The document discusses the National Strategy for Trusted Identities in Cyberspace (NSTIC) which aims to establish an "identity ecosystem" where individuals can choose digital identities to conduct business online securely and privately. It outlines NSTIC's goals of interoperability, security, privacy and usability. NSTIC is funding pilot projects and working with the private sector and agencies like ONC to advance trusted digital identities. Examples include a project using state IDs to verify patient identities for online health record access. The strategy aims to curb identity theft by establishing more secure authentication methods.

1. Free Online Learning Podcasts
Podcast length – 38:56
Topic: “Establishing a Trusted Identity in Cyberspace”
Background on NSTIC, Creating an Identity “Ecosystem,” The Impact of
Identity Theft, Right to Privacy, Value of Standards Based Patient ID in
Healthcare, NSTIC and the ONC, Interoperability, Trusted ID Reducing
Medical ID Theft, NSTIC Pilot Projects
Jim Shiere, Senior Advisor with the National Strategy for Trusted
Identities in Cyberspace (NSTIC)
and

2. NSTIC Mission & Objectives – What is an Identity
Ecosystem?
Processes & Structure to Meet NSTIC Goals
Trusted Identities – Why is Now the Right Time?
Balance Between Identities and Privacy
Value of a Trusted Identity for Patients in Healthcare
Identity Theft Implications

3. NSTIC and the ONC – Working Together to Created
Trusted Identities for Patients
The Value of A Standardized Biometric Patient
Identification Solution
Trusted Identity Impact on Medical Identity Theft
NSTIC Pilot Projects

4. NSTIC – National Strategy for Trusted Identities in Cyberspace
• Launched by the White House in 2011
• Main goal is to establish an “identity ecosystem”
• Individuals can voluntarily choose from a single or multiple digital
identities of their choice to conduct business on the Internet
anywhere at anytime
• Based on 4 fundamental guiding principles:
• Interoperability – If you choose an identity (Google for example) –
you have the opportunity to interoperably use it anywhere. Helps
alleviate the problem of creating a user name and password for each
new site you visit. Idea is to create one credential to be used
anywhere.
• Security & Resiliency – Single factor authentication (e.g. –
passwords) are “hopelessly” broken and increasingly are a vector of
attack – 60% of network intrusions are a result of bad password
management. NSTIC envisions a way to replace the password with
better
methods

5. • Multi-factor authentication seen as a more secure identity
• Privacy – How can we foster the creation of an identity ecosystem
that presents privacy enhancing options to individuals?
• Current interoperable sign on credentials don’t allow for a clear
understanding of what privacy controls are in place to protect
information
• NSTIC looking to enshrine better privacy policies to foster more
control over personal information
• Usability – any online, interoperable credential solution should be
• easy to use and convenient
Processes and Structure
• What is NSTIC doing to foster the vision of an identity ecosystem?
• Thrust #1: Funding – providing pilot project funding to private
company projects who are innovating and launching initiatives to help
advance the principles of an identity ecosystem and catalyze the
market for these solutions

6. • Pilot Example – American Association of Motor Vehicle Administration
(AAMVA) and the INOVA Healthcare System (based in Virginia)
• Pilot basis – How can INOVA patients access their online records
using a Google or Microsoft account for login to avoid having to
create a new account. The AAMVA will automatically proof your
identity so INOVA can grant authorization.
• NSTIC has awarded over $17 in funding to the private sector and
several states for pilots
• Thrust #2: Lead federal government – rallying the government sector
to be early adopters to the “identity ecosystem”
• Example – “Federal Cloud Credential Exchange” – government is
deploying a platform to accept third party credentialing to access
government services. Idea is to move more government services
online in a cost effective and efficient way but still follow security
and privacy guidelines.

7. • Expect to hear more in the coming months about which
government agencies will be deploying the trusted identity
initiative
• Thrust #3: Facilitating private sector led groups – referred to as “The
Identity Ecosystem Steering Group” (IDSG) to convene the private
sector to establish a framework of rules, policies and standards which
will provide the policy foundation for how the private sector can
leverage the identity ecosystem
• NSTIC provided grant funding to support the group for the first
two years, the group has since transformed into an independent
entity
• If individuals or business are looking to play a larger role in the
initiative, participation in the IDSG is a great place to engage
(www.idecosystem.org) – open to all (businesses, individuals, non-
profits, etc.)
• Many IDSG stakeholders groups exist that cover a range of topics
(state and local governments, privacy, etc.)

8. • The “hopelessly broken” nature of user names and passwords
• Increasingly a vector of attack for criminals to access sensitive
information to enable identity theft and other forms of fraud
• NSTIC’s goals are aimed to provide more usable and secure identity
credentialing solutions to provide a safer way to do business online
and build consumer trust
• NSTIC envisions a better way forward to authenticate ourselves
online by playing more of a “facilitator” role and support entities
• Ultimately, it’s the private sector that will step up and provide tools
and tech for more secure online transactions
• There needs to be a more open and comprehensive study and
discussion on the issue of privacy and how it impacts the creation of
an identity ecosystem
• Urgency exists to solidify a national strategy – now is the right time

9. • The proliferation of data available on individuals to provide better
products and services online has fueled the rise in ID theft – in other
words, the quest to improve product and service quality seeded the
growth of ID theft cases
• NSTIC has stepped in to help change the thought process of online
individual information and shift the focus to privacy and protection
• NSTIC asks the question – if you are sharing information online for
business transactions, why is it necessary to share anything other
than basic information necessary to complete the transaction?
• NSTIC is focusing on the concept of “data minimization”
• Identity theft erodes consumer trust in online transactions
• NSTIC believes it can build a better set of online identity tools to
minimize risk and increase privacy

10. • Privacy remains a fundamental guiding principle of the national
strategy for online trusted identities
• NSTIC is focused on ensuring that privacy advocates have a seat at the
table to help mold the online identity initiative and how the identity
ecosystem will evolve
• Another way NSTIC is promoting privacy enhancing solutions is
through the Federal Cloud Credential Exchange (FCCX) which
enshrines the fair information practice principles – learn more at:
www.nist.gov/nstic/fccx.html
Did you know?
A copy of NSTIC’s strategy is available online. You
can access a copy by following this link:
www.whitehouse.gov/sites/default/files/rss_vie
wer/NSTICstrategy_051511.pdf

11. • At heart of NSTIC and Office of the National Coordinator for Health
Information Technology (NSTIC) collaboration is looking at how NSTIC’s
drive to establish trusted identities (identities that provide security and
privacy – both important in the context of HIPAA)
• Identity ecosystem that NSTIC envisions allows patients to have
voluntary access to identity credentials with stronger privacy and
security enhancing features
• This fits into the ONC strategy of open access to health data with more
secure, safe, and privacy enhancing tools
• Viewing, downloading and exchange of health data information is
enabled through a trusted identity ecosystem
• Patients want the assurance that their private health data is being
adequately protected during the access and exchange process
• Trusted identities help to advance the goal of true interoperability
• ONC is actively engaged in the IDSG and follow several pilots closely
(INNOVA)

12. • NSTIC’s role isn’t to point to specific methods of authentication for the
market – instead their role is a facilitator of pilot projects, opening
dialog, and ensuring all stakeholders have a seat at the table
• NSTIC focuses on allowing private entities to factor in identity
management technologies as part of the overall solution
• Most people understand the value of standards based identity
management approaches – fundamentally important for the overall
identity management ecosystem moving forward (enshrined in NSTIC
interoperability principles)
• Overall, patient identification standards based solutions are getting a
close look as a piece of the overall identity ecosystem

13. • The shift from paper to electronic health records necessitates a shift
change in how to effectively protect patient data
• Patient data information used to be limited and siloed – the advent of
EHR’s, HIEs, Meaningful Use mandates, and an increased interest in
leveraging the power of big data to perform population management
has increased the availability of electronic information that is easier to
transport (and steal)
• Critical that a security protocol be in established & observed to:
• Validate a patient’s identity & ensure they are who they say they
are both in person and online (e.g. – patient portals)
• Biometrics for patient identification is increasing and a viable tool to
verify a patient’s identity with near 100% accuracy – can also be used
at each touch point along the continuum of care to authenticate
identity before service/procedure is rendered

14. • NSTIC is specifically coordinating its efforts to establish a trusted
identity precisely to help stem the rising tide of medical ID theft
• Medical identity theft looming crisis demands better ways for patients
to access health data online especially in the wake of increased
adoption of electronic health records (EHRs)
• NSTIC timing was ideal for the healthcare industry as the struggles to
protect identities increases
• NSTIC provides a set of tools and fosters an ecosystem that enables
patient trust
• ONC’s vision of open, secure, and private access to health data is
manifested in NSTIC’s initiatives with an improved approach to identity
• Pilots within federal government provide valuable case studies to help
advance trusted identities in healthcare
• Expect to see continued dialog and collaboration between ONC and
NSTIC to stem medical ID theft with more secure trusted identities

15. INNOVA
• Pilot premise is to help enable more convenient yet secure ways for
patients to log in and access their health data online
• Prior to patients logging into a portal for access to health data, a
customized list of questions only the patient would know the answers
to is provided by the Virginia MVA
• Establishes much stricter security protocols for online healthcare data
access
• Provides a much more authoritative resource for verifying patient
identities
• Creating growing interest in healthcare for access to a powerful set of
tools to better verify patient identities while creating convenience and
fostering privacy

17. John Trader
Director of Communications
RightPatient
1050 Crown Pointe Pkwy.
Suite 850
Atlanta, GA 30338
jtrader@rightpatient.com
404-528-1270
www.rightpatient.com
Podcast home page: http://www.m2sys.com/healthcare/healthcare-biometrics-
podcasts/
: twitter.com/rightpatient
: facebook.com/rightpatient
: linkedin.com/company/rightpatient