Identity Assurance in Healthcare: What Does It Mean to You?<br />By Frank Villavicencio<br />HIMSS Conference<br />March 1...
Identropy at a Glance<br />Exclusive Focus on Identity & Access Management (IAM)<br />3 Lines of Business: Advisory Servic...
We Will Cover…<br />Overview of Identity Assurance<br />Why Does it Matter in Healthcare?<br />What Does it Mean to You?<b...
Identity Assurance<br />Identity assurance is the ability for a party to determine, with some level of certainty, that the...
Identity Assurance and Risk Levels<br />Identity Assurance Levels (AL) map to risk levels in a transaction<br />
It is More than Authentication…<br />...it is a lifecycle<br />Termination<br />Renewal<br />Step-up<br />Authentication<b...
What Do I Care?<br />
Identity Assurance in the Identity Lifecycle<br />IdentityManagement<br />Roles<br />Management<br />Simplified<br />Secur...
What Does It Mean to Healthcare?<br />Identity assurance is at the heart of the Health IT agenda for electronic health inf...
What Does It Really Mean?<br />
Questions?<br />
More information<br />Identity Assurance (Wikipedia)<br />Identity Assurance in the Nationwide Health Information Network ...
Upcoming SlideShare
Loading in …5
×

Identropy Identity Assurance in Healthcare: what does it mean to you?

2,368 views

Published on

Electronic Medical Records and Health IT are integral part of the Administration’s health reform. Committees such as the Nationwide Health Information Network are formulating standards and recommendations that will soon affect how electronic healthcare will be implemented. At the cornerstone of these efforts is the need to establish, with the appropriate degree of confidence, who is who in an electronic healthcare transaction: this is what defines identity assurance. This session will explain identity assurance, its implications, discuss pragmatic approaches to applying it to electronic healthcare and how to get started.

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,368
On SlideShare
0
From Embeds
0
Number of Embeds
1,355
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • Title: “Identity assurance in healthcare: what does it mean to you?”Abstract: Electronic Medical Records and Health IT are integral part of the Administration’s health reform. Committees such as the Nationwide Health Information Network are formulating standards and recommendations that will soon affect how electronic healthcare will be implemented. At the cornerstone of these efforts is the need to establish, with the appropriate degree of confidence, who is who in an electronic healthcare transaction: this is what defines identity assurance. This session will explain identity assurance, its implications, discuss pragmatic approaches to applying it to electronic healthcare and how to get started.
  • Identity assurance is a business metric to help gauge the level of sophistication and cost that an IdM infrastructure requiresAssurance Levels (ALs) are the levels of trust associated with a credential as measured by the associated technology, processes, and policy and practice statements. Higher levels of assurance imply more thorough and secure processes for managing identities, which often equates to higher costsBetter understood as a risk equation: greater risks, require stronger risk mitigation, hence higher costsStandards such as the Identity Assurance Framework (IAF) by Kantara Initiative and NIST Special Publication 800-63 provide guidance and definition for identity assurance
  • 45 CFR Part 170: Initial Set of Standards, Implementation Specifications, and Certification Criteria for Electronic Health Record Technology (Dec 30, 2009) - §170.210 “Standards for health information technology to protect electronic health information created, maintained, and exchanged”
  • Identropy Identity Assurance in Healthcare: what does it mean to you?

    1. 1. Identity Assurance in Healthcare: What Does It Mean to You?<br />By Frank Villavicencio<br />HIMSS Conference<br />March 1-4, 2010<br />
    2. 2. Identropy at a Glance<br />Exclusive Focus on Identity & Access Management (IAM)<br />3 Lines of Business: Advisory Services, Implementation, Managed Services<br />20+ IAM/AGS Experts with hands-on experience in over 80 successful implementations in the last 3 years<br />Full Range of Services to Support Full Solution Lifecycle<br />
    3. 3. We Will Cover…<br />Overview of Identity Assurance<br />Why Does it Matter in Healthcare?<br />What Does it Mean to You?<br />Q&A<br />
    4. 4. Identity Assurance<br />Identity assurance is the ability for a party to determine, with some level of certainty, that the human being represented by a credential in an electronic transaction is in fact the alleged person<br />Published in The New Yorker 7/5/1993 by Peter Steiner<br />
    5. 5. Identity Assurance and Risk Levels<br />Identity Assurance Levels (AL) map to risk levels in a transaction<br />
    6. 6. It is More than Authentication…<br />...it is a lifecycle<br />Termination<br />Renewal<br />Step-up<br />Authentication<br />Risk Monitoring<br />Authentication<br />Credentialing<br />Identity Verification<br />Creation<br />
    7. 7. What Do I Care?<br />
    8. 8. Identity Assurance in the Identity Lifecycle<br />IdentityManagement<br />Roles<br />Management<br />Simplified<br />Secure<br />Access<br />Access <br />Certification<br />PasswordManagement<br />
    9. 9. What Does It Mean to Healthcare?<br />Identity assurance is at the heart of the Health IT agenda for electronic health information<br />Excerpt from 45 CFR Part 170 - §170.210 “Standards for health information technology to protect electronic health information created, maintained, and exchanged”<br />(d) Cross-enterprise authentication. A cross-enterprise secure transaction that contains sufficient identity information such that the receiver can make access control decisions and produce detailed and accurate security audit trails must be used.<br />(t) Authentication. (1) Local. Verify that a person or entity seeking access to electronic health information is the one claimed and is authorized to access such information. (2) Cross network. Verify that a person or entity seeking access to electronic health information across a network is the one claimed and is authorized to access such information in accordance with the standard specified in §170.210(d).<br />
    10. 10. What Does It Really Mean?<br />
    11. 11. Questions?<br />
    12. 12. More information<br />Identity Assurance (Wikipedia)<br />Identity Assurance in the Nationwide Health Information Network (NHIN)... a cross roads of sorts<br />45 CFR Part 170 - Initial Set of Standards, Implementation Specifications, and Certification Criteria for Electronic Health Record Technology; Interim Final Rule<br />Kantara Initiative Identity Assurance Framework<br />

    ×