SlideShare a Scribd company logo

Privacy and Security Tiger Team Authentication Recommendations

Download as PPT, PDF
Brian Ahier
Brian Ahier

The document provides recommendations from the Privacy and Security Tiger Team on provider authentication. It discusses the need to validate the identity of organizations exchanging health information electronically and recommends: 1) Requiring digital certificates for all entities involved in health data exchange. 2) Establishing requirements to be issued digital certificates such as meeting certain standards. 3) Creating a process for issuing and re-evaluating digital certificates. 4) Allowing any entity that can meet standards and be accountable to issue digital certificates, and establishing an accreditation program through ONC.

1 of 13
HIT Policy CommitteeHIT Policy Committee Privacy and Security Tiger TeamPrivacy and Security Tiger Team Deven McGraw, Chair Paul Egerman, Co-Chair Provider Authentication Recommendations November 19, 2010 1
Tiger Team Members 2 • Deven McGraw, Chair, Center for Democracy & Technology • Paul Egerman, Co-Chair • Dixie Baker, SAIC • Christine Bechtel, National Partnership for Women & Families • Rachel Block, NYS Department of Health • Neil Calman, Institute for Family Health • Carol Diamond, Markle Foundation • Judy Faulkner, EPIC Systems Corp. • Leslie Francis, University of Utah; NCVHS • Gayle Harrell, Consumer Representative/Florida • John Houston, University of Pittsburgh Medical Center • David Lansky, Pacific Business Group on Health • David McCallie, Cerner Corp. • Wes Rishel, Gartner • Latanya Sweeney, Carnegie Mellon University • Micky Tripathi, Massachusetts eHealth Collaborative • Adam Greene, Office of Civil Rights • Joy Pritts, ONC • Judy Sparrow, ONC
Objectives and Scope of this Discussion • Stage 1 of meaningful use includes some requirements to exchange identifiable clinical information among providers for treatment purposes -- we expect that the exchange requirements will increase in Stages 2 and 3 • We focused on a trust framework for information exchange between EHR systems • We need to validate that the organization is who it says it is (digital credentials) – Does the organization really exist, and how can we gain assurance that someone else isn’t spoofing or assuming the organization’s identity? 3
Objectives and Scope continued • We are evaluating these trust rules at the organizational or entity level, and as such, the scope of this recommendation does not include authentication of individual users of EHR systems • With respect to individual users, provider entities and organizations must develop and implement policies to identity proof and authenticate their individual users (already required under HIPAA Security Rule) 4
Authentication Environment 5
Authentication Infrastructure • On the Internet, the identity of an entity is authenticated using a digital certificate – Contains information about the entity – Contains public (freely published) encryption key that, when used in combination with its paired private key (retained by the entity), can be used to authenticate the identity of the certificate holder • The process of assigning a digital certificate to an entity is called credentialing 6
Overall Comments • We want a high level of assurance that the organization is who it says it is – We also want to ensure an appropriate balance between level of assurance and cost and burden of implementation • Entity authentication (through digital certificates) is not the sole measure of security – it is necessary but not sufficient • We assume that recommendations from the Governance workgroup will form the foundation of an accountability infrastructure for assuring adherence to a framework of privacy and security practices and policies 7
Recommendation 1: Which Provider Entities Should be Issued Digital Certificates • All entities involved in health data exchange should be required to have digital certificates – Examples of these entities might include: • Covered entities • Business associates • PHR providers • Public health entities • PBMs • Retail pharmacies • DME suppliers • Laboratories • Imaging centers • Non-providers--payers, claims clearinghouses, HIOs [Note: an entity might have multiple entry points] 8
Recommendation 2: Requirements to be Issued Digital Certificates 9
Recommendation 3: Process for Issuing Digital Certificates and Process for Re-evaluation 10
Recommendation 4: Characteristics of Who Can Credential/Issue Digital Certificates • Any entity willing to assume attendant risks (i.e., be held accountable for achieving a high level of accuracy/assurance) and meet established standards can issue digital certificates • We recommend that ONC establish an accreditation program for reviewing and authorizing certificate issuers – Annual credentialing of entities is not enough – credential issuers must be required to operate with transparency so their operations can be monitored and problems are quickly identified • This requirement for accreditation should be evaluated in the context of recommendations from the HIT Policy Committee’s Governance Workgroup 11
Recommendation 5: EHR Certification and Standardization of Digital Certificates • ONC, through the Standards Committee, should select or specify standards for digital certificates (including data fields) in order to promote interoperability among health care organizations. • EHR certification should include criteria that tests capabilities to retrieve, validate, use, and revoke digital certificates that comply with standards 12
Recommendation 6: Types of Transactions Requiring Certificates • Authentication is required on any transaction: – When the content of the exchange must be protected (due to personally identifiable health information) – When the identity of the sender and/or receiver must be known and validated – In some cases may only need to authenticate one end versus both • Examples of transactions that may require authentication of sender and/or receiver need assurance include: – Transactions that contain personally identifiable health information or may otherwise pose a risk to the patient if the information is not used in an appropriate manner – Transactions that would normally be authenticated outside of health care – Bulk transactions used to transfer multiple patient records 13

Recommended

SoCal HIMMS Policiy Initiatives
SoCal HIMMS Policiy InitiativesSoCal HIMMS Policiy Initiatives
SoCal HIMMS Policiy Initiatives
TimothyEdwardJones
 
Tatiana Stebakova
Tatiana Stebakova Tatiana Stebakova
Tatiana Stebakova Ark Group Australia Pty Ltd
 
iHT2 Health IT Summit Atlanta 2013, Michael Matthews, Chief Executive Officer...
iHT2 Health IT Summit Atlanta 2013, Michael Matthews, Chief Executive Officer...iHT2 Health IT Summit Atlanta 2013, Michael Matthews, Chief Executive Officer...
iHT2 Health IT Summit Atlanta 2013, Michael Matthews, Chief Executive Officer...
Health IT Conference – iHT2
 
Navigating Provider Directory Accuracy Regulations
Navigating Provider Directory Accuracy RegulationsNavigating Provider Directory Accuracy Regulations
Navigating Provider Directory Accuracy Regulations
LexisNexis Risk Solutions
 
2015 LexisNexis® Fraud Mitigation Study
2015 LexisNexis® Fraud Mitigation Study2015 LexisNexis® Fraud Mitigation Study
2015 LexisNexis® Fraud Mitigation Study
LexisNexis Risk Solutions
 
Working together
Working togetherWorking together
Working togetherDavid Harkleroad
 
HXR 2016: Working with Cloud-based Programs - Aaron Moronez, AthenaHealth
HXR 2016: Working with Cloud-based Programs - Aaron Moronez, AthenaHealthHXR 2016: Working with Cloud-based Programs - Aaron Moronez, AthenaHealth
HXR 2016: Working with Cloud-based Programs - Aaron Moronez, AthenaHealth
HxRefactored
 
Fareham and Gosport - A brief overview
Fareham and Gosport - A brief overviewFareham and Gosport - A brief overview
Fareham and Gosport - A brief overview
Health Innovation Wessex
 

Recommended

SoCal HIMMS Policiy Initiatives
SoCal HIMMS Policiy InitiativesSoCal HIMMS Policiy Initiatives
SoCal HIMMS Policiy Initiatives
TimothyEdwardJones
 
Tatiana Stebakova
Tatiana Stebakova Tatiana Stebakova
Tatiana Stebakova Ark Group Australia Pty Ltd
 
iHT2 Health IT Summit Atlanta 2013, Michael Matthews, Chief Executive Officer...
iHT2 Health IT Summit Atlanta 2013, Michael Matthews, Chief Executive Officer...iHT2 Health IT Summit Atlanta 2013, Michael Matthews, Chief Executive Officer...
iHT2 Health IT Summit Atlanta 2013, Michael Matthews, Chief Executive Officer...
Health IT Conference – iHT2
 
Navigating Provider Directory Accuracy Regulations
Navigating Provider Directory Accuracy RegulationsNavigating Provider Directory Accuracy Regulations
Navigating Provider Directory Accuracy Regulations
LexisNexis Risk Solutions
 
2015 LexisNexis® Fraud Mitigation Study
2015 LexisNexis® Fraud Mitigation Study2015 LexisNexis® Fraud Mitigation Study
2015 LexisNexis® Fraud Mitigation Study
LexisNexis Risk Solutions
 
Working together
Working togetherWorking together
Working togetherDavid Harkleroad
 
HXR 2016: Working with Cloud-based Programs - Aaron Moronez, AthenaHealth
HXR 2016: Working with Cloud-based Programs - Aaron Moronez, AthenaHealthHXR 2016: Working with Cloud-based Programs - Aaron Moronez, AthenaHealth
HXR 2016: Working with Cloud-based Programs - Aaron Moronez, AthenaHealth
HxRefactored
 
Fareham and Gosport - A brief overview
Fareham and Gosport - A brief overviewFareham and Gosport - A brief overview
Fareham and Gosport - A brief overview
Health Innovation Wessex
 
HXR 2016: Improving Insurance Member Experiences -Christopher Neuharth
HXR 2016: Improving Insurance Member Experiences -Christopher NeuharthHXR 2016: Improving Insurance Member Experiences -Christopher Neuharth
HXR 2016: Improving Insurance Member Experiences -Christopher Neuharth
HxRefactored
 
Network Optimization: Why Physician Quality Should Drive Your Benefits Strategy
Network Optimization: Why Physician Quality Should Drive Your Benefits StrategyNetwork Optimization: Why Physician Quality Should Drive Your Benefits Strategy
Network Optimization: Why Physician Quality Should Drive Your Benefits Strategy
Grand Rounds
 
Challenges & Opportunities in Managing Cyber Risks
Challenges & Opportunities in Managing Cyber RisksChallenges & Opportunities in Managing Cyber Risks
Challenges & Opportunities in Managing Cyber Risks
Anna Gomez
 
Information Governance Environment - Beverly Carter
Information Governance Environment - Beverly Carter Information Governance Environment - Beverly Carter
Information Governance Environment - Beverly Carter
Health Innovation Wessex
 
IBM_analytics across the healthcare ecosystem
IBM_analytics across the healthcare ecosystem IBM_analytics across the healthcare ecosystem
IBM_analytics across the healthcare ecosystem
Heather Fraser
 
Imaging Clinical Decision Support: The Medicare Mandate - Prepared for Nation...
Imaging Clinical Decision Support: The Medicare Mandate - Prepared for Nation...Imaging Clinical Decision Support: The Medicare Mandate - Prepared for Nation...
Imaging Clinical Decision Support: The Medicare Mandate - Prepared for Nation...
Mick Brown
 
Virtual Care
Virtual CareVirtual Care
Virtual Care
TrustRobin
 
Medeo Virtual Care Point of View
Medeo Virtual Care Point of ViewMedeo Virtual Care Point of View
Medeo Virtual Care Point of View
Ryan Wilson
 
HealthSaaS Overview Deck October 2014 (RPM, Home Health)
HealthSaaS Overview Deck October 2014 (RPM, Home Health)HealthSaaS Overview Deck October 2014 (RPM, Home Health)
HealthSaaS Overview Deck October 2014 (RPM, Home Health)
HealthSaaS, Inc.
 
Using Market Data to Support Your Compliance Program
Using Market Data to Support Your Compliance ProgramUsing Market Data to Support Your Compliance Program
Using Market Data to Support Your Compliance Program
MD Ranger, Inc.
 
How can Blockchain help the Healthcare Industry?
How can Blockchain help the Healthcare Industry?How can Blockchain help the Healthcare Industry?
How can Blockchain help the Healthcare Industry?
ArijitaBhowmik1
 
Opportunities & Challenges: A Home Health and Hospice Executive Survey
Opportunities & Challenges: A Home Health and Hospice Executive SurveyOpportunities & Challenges: A Home Health and Hospice Executive Survey
Opportunities & Challenges: A Home Health and Hospice Executive Survey
McKesson Corporation
 
Lloyd Humphreys - ECO 15: Digital connectivity in healthcare
Lloyd Humphreys - ECO 15: Digital connectivity in healthcareLloyd Humphreys - ECO 15: Digital connectivity in healthcare
Lloyd Humphreys - ECO 15: Digital connectivity in healthcare
Innovation Agency
 
medConfidential slides for care.data conference at QMUL, 5/4/14
medConfidential slides for care.data conference at QMUL, 5/4/14medConfidential slides for care.data conference at QMUL, 5/4/14
medConfidential slides for care.data conference at QMUL, 5/4/14
Phil_mC
 
Grand Rounds - Employee Benefits Landscape
Grand Rounds - Employee Benefits LandscapeGrand Rounds - Employee Benefits Landscape
Grand Rounds - Employee Benefits Landscape
Grand Rounds
 
Raising the Digital Trajectory of Healthcare
Raising the Digital Trajectory of HealthcareRaising the Digital Trajectory of Healthcare
Raising the Digital Trajectory of Healthcare
Health Catalyst
 
Macra and Hospitalists: Get Your Questions Answered
Macra and Hospitalists: Get Your Questions AnsweredMacra and Hospitalists: Get Your Questions Answered
Macra and Hospitalists: Get Your Questions Answered
Iatric Systems
 
Janet King - ECO 15: Digital connectivity in healthcare
Janet King - ECO 15: Digital connectivity in healthcareJanet King - ECO 15: Digital connectivity in healthcare
Janet King - ECO 15: Digital connectivity in healthcare
Innovation Agency
 
Quality performance improvement
Quality performance improvementQuality performance improvement
Quality performance improvement
ThomaskuttySajiPuthu
 
Challenges and Opportunities Around Integration of Clinical Trials Data
Challenges and Opportunities Around Integration of Clinical Trials DataChallenges and Opportunities Around Integration of Clinical Trials Data
Challenges and Opportunities Around Integration of Clinical Trials Data
CitiusTech
 
Enrollemt workgroup
Enrollemt workgroupEnrollemt workgroup
Enrollemt workgroupBrian Ahier
 
Kurzweil ~ Humanity+
Kurzweil ~ Humanity+Kurzweil ~ Humanity+
Kurzweil ~ Humanity+Brian Ahier
 

More Related Content

What's hot

HXR 2016: Improving Insurance Member Experiences -Christopher Neuharth
HXR 2016: Improving Insurance Member Experiences -Christopher NeuharthHXR 2016: Improving Insurance Member Experiences -Christopher Neuharth
HXR 2016: Improving Insurance Member Experiences -Christopher Neuharth
HxRefactored
 
Network Optimization: Why Physician Quality Should Drive Your Benefits Strategy
Network Optimization: Why Physician Quality Should Drive Your Benefits StrategyNetwork Optimization: Why Physician Quality Should Drive Your Benefits Strategy
Network Optimization: Why Physician Quality Should Drive Your Benefits Strategy
Grand Rounds
 
Challenges & Opportunities in Managing Cyber Risks
Challenges & Opportunities in Managing Cyber RisksChallenges & Opportunities in Managing Cyber Risks
Challenges & Opportunities in Managing Cyber Risks
Anna Gomez
 
Information Governance Environment - Beverly Carter
Information Governance Environment - Beverly Carter Information Governance Environment - Beverly Carter
Information Governance Environment - Beverly Carter
Health Innovation Wessex
 
IBM_analytics across the healthcare ecosystem
IBM_analytics across the healthcare ecosystem IBM_analytics across the healthcare ecosystem
IBM_analytics across the healthcare ecosystem
Heather Fraser
 
Imaging Clinical Decision Support: The Medicare Mandate - Prepared for Nation...
Imaging Clinical Decision Support: The Medicare Mandate - Prepared for Nation...Imaging Clinical Decision Support: The Medicare Mandate - Prepared for Nation...
Imaging Clinical Decision Support: The Medicare Mandate - Prepared for Nation...
Mick Brown
 
Virtual Care
Virtual CareVirtual Care
Virtual Care
TrustRobin
 
Medeo Virtual Care Point of View
Medeo Virtual Care Point of ViewMedeo Virtual Care Point of View
Medeo Virtual Care Point of View
Ryan Wilson
 
HealthSaaS Overview Deck October 2014 (RPM, Home Health)
HealthSaaS Overview Deck October 2014 (RPM, Home Health)HealthSaaS Overview Deck October 2014 (RPM, Home Health)
HealthSaaS Overview Deck October 2014 (RPM, Home Health)
HealthSaaS, Inc.
 
Using Market Data to Support Your Compliance Program
Using Market Data to Support Your Compliance ProgramUsing Market Data to Support Your Compliance Program
Using Market Data to Support Your Compliance Program
MD Ranger, Inc.
 
How can Blockchain help the Healthcare Industry?
How can Blockchain help the Healthcare Industry?How can Blockchain help the Healthcare Industry?
How can Blockchain help the Healthcare Industry?
ArijitaBhowmik1
 
Opportunities & Challenges: A Home Health and Hospice Executive Survey
Opportunities & Challenges: A Home Health and Hospice Executive SurveyOpportunities & Challenges: A Home Health and Hospice Executive Survey
Opportunities & Challenges: A Home Health and Hospice Executive Survey
McKesson Corporation
 
Lloyd Humphreys - ECO 15: Digital connectivity in healthcare
Lloyd Humphreys - ECO 15: Digital connectivity in healthcareLloyd Humphreys - ECO 15: Digital connectivity in healthcare
Lloyd Humphreys - ECO 15: Digital connectivity in healthcare
Innovation Agency
 
medConfidential slides for care.data conference at QMUL, 5/4/14
medConfidential slides for care.data conference at QMUL, 5/4/14medConfidential slides for care.data conference at QMUL, 5/4/14
medConfidential slides for care.data conference at QMUL, 5/4/14
Phil_mC
 
Grand Rounds - Employee Benefits Landscape
Grand Rounds - Employee Benefits LandscapeGrand Rounds - Employee Benefits Landscape
Grand Rounds - Employee Benefits Landscape
Grand Rounds
 
Raising the Digital Trajectory of Healthcare
Raising the Digital Trajectory of HealthcareRaising the Digital Trajectory of Healthcare
Raising the Digital Trajectory of Healthcare
Health Catalyst
 
Macra and Hospitalists: Get Your Questions Answered
Macra and Hospitalists: Get Your Questions AnsweredMacra and Hospitalists: Get Your Questions Answered
Macra and Hospitalists: Get Your Questions Answered
Iatric Systems
 
Janet King - ECO 15: Digital connectivity in healthcare
Janet King - ECO 15: Digital connectivity in healthcareJanet King - ECO 15: Digital connectivity in healthcare
Janet King - ECO 15: Digital connectivity in healthcare
Innovation Agency
 
Quality performance improvement
Quality performance improvementQuality performance improvement
Quality performance improvement
ThomaskuttySajiPuthu
 
Challenges and Opportunities Around Integration of Clinical Trials Data
Challenges and Opportunities Around Integration of Clinical Trials DataChallenges and Opportunities Around Integration of Clinical Trials Data
Challenges and Opportunities Around Integration of Clinical Trials Data
CitiusTech
 

What's hot (20)

HXR 2016: Improving Insurance Member Experiences -Christopher Neuharth
HXR 2016: Improving Insurance Member Experiences -Christopher NeuharthHXR 2016: Improving Insurance Member Experiences -Christopher Neuharth
HXR 2016: Improving Insurance Member Experiences -Christopher Neuharth
 
Network Optimization: Why Physician Quality Should Drive Your Benefits Strategy
Network Optimization: Why Physician Quality Should Drive Your Benefits StrategyNetwork Optimization: Why Physician Quality Should Drive Your Benefits Strategy
Network Optimization: Why Physician Quality Should Drive Your Benefits Strategy
 
Challenges & Opportunities in Managing Cyber Risks
Challenges & Opportunities in Managing Cyber RisksChallenges & Opportunities in Managing Cyber Risks
Challenges & Opportunities in Managing Cyber Risks
 
Information Governance Environment - Beverly Carter
Information Governance Environment - Beverly Carter Information Governance Environment - Beverly Carter
Information Governance Environment - Beverly Carter
 
IBM_analytics across the healthcare ecosystem
IBM_analytics across the healthcare ecosystem IBM_analytics across the healthcare ecosystem
IBM_analytics across the healthcare ecosystem
 
Imaging Clinical Decision Support: The Medicare Mandate - Prepared for Nation...
Imaging Clinical Decision Support: The Medicare Mandate - Prepared for Nation...Imaging Clinical Decision Support: The Medicare Mandate - Prepared for Nation...
Imaging Clinical Decision Support: The Medicare Mandate - Prepared for Nation...
 
Virtual Care
Virtual CareVirtual Care
Virtual Care
 
Medeo Virtual Care Point of View
Medeo Virtual Care Point of ViewMedeo Virtual Care Point of View
Medeo Virtual Care Point of View
 
HealthSaaS Overview Deck October 2014 (RPM, Home Health)
HealthSaaS Overview Deck October 2014 (RPM, Home Health)HealthSaaS Overview Deck October 2014 (RPM, Home Health)
HealthSaaS Overview Deck October 2014 (RPM, Home Health)
 
Using Market Data to Support Your Compliance Program
Using Market Data to Support Your Compliance ProgramUsing Market Data to Support Your Compliance Program
Using Market Data to Support Your Compliance Program
 
How can Blockchain help the Healthcare Industry?
How can Blockchain help the Healthcare Industry?How can Blockchain help the Healthcare Industry?
How can Blockchain help the Healthcare Industry?
 
Opportunities & Challenges: A Home Health and Hospice Executive Survey
Opportunities & Challenges: A Home Health and Hospice Executive SurveyOpportunities & Challenges: A Home Health and Hospice Executive Survey
Opportunities & Challenges: A Home Health and Hospice Executive Survey
 
Lloyd Humphreys - ECO 15: Digital connectivity in healthcare
Lloyd Humphreys - ECO 15: Digital connectivity in healthcareLloyd Humphreys - ECO 15: Digital connectivity in healthcare
Lloyd Humphreys - ECO 15: Digital connectivity in healthcare
 
medConfidential slides for care.data conference at QMUL, 5/4/14
medConfidential slides for care.data conference at QMUL, 5/4/14medConfidential slides for care.data conference at QMUL, 5/4/14
medConfidential slides for care.data conference at QMUL, 5/4/14
 
Grand Rounds - Employee Benefits Landscape
Grand Rounds - Employee Benefits LandscapeGrand Rounds - Employee Benefits Landscape
Grand Rounds - Employee Benefits Landscape
 
Raising the Digital Trajectory of Healthcare
Raising the Digital Trajectory of HealthcareRaising the Digital Trajectory of Healthcare
Raising the Digital Trajectory of Healthcare
 
Macra and Hospitalists: Get Your Questions Answered
Macra and Hospitalists: Get Your Questions AnsweredMacra and Hospitalists: Get Your Questions Answered
Macra and Hospitalists: Get Your Questions Answered
 
Janet King - ECO 15: Digital connectivity in healthcare
Janet King - ECO 15: Digital connectivity in healthcareJanet King - ECO 15: Digital connectivity in healthcare
Janet King - ECO 15: Digital connectivity in healthcare
 
Quality performance improvement
Quality performance improvementQuality performance improvement
Quality performance improvement
 
Challenges and Opportunities Around Integration of Clinical Trials Data
Challenges and Opportunities Around Integration of Clinical Trials DataChallenges and Opportunities Around Integration of Clinical Trials Data
Challenges and Opportunities Around Integration of Clinical Trials Data
 

Viewers also liked

Enrollemt workgroup
Enrollemt workgroupEnrollemt workgroup
Enrollemt workgroupBrian Ahier
 
Kurzweil ~ Humanity+
Kurzweil ~ Humanity+Kurzweil ~ Humanity+
Kurzweil ~ Humanity+Brian Ahier
 
ACEP Massachusetts Emergency Physicians Survey Results
ACEP Massachusetts Emergency Physicians Survey ResultsACEP Massachusetts Emergency Physicians Survey Results
ACEP Massachusetts Emergency Physicians Survey Results
Brian Ahier
 
Enrollment Workgroup 06-28-10
Enrollment Workgroup 06-28-10Enrollment Workgroup 06-28-10
Enrollment Workgroup 06-28-10Brian Ahier
 
Putting the 'IT' in Care Transitions
Putting the 'IT' in Care TransitionsPutting the 'IT' in Care Transitions
Putting the 'IT' in Care Transitions
Brian Ahier
 
ONC Direct Project Boot Camp
ONC Direct Project Boot CampONC Direct Project Boot Camp
ONC Direct Project Boot Camp
Brian Ahier
 
Secondary uses data flow by entity type
Secondary uses data flow by entity typeSecondary uses data flow by entity type
Secondary uses data flow by entity typeBrian Ahier
 
Healthcare Innovation Challenge Webinar #4
Healthcare Innovation Challenge Webinar #4Healthcare Innovation Challenge Webinar #4
Healthcare Innovation Challenge Webinar #4
Brian Ahier
 
PCAST Report Workgroup 01-14-11
PCAST Report Workgroup 01-14-11PCAST Report Workgroup 01-14-11
PCAST Report Workgroup 01-14-11
Brian Ahier
 
Open source’s role in CONNECTing the public and private sector healthcare com...
Open source’s role in CONNECTing the public and private sector healthcare com...Open source’s role in CONNECTing the public and private sector healthcare com...
Open source’s role in CONNECTing the public and private sector healthcare com...
Brian Ahier
 
Budget Cuts
Budget CutsBudget Cuts
Budget Cuts
Brian Ahier
 
Governance Workgroup 9-3-10
Governance Workgroup 9-3-10Governance Workgroup 9-3-10
Governance Workgroup 9-3-10Brian Ahier
 
David Blumenthal 092210
David Blumenthal 092210David Blumenthal 092210
David Blumenthal 092210
Brian Ahier
 
Patient Engagement Power Team Comments – Leslie Kelly Hall, Chair
Patient Engagement Power Team Comments – Leslie Kelly Hall, ChairPatient Engagement Power Team Comments – Leslie Kelly Hall, Chair
Patient Engagement Power Team Comments – Leslie Kelly Hall, Chair
Brian Ahier
 
Innovation Through the Lenses of HITECH and Health Reform
Innovation Through the Lenses of HITECH and Health ReformInnovation Through the Lenses of HITECH and Health Reform
Innovation Through the Lenses of HITECH and Health Reform
Brian Ahier
 
What Lies Ahead for ONC: Meaningful Use and Beyond
What Lies Ahead for ONC: Meaningful Use and BeyondWhat Lies Ahead for ONC: Meaningful Use and Beyond
What Lies Ahead for ONC: Meaningful Use and Beyond
Brian Ahier
 
S&I Framework Transitions of Care
S&I Framework Transitions of CareS&I Framework Transitions of Care
S&I Framework Transitions of Care
Brian Ahier
 
Remarks to Public Forum on National Health IT Policy
Remarks to Public Forum on National Health IT PolicyRemarks to Public Forum on National Health IT Policy
Remarks to Public Forum on National Health IT Policy
Brian Ahier
 
Hospital EHR Incentive Program
Hospital EHR Incentive ProgramHospital EHR Incentive Program
Hospital EHR Incentive ProgramBrian Ahier
 

Viewers also liked (19)

Enrollemt workgroup
Enrollemt workgroupEnrollemt workgroup
Enrollemt workgroup
 
Kurzweil ~ Humanity+
Kurzweil ~ Humanity+Kurzweil ~ Humanity+
Kurzweil ~ Humanity+
 
ACEP Massachusetts Emergency Physicians Survey Results
ACEP Massachusetts Emergency Physicians Survey ResultsACEP Massachusetts Emergency Physicians Survey Results
ACEP Massachusetts Emergency Physicians Survey Results
 
Enrollment Workgroup 06-28-10
Enrollment Workgroup 06-28-10Enrollment Workgroup 06-28-10
Enrollment Workgroup 06-28-10
 
Putting the 'IT' in Care Transitions
Putting the 'IT' in Care TransitionsPutting the 'IT' in Care Transitions
Putting the 'IT' in Care Transitions
 
ONC Direct Project Boot Camp
ONC Direct Project Boot CampONC Direct Project Boot Camp
ONC Direct Project Boot Camp
 
Secondary uses data flow by entity type
Secondary uses data flow by entity typeSecondary uses data flow by entity type
Secondary uses data flow by entity type
 
Healthcare Innovation Challenge Webinar #4
Healthcare Innovation Challenge Webinar #4Healthcare Innovation Challenge Webinar #4
Healthcare Innovation Challenge Webinar #4
 
PCAST Report Workgroup 01-14-11
PCAST Report Workgroup 01-14-11PCAST Report Workgroup 01-14-11
PCAST Report Workgroup 01-14-11
 
Open source’s role in CONNECTing the public and private sector healthcare com...
Open source’s role in CONNECTing the public and private sector healthcare com...Open source’s role in CONNECTing the public and private sector healthcare com...
Open source’s role in CONNECTing the public and private sector healthcare com...
 
Budget Cuts
Budget CutsBudget Cuts
Budget Cuts
 
Governance Workgroup 9-3-10
Governance Workgroup 9-3-10Governance Workgroup 9-3-10
Governance Workgroup 9-3-10
 
David Blumenthal 092210
David Blumenthal 092210David Blumenthal 092210
David Blumenthal 092210
 
Patient Engagement Power Team Comments – Leslie Kelly Hall, Chair
Patient Engagement Power Team Comments – Leslie Kelly Hall, ChairPatient Engagement Power Team Comments – Leslie Kelly Hall, Chair
Patient Engagement Power Team Comments – Leslie Kelly Hall, Chair
 
Innovation Through the Lenses of HITECH and Health Reform
Innovation Through the Lenses of HITECH and Health ReformInnovation Through the Lenses of HITECH and Health Reform
Innovation Through the Lenses of HITECH and Health Reform
 
What Lies Ahead for ONC: Meaningful Use and Beyond
What Lies Ahead for ONC: Meaningful Use and BeyondWhat Lies Ahead for ONC: Meaningful Use and Beyond
What Lies Ahead for ONC: Meaningful Use and Beyond
 
S&I Framework Transitions of Care
S&I Framework Transitions of CareS&I Framework Transitions of Care
S&I Framework Transitions of Care
 
Remarks to Public Forum on National Health IT Policy
Remarks to Public Forum on National Health IT PolicyRemarks to Public Forum on National Health IT Policy
Remarks to Public Forum on National Health IT Policy
 
Hospital EHR Incentive Program
Hospital EHR Incentive ProgramHospital EHR Incentive Program
Hospital EHR Incentive Program
 

Similar to Privacy and Security Tiger Team Authentication Recommendations

Provider Authentication for Health Information Exchange
Provider Authentication for Health Information ExchangeProvider Authentication for Health Information Exchange
Provider Authentication for Health Information Exchange
Brian Ahier
 
HIT Policy Committee FDASIA Update
HIT Policy Committee FDASIA UpdateHIT Policy Committee FDASIA Update
HIT Policy Committee FDASIA Update
Brian Ahier
 
EHR Certification for Medical Practices
EHR Certification for Medical PracticesEHR Certification for Medical Practices
EHR Certification for Medical Practices
Michael Duffy
 
Hitpc.20090716.Certification Workgroup
Hitpc.20090716.Certification WorkgroupHitpc.20090716.Certification Workgroup
Hitpc.20090716.Certification Workgroup
sdaviss
 
Data Quality Asia Pacific Award_v1.1_20100520
Data Quality Asia Pacific Award_v1.1_20100520Data Quality Asia Pacific Award_v1.1_20100520
Data Quality Asia Pacific Award_v1.1_20100520Tatiana Stebakova
 
Summary of Recommendations on Provider and Patient Identity Management
Summary of Recommendations on Provider and Patient Identity ManagementSummary of Recommendations on Provider and Patient Identity Management
Summary of Recommendations on Provider and Patient Identity Management
Brian Ahier
 
Regulatory Intelligence
Regulatory IntelligenceRegulatory Intelligence
Regulatory Intelligence
Armin Torres
 
Shaping the Future of Trusted Digital Identity
Shaping the Future of Trusted Digital IdentityShaping the Future of Trusted Digital Identity
Shaping the Future of Trusted Digital Identity
Noreen Whysel
 
Webinar: Integrating Physician Practices into Your Network
Webinar: Integrating Physician Practices into Your NetworkWebinar: Integrating Physician Practices into Your Network
Webinar: Integrating Physician Practices into Your Network
Modern Healthcare
 
Week1discussioncapstone
Week1discussioncapstoneWeek1discussioncapstone
Week1discussioncapstone
bradbury234
 
EHR Certification Requirements For Medical Practices
EHR Certification Requirements For Medical PracticesEHR Certification Requirements For Medical Practices
EHR Certification Requirements For Medical Practices
Michael Patrick
 
Standards of dental informatics, security issues
Standards of dental informatics, security issuesStandards of dental informatics, security issues
Standards of dental informatics, security issues
Ebtissam Al-Madi
 
Hitscbriefing091912
Hitscbriefing091912Hitscbriefing091912
Hitscbriefing091912Rich Elmore
 
How to Ensure your Healthcare Organisation is IG compliant
How to Ensure your Healthcare Organisation is IG compliantHow to Ensure your Healthcare Organisation is IG compliant
How to Ensure your Healthcare Organisation is IG compliant
Proofreading4all
 
Quality Assurance in nursing care
Quality Assurance in nursing careQuality Assurance in nursing care
Quality Assurance in nursing care
Sherwood College of Nursing, Barabanki, Uttar Pradesh
 
Amy walker aami_%202011(7)
Amy walker aami_%202011(7)Amy walker aami_%202011(7)
Amy walker aami_%202011(7)Amy Stowers
 
Quality assurance concept,cycle & models
Quality assurance concept,cycle & modelsQuality assurance concept,cycle & models
Quality assurance concept,cycle & models
Sherwood College of Nursing, Barabanki, Uttar Pradesh
 
3 02
3 023 02
3 02
Pranaya Krishna
 
Uncovering Best Practices from Corporate Integrity Agreements
Uncovering Best Practices from Corporate Integrity AgreementsUncovering Best Practices from Corporate Integrity Agreements
Uncovering Best Practices from Corporate Integrity Agreements
MD Ranger, Inc.
 
ONC’s Proposed Strategy on Governance for the Nationwide Health Information N...
ONC’s Proposed Strategy on Governance for the Nationwide Health Information N...ONC’s Proposed Strategy on Governance for the Nationwide Health Information N...
ONC’s Proposed Strategy on Governance for the Nationwide Health Information N...Brian Ahier
 

Similar to Privacy and Security Tiger Team Authentication Recommendations (20)

Provider Authentication for Health Information Exchange
Provider Authentication for Health Information ExchangeProvider Authentication for Health Information Exchange
Provider Authentication for Health Information Exchange
 
HIT Policy Committee FDASIA Update
HIT Policy Committee FDASIA UpdateHIT Policy Committee FDASIA Update
HIT Policy Committee FDASIA Update
 
EHR Certification for Medical Practices
EHR Certification for Medical PracticesEHR Certification for Medical Practices
EHR Certification for Medical Practices
 
Hitpc.20090716.Certification Workgroup
Hitpc.20090716.Certification WorkgroupHitpc.20090716.Certification Workgroup
Hitpc.20090716.Certification Workgroup
 
Data Quality Asia Pacific Award_v1.1_20100520
Data Quality Asia Pacific Award_v1.1_20100520Data Quality Asia Pacific Award_v1.1_20100520
Data Quality Asia Pacific Award_v1.1_20100520
 
Summary of Recommendations on Provider and Patient Identity Management
Summary of Recommendations on Provider and Patient Identity ManagementSummary of Recommendations on Provider and Patient Identity Management
Summary of Recommendations on Provider and Patient Identity Management
 
Regulatory Intelligence
Regulatory IntelligenceRegulatory Intelligence
Regulatory Intelligence
 
Shaping the Future of Trusted Digital Identity
Shaping the Future of Trusted Digital IdentityShaping the Future of Trusted Digital Identity
Shaping the Future of Trusted Digital Identity
 
Webinar: Integrating Physician Practices into Your Network
Webinar: Integrating Physician Practices into Your NetworkWebinar: Integrating Physician Practices into Your Network
Webinar: Integrating Physician Practices into Your Network
 
Week1discussioncapstone
Week1discussioncapstoneWeek1discussioncapstone
Week1discussioncapstone
 
EHR Certification Requirements For Medical Practices
EHR Certification Requirements For Medical PracticesEHR Certification Requirements For Medical Practices
EHR Certification Requirements For Medical Practices
 
Standards of dental informatics, security issues
Standards of dental informatics, security issuesStandards of dental informatics, security issues
Standards of dental informatics, security issues
 
Hitscbriefing091912
Hitscbriefing091912Hitscbriefing091912
Hitscbriefing091912
 
How to Ensure your Healthcare Organisation is IG compliant
How to Ensure your Healthcare Organisation is IG compliantHow to Ensure your Healthcare Organisation is IG compliant
How to Ensure your Healthcare Organisation is IG compliant
 
Quality Assurance in nursing care
Quality Assurance in nursing careQuality Assurance in nursing care
Quality Assurance in nursing care
 
Amy walker aami_%202011(7)
Amy walker aami_%202011(7)Amy walker aami_%202011(7)
Amy walker aami_%202011(7)
 
Quality assurance concept,cycle & models
Quality assurance concept,cycle & modelsQuality assurance concept,cycle & models
Quality assurance concept,cycle & models
 
3 02
3 023 02
3 02
 
Uncovering Best Practices from Corporate Integrity Agreements
Uncovering Best Practices from Corporate Integrity AgreementsUncovering Best Practices from Corporate Integrity Agreements
Uncovering Best Practices from Corporate Integrity Agreements
 
ONC’s Proposed Strategy on Governance for the Nationwide Health Information N...
ONC’s Proposed Strategy on Governance for the Nationwide Health Information N...ONC’s Proposed Strategy on Governance for the Nationwide Health Information N...
ONC’s Proposed Strategy on Governance for the Nationwide Health Information N...
 

More from Brian Ahier

Draft TEFCA
Draft TEFCADraft TEFCA
Draft TEFCA
Brian Ahier
 
Future is Now
Future is NowFuture is Now
Future is Now
Brian Ahier
 
AMA Digital Health Study
AMA Digital Health Study AMA Digital Health Study
AMA Digital Health Study
Brian Ahier
 
DoD onboarding slides
DoD onboarding slidesDoD onboarding slides
DoD onboarding slides
Brian Ahier
 
2015 Edition Proposed Rule Modifications to the ONC Health IT Certification ...
2015 Edition Proposed Rule Modifications to the ONC Health IT Certification ...2015 Edition Proposed Rule Modifications to the ONC Health IT Certification ...
2015 Edition Proposed Rule Modifications to the ONC Health IT Certification ...
Brian Ahier
 
Accountable Care Workgroup: Draft Recommendations
Accountable Care Workgroup: Draft RecommendationsAccountable Care Workgroup: Draft Recommendations
Accountable Care Workgroup: Draft RecommendationsBrian Ahier
 
FTC Spring Privacy Series: Consumer Generated and Controlled Health Data
FTC Spring Privacy Series: Consumer Generated and Controlled Health DataFTC Spring Privacy Series: Consumer Generated and Controlled Health Data
FTC Spring Privacy Series: Consumer Generated and Controlled Health Data
Brian Ahier
 
Mobile Device Tracking Seminar
Mobile Device Tracking SeminarMobile Device Tracking Seminar
Mobile Device Tracking Seminar
Brian Ahier
 
Big Data and VistA Evolution, Theresa A. Cullen, MD, MS
Big Data and VistA Evolution, Theresa A. Cullen, MD, MSBig Data and VistA Evolution, Theresa A. Cullen, MD, MS
Big Data and VistA Evolution, Theresa A. Cullen, MD, MS
Brian Ahier
 
Meaningful Use Workgroup Stage 3 Recommendations
Meaningful Use Workgroup Stage 3 Recommendations Meaningful Use Workgroup Stage 3 Recommendations
Meaningful Use Workgroup Stage 3 Recommendations Brian Ahier
 
ONC 2015 Edition EHR Certification Criteria
ONC 2015 Edition EHR Certification CriteriaONC 2015 Edition EHR Certification Criteria
ONC 2015 Edition EHR Certification Criteria
Brian Ahier
 
Mark Bertolini of Aetna at JP Morgan Healthcare 2014
Mark Bertolini of Aetna at JP Morgan Healthcare 2014Mark Bertolini of Aetna at JP Morgan Healthcare 2014
Mark Bertolini of Aetna at JP Morgan Healthcare 2014Brian Ahier
 
DeSalvo Remarks to HIT Policy Committee 1-14-13
DeSalvo Remarks to HIT Policy Committee 1-14-13DeSalvo Remarks to HIT Policy Committee 1-14-13
DeSalvo Remarks to HIT Policy Committee 1-14-13Brian Ahier
 
Patient Identification and Matching Initiative Stakeholder Meeting
Patient Identification and Matching Initiative Stakeholder MeetingPatient Identification and Matching Initiative Stakeholder Meeting
Patient Identification and Matching Initiative Stakeholder MeetingBrian Ahier
 
Frisse - One Step at a Time
Frisse - One Step at a TimeFrisse - One Step at a Time
Frisse - One Step at a Time
Brian Ahier
 
The Pulse of Liquid Health Data
The Pulse of Liquid Health DataThe Pulse of Liquid Health Data
The Pulse of Liquid Health DataBrian Ahier
 
Direct Boot Camp 2.0 - Tennesse Directories
Direct Boot Camp 2.0 - Tennesse DirectoriesDirect Boot Camp 2.0 - Tennesse Directories
Direct Boot Camp 2.0 - Tennesse DirectoriesBrian Ahier
 
Direct Boot Camp 2 0 IWG Provider Directory Pilots
Direct Boot Camp 2 0 IWG Provider Directory PilotsDirect Boot Camp 2 0 IWG Provider Directory Pilots
Direct Boot Camp 2 0 IWG Provider Directory PilotsBrian Ahier
 
Direct20: Modular Specifications - Provider Directories
Direct20: Modular Specifications - Provider DirectoriesDirect20: Modular Specifications - Provider Directories
Direct20: Modular Specifications - Provider DirectoriesBrian Ahier
 
Delivery Notifications in Direct Background & Implementation Guidance
Delivery Notifications in Direct Background & Implementation GuidanceDelivery Notifications in Direct Background & Implementation Guidance
Delivery Notifications in Direct Background & Implementation Guidance
Brian Ahier
 

More from Brian Ahier (20)

Draft TEFCA
Draft TEFCADraft TEFCA
Draft TEFCA
 
Future is Now
Future is NowFuture is Now
Future is Now
 
AMA Digital Health Study
AMA Digital Health Study AMA Digital Health Study
AMA Digital Health Study
 
DoD onboarding slides
DoD onboarding slidesDoD onboarding slides
DoD onboarding slides
 
2015 Edition Proposed Rule Modifications to the ONC Health IT Certification ...
2015 Edition Proposed Rule Modifications to the ONC Health IT Certification ...2015 Edition Proposed Rule Modifications to the ONC Health IT Certification ...
2015 Edition Proposed Rule Modifications to the ONC Health IT Certification ...
 
Accountable Care Workgroup: Draft Recommendations
Accountable Care Workgroup: Draft RecommendationsAccountable Care Workgroup: Draft Recommendations
Accountable Care Workgroup: Draft Recommendations
 
FTC Spring Privacy Series: Consumer Generated and Controlled Health Data
FTC Spring Privacy Series: Consumer Generated and Controlled Health DataFTC Spring Privacy Series: Consumer Generated and Controlled Health Data
FTC Spring Privacy Series: Consumer Generated and Controlled Health Data
 
Mobile Device Tracking Seminar
Mobile Device Tracking SeminarMobile Device Tracking Seminar
Mobile Device Tracking Seminar
 
Big Data and VistA Evolution, Theresa A. Cullen, MD, MS
Big Data and VistA Evolution, Theresa A. Cullen, MD, MSBig Data and VistA Evolution, Theresa A. Cullen, MD, MS
Big Data and VistA Evolution, Theresa A. Cullen, MD, MS
 
Meaningful Use Workgroup Stage 3 Recommendations
Meaningful Use Workgroup Stage 3 Recommendations Meaningful Use Workgroup Stage 3 Recommendations
Meaningful Use Workgroup Stage 3 Recommendations
 
ONC 2015 Edition EHR Certification Criteria
ONC 2015 Edition EHR Certification CriteriaONC 2015 Edition EHR Certification Criteria
ONC 2015 Edition EHR Certification Criteria
 
Mark Bertolini of Aetna at JP Morgan Healthcare 2014
Mark Bertolini of Aetna at JP Morgan Healthcare 2014Mark Bertolini of Aetna at JP Morgan Healthcare 2014
Mark Bertolini of Aetna at JP Morgan Healthcare 2014
 
DeSalvo Remarks to HIT Policy Committee 1-14-13
DeSalvo Remarks to HIT Policy Committee 1-14-13DeSalvo Remarks to HIT Policy Committee 1-14-13
DeSalvo Remarks to HIT Policy Committee 1-14-13
 
Patient Identification and Matching Initiative Stakeholder Meeting
Patient Identification and Matching Initiative Stakeholder MeetingPatient Identification and Matching Initiative Stakeholder Meeting
Patient Identification and Matching Initiative Stakeholder Meeting
 
Frisse - One Step at a Time
Frisse - One Step at a TimeFrisse - One Step at a Time
Frisse - One Step at a Time
 
The Pulse of Liquid Health Data
The Pulse of Liquid Health DataThe Pulse of Liquid Health Data
The Pulse of Liquid Health Data
 
Direct Boot Camp 2.0 - Tennesse Directories
Direct Boot Camp 2.0 - Tennesse DirectoriesDirect Boot Camp 2.0 - Tennesse Directories
Direct Boot Camp 2.0 - Tennesse Directories
 
Direct Boot Camp 2 0 IWG Provider Directory Pilots
Direct Boot Camp 2 0 IWG Provider Directory PilotsDirect Boot Camp 2 0 IWG Provider Directory Pilots
Direct Boot Camp 2 0 IWG Provider Directory Pilots
 
Direct20: Modular Specifications - Provider Directories
Direct20: Modular Specifications - Provider DirectoriesDirect20: Modular Specifications - Provider Directories
Direct20: Modular Specifications - Provider Directories
 
Delivery Notifications in Direct Background & Implementation Guidance
Delivery Notifications in Direct Background & Implementation GuidanceDelivery Notifications in Direct Background & Implementation Guidance
Delivery Notifications in Direct Background & Implementation Guidance
 

Recently uploaded

How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
g2nightmarescribd
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 

Recently uploaded (20)

How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 

Privacy and Security Tiger Team Authentication Recommendations

  • 1. HIT Policy CommitteeHIT Policy Committee Privacy and Security Tiger TeamPrivacy and Security Tiger Team Deven McGraw, Chair Paul Egerman, Co-Chair Provider Authentication Recommendations November 19, 2010 1
  • 2. Tiger Team Members 2 • Deven McGraw, Chair, Center for Democracy & Technology • Paul Egerman, Co-Chair • Dixie Baker, SAIC • Christine Bechtel, National Partnership for Women & Families • Rachel Block, NYS Department of Health • Neil Calman, Institute for Family Health • Carol Diamond, Markle Foundation • Judy Faulkner, EPIC Systems Corp. • Leslie Francis, University of Utah; NCVHS • Gayle Harrell, Consumer Representative/Florida • John Houston, University of Pittsburgh Medical Center • David Lansky, Pacific Business Group on Health • David McCallie, Cerner Corp. • Wes Rishel, Gartner • Latanya Sweeney, Carnegie Mellon University • Micky Tripathi, Massachusetts eHealth Collaborative • Adam Greene, Office of Civil Rights • Joy Pritts, ONC • Judy Sparrow, ONC
  • 3. Objectives and Scope of this Discussion • Stage 1 of meaningful use includes some requirements to exchange identifiable clinical information among providers for treatment purposes -- we expect that the exchange requirements will increase in Stages 2 and 3 • We focused on a trust framework for information exchange between EHR systems • We need to validate that the organization is who it says it is (digital credentials) – Does the organization really exist, and how can we gain assurance that someone else isn’t spoofing or assuming the organization’s identity? 3
  • 4. Objectives and Scope continued • We are evaluating these trust rules at the organizational or entity level, and as such, the scope of this recommendation does not include authentication of individual users of EHR systems • With respect to individual users, provider entities and organizations must develop and implement policies to identity proof and authenticate their individual users (already required under HIPAA Security Rule) 4
  • 6. Authentication Infrastructure • On the Internet, the identity of an entity is authenticated using a digital certificate – Contains information about the entity – Contains public (freely published) encryption key that, when used in combination with its paired private key (retained by the entity), can be used to authenticate the identity of the certificate holder • The process of assigning a digital certificate to an entity is called credentialing 6
  • 7. Overall Comments • We want a high level of assurance that the organization is who it says it is – We also want to ensure an appropriate balance between level of assurance and cost and burden of implementation • Entity authentication (through digital certificates) is not the sole measure of security – it is necessary but not sufficient • We assume that recommendations from the Governance workgroup will form the foundation of an accountability infrastructure for assuring adherence to a framework of privacy and security practices and policies 7
  • 8. Recommendation 1: Which Provider Entities Should be Issued Digital Certificates • All entities involved in health data exchange should be required to have digital certificates – Examples of these entities might include: • Covered entities • Business associates • PHR providers • Public health entities • PBMs • Retail pharmacies • DME suppliers • Laboratories • Imaging centers • Non-providers--payers, claims clearinghouses, HIOs [Note: an entity might have multiple entry points] 8
  • 9. Recommendation 2: Requirements to be Issued Digital Certificates 9
  • 10. Recommendation 3: Process for Issuing Digital Certificates and Process for Re-evaluation 10
  • 11. Recommendation 4: Characteristics of Who Can Credential/Issue Digital Certificates • Any entity willing to assume attendant risks (i.e., be held accountable for achieving a high level of accuracy/assurance) and meet established standards can issue digital certificates • We recommend that ONC establish an accreditation program for reviewing and authorizing certificate issuers – Annual credentialing of entities is not enough – credential issuers must be required to operate with transparency so their operations can be monitored and problems are quickly identified • This requirement for accreditation should be evaluated in the context of recommendations from the HIT Policy Committee’s Governance Workgroup 11
  • 12. Recommendation 5: EHR Certification and Standardization of Digital Certificates • ONC, through the Standards Committee, should select or specify standards for digital certificates (including data fields) in order to promote interoperability among health care organizations. • EHR certification should include criteria that tests capabilities to retrieve, validate, use, and revoke digital certificates that comply with standards 12
  • 13. Recommendation 6: Types of Transactions Requiring Certificates • Authentication is required on any transaction: – When the content of the exchange must be protected (due to personally identifiable health information) – When the identity of the sender and/or receiver must be known and validated – In some cases may only need to authenticate one end versus both • Examples of transactions that may require authentication of sender and/or receiver need assurance include: – Transactions that contain personally identifiable health information or may otherwise pose a risk to the patient if the information is not used in an appropriate manner – Transactions that would normally be authenticated outside of health care – Bulk transactions used to transfer multiple patient records 13