign-on. Learn how open source software developed by the International Internet2 project and funded by the National Science Foundation can be leveraged for role-based authorization by RHIOs. Learn how multiple state RHIOs can form a trust network that minimizes the burden on the user to securely access information. Learn how virtual server use can reduce the time to implementation and ongoing administrative support of a network.

Talk Outline The Vision e-Authentication Project Introducing Nationwide Health Information Network (NHIN) NHIN Security Overview Shibboleth introduction and recent projects Projects Phases 1-3 Federation and NHIN A connected health care system Phase 4 & Next Steps

The Vision

e-Authentication Project

Introducing Nationwide Health Information Network (NHIN)

NHIN Security Overview

Shibboleth introduction and recent projects

Projects Phases 1-3

Federation and NHIN

A connected health care system

Phase 4 & Next Steps

The Vision Health information exchange is a pioneering effort Scouting Parties Established Communities Pioneering Settlers Established guidance and standards Federal Guidance – GSA, NIST, Agencies, ONC, HIPAA Standards – HITSP, HL7, IHE, OASIS, X12, ISO Solutions – Vendors, Open Source, Internet2 Accreditation – CCHIT, Liberty IAF/IAG e-Authentication Project focus “Rough consensus, running code.”

Health information exchange is a pioneering effort

Scouting Parties

Established Communities

Pioneering Settlers

Established guidance and standards

Federal Guidance – GSA, NIST, Agencies, ONC, HIPAA

Standards – HITSP, HL7, IHE, OASIS, X12, ISO

Solutions – Vendors, Open Source, Internet2

Accreditation – CCHIT, Liberty IAF/IAG

e-Authentication Project focus

“Rough consensus, running code.”

Who : HIMSS and The General Services Administration (GSA) When : 2006, early 2007 Purpose : Demonstrate federally approved authentication services What : Pilot used Electronic Authentication Service Components established under Homeland Security Presidential Directive HSPD 12, Policy for a Common Identification Standard for Federal Employees and Contractors. Pilot Participants : Seven Regional Health Information Organizations (RHIOs)/health information exchanges (IHEs) and ORC, Inc. Federal Certificate Authority. HIMSS/GSA eAuthentication Project

Who : HIMSS and The General Services Administration (GSA)

When : 2006, early 2007

Purpose : Demonstrate federally approved authentication services

What : Pilot used Electronic Authentication Service Components established under Homeland Security Presidential Directive HSPD 12, Policy for a Common Identification Standard for Federal Employees and Contractors.

Pilot Participants : Seven Regional Health Information Organizations (RHIOs)/health information exchanges (IHEs) and ORC, Inc. Federal Certificate Authority.

Phase 1 – 8 Participants - 2006 GSA: ORC, Inc. ACES Certificate Authority CT: e-Health Connecticut MI: Michigan Data Sharing & Transaction Infrastructure Project TX: CHRISTUS Health, Health eCities of Texas Project MN: Community Health Information Collaborative OH: eHealth Ohio/OSC Bioinformatics OH: Virtual Medical Network NV: Single Portal Medical Record Project

GSA: ORC, Inc. ACES Certificate Authority

CT: e-Health Connecticut

MI: Michigan Data Sharing & Transaction Infrastructure Project

TX: CHRISTUS Health, Health eCities of Texas Project

MN: Community Health Information Collaborative

OH: eHealth Ohio/OSC Bioinformatics

OH: Virtual Medical Network

NV: Single Portal Medical Record Project

Multiple RHIOs can agree and implement a common framework for the policies, procedures, and standards for federated identity authentication across multiple use cases. The Federal e-Authentication infrastructure is relevant and applicable to use cases for RHIOs in diverse operational environments. PKI, as a standard for strong authentication, can be deployed uniformly across multiple RHIOs. The Federal PKI and its trusted Federal Credential Service Providers can be leveraged for use in multiple use cases across multiple RHIOs. For RHIOs, local registration authorities and local enrollment are viable for larger scale deployments to provide for strong authentication using Federal e-Authentication components. Hardware tokens (i.e., smart cards, flash drives) are viable for RHIO deployment of level 4 authentication assurance. The results were published in the HIMSS Whitepaper: HIMSS/GSA National e-Authentication Project Whitepaper, 6/2007 Phase 1 – Results

Multiple RHIOs can agree and implement a common framework for the policies, procedures, and standards for federated identity authentication across multiple use cases.

The Federal e-Authentication infrastructure is relevant and applicable to use cases for RHIOs in diverse operational environments.

PKI, as a standard for strong authentication, can be deployed uniformly across multiple RHIOs.

The Federal PKI and its trusted Federal Credential Service Providers can be leveraged for use in multiple use cases across multiple RHIOs.

For RHIOs, local registration authorities and local enrollment are viable for larger scale deployments to provide for strong authentication using Federal e-Authentication components.

Hardware tokens (i.e., smart cards, flash drives) are viable for RHIO deployment of level 4 authentication assurance.

The results were published in the HIMSS Whitepaper: HIMSS/GSA National e-Authentication Project Whitepaper, 6/2007

Phase 2 – 5 Participants - 2007/2008 CT: e-Health Connecticut MN: MEDNET, USA MN: Community Health Information Collaborative (CHIC) OH: eHealth Ohio OH: Virtual Medical Network

CT: e-Health Connecticut

MN: MEDNET, USA

MN: Community Health Information Collaborative (CHIC)

OH: eHealth Ohio

OH: Virtual Medical Network

Shibboleth network servers for Identity and Service Provders were established. Simplified Role-Based Access for Referrals and Emergency scenarios were tested successfully. The Shibboleth solution was incorporated into the IHE Interoperability Showcase for The HIMSS Annual Meeting in 2/2008. The results were presented at the HIMSS Annual meeting 2/2008. Phase 2 – Results

Shibboleth network servers for Identity and Service Provders were established.

Simplified Role-Based Access for Referrals and Emergency scenarios were tested successfully.

The Shibboleth solution was incorporated into the IHE Interoperability Showcase for The HIMSS Annual Meeting in 2/2008.

The results were presented at the HIMSS Annual meeting 2/2008.

Phase 2 Federation Test – MN & OH CHIC Hospital, Portal CHIC Clinic, Connecticut e-Health eHealth Ohio, VMN Test server MN Shibboleth IdP Service Providers Internet Physician Users VMN Shibboleth IdP

Examples of Role Identification 397897005 146N00000X, 146M00000X, 146D00000X Emergency Medical Technician Emergency Services 66862007 R 2085XX Radiologist 80584001 P 2084P0800X Psychiatrist 159034004 4 213EXX Podiatrist (DPM) 61207006 CLP 207ZXX Pathologist 33 175F00000X Naturopath 175L00000X Homeopath 112247003 GP 1 204XX, 207XX, 208XX, 209XX MD/Allopath 76231001 GP 7 204XX, 207XX, 208XX, 209XX DO/Osteopath 3842006 5 111NXX Chiropractor (DC) SNOMED CT ABMS CAQH ASTM - NUCC Taxonomy Physician

Selected ISO 21091 Directory OIDs HcConsumer 1.0.21091.1.1 HcProfessional 1.0.21091.1.2 HcEmployee 1.0.21091.1.3 HcPayer 1.0.21091.1.5 HcStandardRole 1.0.21091.1.8 HcLocalRole 1.0.21091.1.9 HcDevice 1.0.21091.1.11

Example Roles between HIEs: User Role from Identity Providers HIE (1) HIE (2) HIE (3) John Fraser BasicMember Richard Moore Administrator Physician A Dr. Smith Physician B First Responder

Phase 3 – 2008/2009 The Original Focus of Phase 3 was to extend the Role-Based Access Model and scalability. A Record Locator Services was successfully added. CHIC was selected for the NHIN2 development and NHIN work took precedence for 2008. Based on the participation in the NHIN, the e-Authentication project is now a portal to the NHIN. Scalability gains were achieved by using virtualization of servers to reduce maintenance and application deployment. Streamlining certificate provisioning.

The Original Focus of Phase 3 was to extend the Role-Based Access Model and scalability.

A Record Locator Services was successfully added.

CHIC was selected for the NHIN2 development and NHIN work took precedence for 2008.

Based on the participation in the NHIN, the e-Authentication project is now a portal to the NHIN.

Scalability gains were achieved by using virtualization of servers to reduce maintenance and application deployment.

Streamlining certificate provisioning.

Secure & Federated Vision Who am I - Need to federate, or share identities Too many passwords – too little security! Do you trust me - standardized PKI security Liberty Alliance’s IAF framework SAFE Biopharma global infrastructure What do you want – standardize services NHIN Core Services Other standardized Web Services (SOAP)

Who am I - Need to federate, or share identities

Too many passwords – too little security!

Do you trust me - standardized PKI security

Liberty Alliance’s IAF framework

SAFE Biopharma global infrastructure

What do you want – standardize services

NHIN Core Services

Other standardized Web Services (SOAP)

Nationwide Health Information Network Developed by Department of Health and Human Services 18 initial participants Internet-based, uses existing Internet standards Web Services based with SAML security No centralized servers / control Moving into production in 2009

Developed by Department of Health and Human Services

18 initial participants

Internet-based, uses existing Internet standards

Web Services based with SAML security

No centralized servers / control

Moving into production in 2009

NHIN Connectivity Overview Your existing sites Your organizations network Feds: SSA, DoD, VA, CDC, etc Nationwide Health Information Network - NHIN INTERNET Payers Providers State & Local Health Information Exchanges (HIE)

NHIN Foundation - Web Services Provide a standard platform for health care messaging All communications are standardized SOAP/Web Services messages described with WSDL Leverage proven standards only Web Services Interoperability (WS-I) Basic Profile 1.2 Basci Security Profile 1.1 Open Source implementations – no vendor lock

Provide a standard platform for health care messaging

All communications are standardized SOAP/Web Services messages described with WSDL

Leverage proven standards only

Web Services Interoperability (WS-I)

Basic Profile 1.2

Basci Security Profile 1.1

Open Source implementations – no vendor lock

NHIN Foundation – Web Services Standards Used Standard Version Description SOAP (Simple Object Access Protocol) 1.1 Describes XML message standard WSDL (Web Services Description Language) 1.1 Describes the SOAP/Web Services messages MTOM (Message Transmission Optimization Mechanism ) 1.0 SOAP message attachments standard WS-Addressing 1.0 Message routing information HTTP 1.1 Standard web connection for SOAP message exchanges UDDI 3.0.2 Service Registry of NHIN services

NHIN Foundation – Web Services Security Standards Used Standard Version Description TLS (Transport Layer Security) 1.0 Similar to SSL – used to encrypt data per connection Digital Certificates x.509v3 Standard digital certificates XML Signature 1.0 Provides digital signature of messages SAML 2.0 Who am I – asserts identity of sender in small XML message

NHIN Foundation – Message Security Authenticated Secure Not subject to later repudiation NHIN implementing Public Key Infrastructure (PKI), based on X.509 certificates Basis of trust at the implementation level is a shared Certificate Authority chartered by NHIN governance body Messages between HIEs must be:

Authenticated

Secure

Not subject to later repudiation

NHIN implementing Public Key Infrastructure (PKI), based on X.509 certificates

Basis of trust at the implementation level is a shared Certificate Authority chartered by NHIN governance body

Example secure NHIN message* Required in all NHIN SOAP messages (*) standard SAML-secured SOAP message – not NHIN specific Example payload: HL7v3 CCD Message in XML format

Identity Management Federations and NHIN Goal: to be able to share and understand identities between health care organizations Goal: No central registry (big brother) Goal: Multiple providers of identities from small clinics to huge research centers Goal: Standardized “ROLES” so trust can be role-based as well

Goal: to be able to share and understand identities between health care organizations

Goal: No central registry (big brother)

Goal: Multiple providers of identities from small clinics to huge research centers

Goal: Standardized “ROLES” so trust can be role-based as well

Identity Management Solution: Overview of Shibboleth Shibboleth* – an open-source federated identity management system Sponsored by Internet2 Compatible with standards SAML 2.0 / NHIN Liberty Alliance Standards (*) http://shibboleth.internet2.edu/

Shibboleth* – an open-source federated identity management system

Sponsored by Internet2

Compatible with standards

SAML 2.0 / NHIN

Liberty Alliance Standards

Shibboleth “Club” Shibboleth software has the concept of a “Club” A “Club” is a group of organizations that support single sign on between themselves. Club is common security and operational policies Simplifies trust between members Clarifies SAML assertion management Directory information can then be exchanged and trusted between companies regarding identities.

Shibboleth software has the concept of a “Club”

A “Club” is a group of organizations that support single sign on between themselves.

Club is common security and operational policies

Simplifies trust between members

Clarifies SAML assertion management

Directory information can then be exchanged and trusted between companies regarding identities.

CHIC & Ohio – Record Locator Service & NHIN CHIC SISU / St.Luke’s VRMC Users NHIN Backbone connecting HIEs Community Security/ Privacy Officers Log Reviews Personal Health Record (PHR) Role Based Access Control Service Community Patient Privacy Manager Audit Database XDS Registry and Repository Patient Clinical Info Retrieval Lookup MEDNET GRID SERVER Immunization Connection eHealth Ohio, VMN Test server LOGIN MEDNET NHIN Gateway Record Locator Query Engine Federated Identity Management Service

Federation Example – eHealth Ohio and MN Completed HIMSS/GSA project in 2006 MN project implement Shibboleth Completed “Phase 2” - 2007 MN & OH linked 2007 pilot using Shibboleth Club Completed “Phase 3” - 2008 NHIN work in MN 2009 – Phase 4 and beyond?? Tying NHIN / Phase 3 work / HIE interests together

Completed HIMSS/GSA project in 2006

MN project implement Shibboleth

Completed “Phase 2” - 2007

MN & OH linked 2007 pilot using Shibboleth Club

Completed “Phase 3” - 2008

NHIN work in MN

2009 – Phase 4 and beyond??

Tying NHIN / Phase 3 work / HIE interests together

Phase 4 - Federation Architecture Develop SAML 2.0 federation pilots Partner with NHIN projects Develop standardized “ROLES” between HIEs Easy trust models Develop simple installations Open source solutions Simple solutions Virtual Server technologies (VMware, etc) Trust and replication between participants Goals:

Develop SAML 2.0 federation pilots

Partner with NHIN projects

Develop standardized “ROLES” between HIEs

Easy trust models

Develop simple installations

Open source solutions

Simple solutions

Virtual Server technologies (VMware, etc)

Trust and replication between participants

The Possible Future Public Health – online disease investigations No more snail-mail, calls and faxes Immediate investigation of bad diseases / outbreaks Project starting with CDC this year! Ambulances look you up while enroute Treatment, allergies, drugs known beforehand MN Pilot being developed with Mayo and CHIC HIE! Emergency Departments “Preloaded” Insurance, emergency contacts, medical history, primary care docs – known before you arrive! Insurers on-line Immediate eligibility at any point of care Insurance and co-pays always known Medical Banking – fast payments HSA payments, co-pays happen at point of service

Public Health – online disease investigations

No more snail-mail, calls and faxes

Immediate investigation of bad diseases / outbreaks

Project starting with CDC this year!

Ambulances look you up while enroute

Treatment, allergies, drugs known beforehand

MN Pilot being developed with Mayo and CHIC HIE!

Emergency Departments “Preloaded”

Insurance, emergency contacts, medical history, primary care docs – known before you arrive!

Insurers on-line

Immediate eligibility at any point of care

Insurance and co-pays always known

Medical Banking – fast payments

HSA payments, co-pays happen at point of service

Help us build our vision! Contact us if interested in learning more about Phase 4 - Open invitation to learn about technology - Open invitation to join us in Phase 4

Thanks! Presenter information: Rick Moore eHealth Ohio +1 877.813.9750 [email_address] John Fraser MEDNETWorld.com +1 612.435.7602 [email_address] Co-chair of the Health Identity Management Special Interest Group of the Liberty Alliance (HIM-SIG), see: http://wiki.projectliberty.org/index.php/Health_Identity_Management_SIG

Rick Moore

eHealth Ohio

+1 877.813.9750

[email_address]

John Fraser

MEDNETWorld.com

+1 612.435.7602

[email_address]

Co-chair of the Health Identity Management Special Interest Group of the Liberty Alliance (HIM-SIG), see: http://wiki.projectliberty.org/index.php/Health_Identity_Management_SIG