Privacy and Security Workgroup
6
Privacy and Security Workgroup NSTIC Approach November 2, 2012
description
Privacy and Security Workgroup. NSTIC Approach November 2 , 2012. January 1, 2016. The Identity Ecosystem: Individuals can choose among multiple identity providers and digital credentials for convenient, secure, and privacy-enhancing transactions anywhere, anytime. . - PowerPoint PPT Presentation
Transcript of Privacy and Security Workgroup
Privacy and Security Workgroup
NSTIC ApproachNovember 2, 2012
Ability to include identity attributes will enhance privacy
Secure, online patient access to health information
January 1, 2016The Identity Ecosystem: Individuals can choose among multiple identity providers and digital credentials for convenient, secure, and privacy-enhancing transactions anywhere, anytime.
Improved care through secure exchange of electronic medical records
Streamlined provider access to multiple systems
Today – Patients and providers need multiple credentials
OpenID/LOA1
Implementing 3rd Party Credentials
OpenID/LOA1
SAML/LOA3
OpenID/LOA1
PKI
Open ID/LOA1
SAML/LOA3
OpenID/LOA1
Implementing 3rd Party Credentials adds complexities for EHR vendors
5 Draft for Deliberative Purposes Only Federal Cloud Credential Exchange Tiger Team
Middle Layer Authentication Service
• Cloud based
• Service authenticates users
• Patients and providers can re-use credentials across multiple Health IT services
• Translate between different protocols (open ID, PKI, SAML, etc.)
• Passes verification of authentication to EHR
SAML
Citizens
OpenID
OpenID
PKI
OpenID
FCCX.Government
EHR Certification Criteria
6
Provider EHR
Provider EHRThird-Party Service
Authentication takes place in E H R system
EHR Certification Criteria for Two-factor Authentication
Authentication takes place via third-party service
