Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

2019 | Keeping Up With The Kantarians - Catherine Schulen | Identiverse | Day 1, June 25

42 views

Published on

2019 marks Kantara's 10 year anniversary. What a ride! Kantara's provenance can help folks newer to the digital identity domain appreciate why recent history informs the current challenges. It also helps contextualize Kantara's 'raison d'etre' in drawing the community together to work on a range of specifications, best practice, R&D and conformity assessment programs. This session will connect the recent past with the 'here and now' to give attendees a rich tapestry of understanding to appreciate the role of industry consortia and standards development organizations to transition the digital economy to a more mature state.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

2019 | Keeping Up With The Kantarians - Catherine Schulen | Identiverse | Day 1, June 25

  1. 1. Keeping up with the Kantarians in Identity Assurance! Catherine Schulten catherineschulten@yahoo.com Catherine.Schulten@allclearid.com Ethics & Conformance Trust Marked
  2. 2. © Copyright 2019 Kantara Initiative, Inc.  OMB M-19-17: “Enabling Mission Delivery through Improved Identity, Credential, and Access Management”  Objective – “enacting a common vision for identity as an enabler of mission delivery, trust, and safety of the Nation” Identity Assurance Updates Move to 800-63-3 (IAL/AAL) Adopt flexible solutions, manage the lifecycle of identities not credentials Agencies need to leverage valid credentials rather than issue new ones Perform Digital Identity Risk Management to determine appropriate levels of assurance Use commercially available products, leverage open APS Agencies that are authoritative sources for attributes ( e.g., SSN) shall establish data validation APIs for public and private sector identity proofing services Improve digital interactions with the American public Agencies are directed to pilot different authenticators, findings will inform NIST guidelines and ICAM requirements https://www.whitehouse.gov/wp-content/uploads/2019/05/M-19-17.pdf
  3. 3. © Copyright 2019 Kantara Initiative, Inc. TEFCA TEFCA 2.0 “Trusted Exchange Framework and Common Agreement”, 2nd round. Required by the 21st Century Cures Act, objective is to establish a single “on-ramp” that allows health care stakeholders to join any health information network and be able to automatically connect and participate in a nationwide health information exchange https://www.healthit.gov/sites/default/files/page/2019-04/FINALTEFCAQTF41719508version.pdf
  4. 4. © Copyright 2019 Kantara Initiative, Inc. A NATIONWIDE DESIGN FOR HEALTH INFORMATION EXCHANGE REPLACE THE MULTITIDUE OF COSTLY, POINT-TO-POINT HEALTH INFORMATION EXCHANGES – EACH WITH THEIR OWN SET OF REQUIREMENTS AND CAPABILITIES – WITH A DESIGN THAT: - PROVIDES A SINGLE ON-RAMP TO NATIONWIDE CONNECTIVITY - ALLOWS YOUR EHI TO SECURELY FOLLOW YOU WHEN AND WHERE IT IS NEEDED - SUPPORT FOR NATIONWIDE SCALABILITY
  5. 5. © Copyright 2019 Kantara Initiative, Inc. TEFCA & IDENTITY Calls for adherence to NIST 800-63-3 Patients, Providers/Staff + Exchange Staff to be Assured to IAL2 and Authenticated to AAL2 IAL2 can be achieved via any two of the following: • physical comparison to legal photographic identification cards such as driver’s licenses or passports, or employee or school identification badges; • comparison to information from an insurance card that has been validated with the issuer (e.g., in an eligibility check within two days of the proofing event); • comparison to information from an electronic health record (EHR) containing information entered from prior encounters. AAL2 • does not specify how entities must perform authentication, how QHINs should obtain authentication information about entities within their networks, or how QHINs and other entities should represent authentication information internally. • QHINs, however, must share authentication information with other QHINs using a consistent format. No Electronic Health Information can be used/disclosed* outside the United States “Meaningful Choice” Individuals can elect that their EHI not be used or disclosed
  6. 6. © Copyright 2019 Kantara Initiative, Inc.  HR 2740, Section 510 has been struck which was a 20 year old amendment that prohibited HHS from spending any federal dollars to promulgate or adopt a national patient identifier (still must be approved by Senate)  The intent of the amendment is to address the widespread problem of misidentification. Correctly identifying patients and accurately matching their electronic health records as they are shared across healthcare organizations continues to be a major challenge for the industry  “removal of this ban will empower HHS to explore a full range of patient matching solutions and enable it to work with the private sector to identify solutions that protect patient privacy and are cost-effective, scalable and secure.” National Patient Identifier
  7. 7. Nurture. Develop. Operate. – that’s what we do! Thank you from your Kantara Community members (in order of appearance); @KantaraColin @iglazer @ThomasHardjono Tim Reiniger @Identos_Inc @IDIMAndrew @CSchulten Ethics & Conformance Trust Marked

×