M2SYS Healthcare Solutions

Free Online Learning Podcasts

Podcast length 38:56
Topic: Establishing a Trusted Identity in Cyberspace
Background on NSTIC, Creating an Identity Ecosystem, The Impact of
Identity Theft, Right to Privacy, Value of Standards Based Patient ID in
Healthcare, NSTIC and the ONC, Interoperability, Trusted ID Reducing
Medical ID Theft, NSTIC Pilot Projects
Jim Shiere, Senior Advisor with the National Strategy for Trusted
Identities in Cyberspace (NSTIC)
and
Topics Covered in Podcast:
NSTIC Mission & Objectives What is an Identity Ecosystem?
Processes & Structure to Meet NSTIC Goals
Trusted Identities Why is Now the Right Time?
Balance Between Identities and Privacy
Value of a Trusted Identity for Patients in Healthcare
Identity Theft Implications
Topics Covered in Podcast (continued):
NSTIC and the ONC Working Together to Created Trusted
Identities for Patients
The Value of A Standardized Biometric Patient Identification
Solution
Trusted Identity Impact on Medical Identity Theft
NSTIC Pilot Projects
NSTIC National Strategy for Trusted Identities in Cyberspace

Launched by the White House in 2011
Main goal is to establish an identity ecosystem
Individuals can voluntarily choose from a single or multiple digital
identities of their choice to conduct business on the Internet anywhere
at anytime
Based on 4 fundamental guiding principles:
Interoperability If you choose an identity (Google for example) you
have the opportunity to interoperably use it anywhere. Helps alleviate
the problem of creating a user name and password for each new site
you visit. Idea is to create one credential to be used anywhere.
Security & Resiliency Single factor authentication (e.g. passwords)
are hopelessly broken and increasingly are a vector of attack 60% of
network intrusions are a result of bad password management. NSTIC
envisions a way to replace the password with better
methods


NSTIC Mission & Objectives What is a Trusted
Identity?
NSTIC Mission & Objectives What is a Trusted
Identity? (continued)
Multi-factor authentication seen as a more secure identity
Privacy How can we foster the creation of an identity ecosystem that
presents privacy enhancing options to individuals?
Current interoperable sign on credentials dont allow for a clear
understanding of what privacy controls are in place to protect
information
NSTIC looking to enshrine better privacy policies to foster more
control over personal information
Usability any online, interoperable credential solution should be easy
to use and convenient

Processes and Structure
What is NSTIC doing to foster the vision of an identity ecosystem?
Thrust #1: Funding providing pilot project funding to private company
projects who are innovating and launching initiatives to help advance
the principles of an identity ecosystem and catalyze the market for
these solutions
Processes & Structure to Meet NSTIC Goals
Pilot Example American Association of Motor Vehicle Administration
(AAMVA) and the INOVA Healthcare System (based in Virginia)
Pilot basis How can INOVA patients access their online records
using a Google or Microsoft account for login to avoid having to
create a new account. The AAMVA will automatically proof your
identity so INOVA can grant authorization.
NSTIC has awarded over $17 in funding to the private sector and
several states for pilots
Thrust #2: Lead federal government rallying the government sector to
be early adopters to the identity ecosystem
Example Federal Cloud Credential Exchange government is
deploying a platform to accept third party credentialing to access
government services. Idea is to move more government services
online in a cost effective and efficient way but still follow security
and privacy guidelines.
Processes & Structure to Meet NSTIC Goals
Expect to hear more in the coming months about which
government agencies will be deploying the trusted identity
initiative
Thrust #3: Facilitating private sector led groups referred to as The
Identity Ecosystem Steering Group (IDSG) to convene the private sector
to establish a framework of rules, policies and standards which will
provide the policy foundation for how the private sector can leverage
the identity ecosystem
NSTIC provided grant funding to support the group for the first two
years, the group has since transformed into an independent entity
If individuals or business are looking to play a larger role in the
initiative, participation in the IDSG is a great place to engage
(www.idecosystem.org) open to all (businesses, individuals, non-
profits, etc.)
Many IDSG stakeholders groups exist that cover a range of topics
(state and local governments, privacy, etc.)

Trusted Identities Why is Now the Right Time?
The hopelessly broken nature of user names and passwords
Increasingly a vector of attack for criminals to access sensitive
information to enable identity theft and other forms of fraud
NSTICs goals are aimed to provide more usable and secure identity
credentialing solutions to provide a safer way to do business online and
build consumer trust
NSTIC envisions a better way forward to authenticate ourselves online
by playing more of a facilitator role and support entities
Ultimately, its the private sector that will step up and provide tools and
tech for more secure online transactions
There needs to be a more open and comprehensive study and
discussion on the issue of privacy and how it impacts the creation of an
identity ecosystem
Urgency exists to solidify a national strategy now is the right time
Identity Theft Implications

The proliferation of data available on individuals to provide better
products and services online has fueled the rise in ID theft in other
words, the quest to improve product and service quality seeded the
growth of ID theft cases
NSTIC has stepped in to help change the thought process of online
individual information and shift the focus to privacy and protection
NSTIC asks the question if you are sharing information online for
business transactions, why is it necessary to share anything other
than basic information necessary to complete the transaction?
NSTIC is focusing on the concept of data minimization
Identity theft erodes consumer trust in online transactions
NSTIC believes it can build a better set of online identity tools to
minimize risk and increase privacy
Balance Between Identities and Privacy
Privacy remains a fundamental guiding principle of the national strategy
for online trusted identities
NSTIC is focused on ensuring that privacy advocates have a seat at the
table to help mold the online identity initiative and how the identity
ecosystem will evolve
Another way NSTIC is promoting privacy enhancing solutions is through
the Federal Cloud Credential Exchange (FCCX) which enshrines the fair
information practice princples learn more at:
www.nist.gov/nstic/fccx.html

Did you know?

A copy of NSTICs strategy is available online. You
can access a copy by following this link:
www.whitehouse.gov/sites/default/files/rss_vie
wer/NSTICstrategy_051511.pdf

At heart of NSTIC and Office of the National Coordinator for Health
Information Technology (NSTIC) collaboration is looking at how NSTICs
drive to establish trusted identities (identities that provide security and
privacy both important in the context of HIPAA)
Identity ecosystem that NSTIC envisions allows patients to have
voluntary access to identity credentials with stronger privacy and
security enhancing features
This fits into the ONC strategy of open access to health data with more
secure, safe, and privacy enhancing tools
Viewing, downloading and exchange of health data information is
enabled through a trusted identity ecosystem
Patients want the assurance that their private health data is being
adequately protected during the access and exchange process
Trusted identities help to advance the goal of true interoperability
ONC is actively engaged in the IDSG and follow several pilots closely
(INNOVA)
Value of a Trusted Identity for Patients in Healthcare
How the ONC and NSTIC are Working Together
The Value of A Standardized Biometric Patient
Identification Solution
NSTICs role isnt to point to specific methods of authentication for the
market instead their role is a facilitator of pilot projects, opening
dialog, and ensuring all stakeholders have a seat at the table
NSTIC focuses on allowing private entities to factor in identity
management technologies as part of the overall solution
Most people understand the value of standards based identity
management approaches fundamentally important for the overall
identity management ecosystem moving forward (enshrined in NSTIC
interoperability principles)
Overall, patient identification standards based solutions are getting a
close look as a piece of the overall identity ecosystem
Most Effective Security Technologies to Protect
Patient Data Access
The shift from paper to electronic health records necessitates a shift
change in how to effectively protect patient data
Patient data information used to be limited and siloed the advent of
EHRs, HIEs, Meaningful Use mandates, and an increased interest in
leveraging the power of big data to perform population management
has increased the availability of electronic information that is easier to
transport (and steal)
Critical that a security protocol be in established & observed to:
Validate a patients identity & ensure they are who they say they are
both in person and online (e.g. patient portals)
Biometrics for patient identification is increasing and a viable tool to
verify a patients identity with near 100% accuracy can also be used at
each touch point along the continuum of care to authenticate identity
before service/procedure is rendered
Trusted Identity Impact on Medical Identity Theft

NSTIC is specifically coordinating its efforts to establish a trusted identity
precisely to help stem the rising tide of medical ID theft
Medical identity theft looming crisis demands better ways for patients to
access health data online especially in the wake of increased adoption of
electronic health records (EHRs)
NSTIC timing was ideal for the healthcare industry as the struggles to
protect identities increases
NSTIC provides a set of tools and fosters an ecosystem that enables
patient trust
ONCs vision of open, secure, and private access to health data is
manifested in NSTICs initiatives with an improved approach to identity
Pilots within federal government provide valuable case studies to help
advance trusted identities in healthcare
Expect to see continued dialog and collaboration between ONC and
NSTIC to stem medical ID theft with more secure trusted identities
NSTIC Pilot Projects

INNOVA
Pilot premise is to help enable more convenient yet secure ways for
patients to log in and access their health data online
Prior to patients logging into a portal for access to health data, a
customized list of questions only the patient would know the answers to
is provided by the Virginia MVA
Establishes much stricter security protocols for online healthcare data
access
Provides a much more authoritative resource for verifying patient
identities
Creating growing interest in healthcare for access to a powerful set of
tools to better verify patient identities while creating convenience and
fostering privacy
Thank you to Jim for his time and
knowledge on this podcast!
Please follow NSTIC on Twitter
(@nsticnpo) and visit their Web site at:
www.nist.gov/nstic@nstic or check out
their blog at: www.nist.gov/blog.html

John Trader
Director of Communications
M2SYS Healthcare Solutions
1050 Crown Pointe Pkwy.
Suite 850
Atlanta, GA 30338
jtrader@m2sys.com
770-821-1734
www.m2sys.com/healthcare
Podcast home page: http://www.m2sys.com/healthcare/healthcare-biometrics-
podcasts/

: twitter.com/rightpatient
: facebook.com/rightpatient
: linkedin.com/company/m2sys-technology

Contact Information