Privacy and Security Workgroup
description
Transcript of Privacy and Security Workgroup
![Page 1: Privacy and Security Workgroup](https://reader035.fdocuments.in/reader035/viewer/2022062222/56815ec1550346895dcd48e9/html5/thumbnails/1.jpg)
Privacy and Security Workgroup
NSTIC ApproachNovember 2, 2012
![Page 2: Privacy and Security Workgroup](https://reader035.fdocuments.in/reader035/viewer/2022062222/56815ec1550346895dcd48e9/html5/thumbnails/2.jpg)
Ability to include identity attributes will enhance privacy
Secure, online patient access to health information
January 1, 2016The Identity Ecosystem: Individuals can choose among multiple identity providers and digital credentials for convenient, secure, and privacy-enhancing transactions anywhere, anytime.
Improved care through secure exchange of electronic medical records
Streamlined provider access to multiple systems
![Page 3: Privacy and Security Workgroup](https://reader035.fdocuments.in/reader035/viewer/2022062222/56815ec1550346895dcd48e9/html5/thumbnails/3.jpg)
Today – Patients and providers need multiple credentials
OpenID/LOA1
![Page 4: Privacy and Security Workgroup](https://reader035.fdocuments.in/reader035/viewer/2022062222/56815ec1550346895dcd48e9/html5/thumbnails/4.jpg)
Implementing 3rd Party Credentials
OpenID/LOA1
SAML/LOA3
OpenID/LOA1
PKI
Open ID/LOA1
SAML/LOA3
OpenID/LOA1
Implementing 3rd Party Credentials adds complexities for EHR vendors
![Page 5: Privacy and Security Workgroup](https://reader035.fdocuments.in/reader035/viewer/2022062222/56815ec1550346895dcd48e9/html5/thumbnails/5.jpg)
5 Draft for Deliberative Purposes Only Federal Cloud Credential Exchange Tiger Team
Middle Layer Authentication Service
• Cloud based
• Service authenticates users
• Patients and providers can re-use credentials across multiple Health IT services
• Translate between different protocols (open ID, PKI, SAML, etc.)
• Passes verification of authentication to EHR
SAML
Citizens
OpenID
OpenID
PKI
OpenID
FCCX.Government
![Page 6: Privacy and Security Workgroup](https://reader035.fdocuments.in/reader035/viewer/2022062222/56815ec1550346895dcd48e9/html5/thumbnails/6.jpg)
EHR Certification Criteria
6
Provider EHR
Provider EHRThird-Party Service
Authentication takes place in E H R system
EHR Certification Criteria for Two-factor Authentication
Authentication takes place via third-party service