The document summarizes recommendations from a Privacy and Security Tiger Team on provider and patient identity management. It recommends that providers continue ID proofing professionals and staff per HIPAA and that ONC require multi-factor authentication meeting NIST LOA3 for remote access to PHI by Meaningful Use Stage 3. For patients, it recommends ONC develop easy-to-use best practices for patient ID proofing that leverage solutions from other sectors and provide protections commensurate with risk, allowing in-person or remote ID proofing at a Level 2.5 authentication. It also notes the need to uniquely identify patients for various purposes but that no formal recommendations have been made yet and regulations should allow progress and innovation.