consumer authentication for networked personal health information redwood health information...
TRANSCRIPT
Consumer Authentication for Networked Personal Health Information
Redwood Health Information CollaborativeMarch 18, 2008
Josh LemieuxDirector, Personal Health Technology Initiative, Markle Health Program
Common Framework for Networked Personal Health
Information
Objectives• The overall purpose:
– To help open up private and secure data flows between health data sources and consumer-accessible applications (networked PHRs).
– We call these “Consumer Data Streams” — the chain of handoffs of copies of personal health information destined for the consumer’s application.
• The focus is on policies: – Authentication: Trust across entities for ID proofing, online
tokens, ongoing monitoring, and auditing.
– Access: Broader focus on privacy, consent, data collection and use, transparency, enforcement, etc., across entities participating in Consumer Data Streams.
Many Simultaneous Activities
Access policy efforts: • Employers• AHIC• HITSP• HISPC• National Governors Ass’n• Congress, etc.
Authentication efforts: • EAP/EAF• AHIC• HITSP• Liberty Alliance• VeriSign• Private vendors
• AHIP/BCBS• Dossia• Intuit• Revolution• WebMD
• Google• Microsoft • VA/CMS• Large IDNs• Many smaller players
Public and private PHR efforts
Consumer Authentication Overview
• Working Group set out to find a set of authentication methods and policies that would bring networked PHRs closer to reality.
• Two big barriers :
1. Proofing: We could not find Metric “X” for proofing accuracy.
2. Business issues: (i.e., competition, lack of business value, and fear of liability) may discourage data holders from accepting even well-executed proofing and authentication from remote parties.
Consumer Authentication Recommendations
• 1A: In-person proofing is a reasonable — although imperfect and poorly measured — default when there is no prior relationship with the consumer. But it’s not always feasible.
• 1B: Consider ‘bootstrapping’ in-person encounters with other sectors (financial institutions, post offices, retail pharmacies, notary publics, etc.).
Part 1: Proofing
Consumer Authentication Recommendations
• 1C: Consider Remote Proofing:a. Rely on combinations of at least two alternative methods or
sources for validating identity that use separate data (i.e., don't use two different sources relying on Social Security Number or the same account number).
b. Are optimized to minimize the rate of false positives (i.e., when the wrong person is granted access based on an identity not his own).
c. Provide an alternative identity-proofing protocol to mitigate false negatives (i.e., when the right person using his correct identity is denied access nonetheless).
d. Take precautions to minimize risk to the consumer.
Part 1: Proofing
Consumer Authentication Recommendations
• 1D: Begin Federal research on identity proofing quality. Federal studies to create proofing accuracy benchmarks.
• 1E: Do not use clinical information as validation data in an authentication process.
Part 1: Proofing (continued)
Consumer Authentication Recommendations
Part 2 & 3: Tokens and Monitoring
• 2A-2E: Follow Industry Practice in Binding, Use, and Re-use of Tokens
• 3A: Ongoing monitoring: Proofing is a process, not an event. Every authentication offers a chance at re-verification.
• 3B: Enable consumers to view audit trail: Consumers can help detect fraud when they have access to transaction history.
Consumer Authentication Recommendations
Part 4: Auditing and Enforcement
• 4A: Ensure that third parties are “observable” in how and how well they are performing identity proofing, token-issuing and ongoing monitoring or any related services to authenticate consumers.
• 4B: Ensure a mechanism for enforcement and redress for bad actions.
• 4C: Consider federation and/or other contractual means to address Recommendations 4A and 4B.
Conclusion: A Path Forward
• Our next area of work is to establish policy rules and techniques that establish trust among participants, including consumers, over a “network of networks.”
• New trends — new threats, new business relationships, emerging technologies, and consumer awareness and behavior — all warrant close monitoring and all reinforce the idea that that the path forward on consumer authentication requires careful thinking, new research, and innovative approaches.
Closing Remarks Thank You!