Powerpoint - DirectTrust

Report
1:00 pm EDT, October 3, 2014
https://global.gotomeeting.com/meeting/join/930802605
(626) 521-0013 -- 930-802-605#
www.DirectTrust.org
1101 Connecticut Ave NW, Washington, DC 20036
1
Agenda
“You are the most trusted names in Healthcare Exchange”
• Welcome and new member greetings
• DTAAP, industry update, and news from members.
• Presentation from MiHIN
– “Identity Exchange Hub: Trusted Provider and Consumer
Identities”
• Workgroup updates
• Open discussion and comment
www.DirectTrust.org
1101 Connecticut Ave NW, Washington, DC 20036
2
DirectTrust Members
142 and Counting…..
www.DirectTrust.org
1101 Connecticut Ave NW, Washington, DC 20036
3
3
DirectTrust Members
142 and Counting….
www.DirectTrust.org
1101 Connecticut Ave NW, Washington, DC 20036
4
New Members
•
Prosocial Applications, Inc
•
IOS Health Systems
•
Ready Computing Inc
•
HealthBridge
•
RazorInsights, LLC
•
Sujansky and Associates, LLC
•
HealthShare Exchange of Southeastern Pennsylvania, Inc
www.DirectTrust.org
1101 Connecticut Ave NW, Washington, DC 20036
5
Renewing Members
www.DirectTrust.org
1101 Connecticut Ave NW, Washington, DC 20036
6
Newest Accreditations
• Health Companion
• RelayHealth
• Axesson
www.DirectTrust.org
1101 Connecticut Ave NW, Washington, DC 20036
7
Facts and figures, August, 2014
 145 member organizations
 Coop Agreement extended another year
 20 fully accredited and audited HISPs, 13
CA/RAs
 20 candidate status HISPs, 2 CA/RAs
 37 HISPs in trust anchor bundles
 50+ HIEs and 250+ certified EHRs supported
 29,000 health care organizations supported
 420,000+ Direct accounts/addresses
provisioned
 8 million Direct messages past 13 months
 450,000 Direct messages for Stage 2
Meaningful Users in month of July, 2014
www.DirectTrust.org
1101 Connecticut Ave NW, Washington, DC 20036
8
Identity Exchange Hub
Trusted Provider and Consumer Identities
www.DirectTrust.org
1101 Connecticut Ave NW, Washington, DC 20036
9
Why are we doing this?
• Improve identity verification to reduce fraud
• Leverage and use the identity proofing processes of
other trusted organizations
• Reduce IT staff workload (fewer account creations)
• Reduce number of IDs and passwords for providers and
participants
• Improve security through standard processes
• Leverage State’s investment in Michigan Identity
Credentialing and Access Management (MICAM)
www.DirectTrust.org
1101 Connecticut Ave NW, Washington, DC 20036
10
Creation of the HICAM Federation
Health Identity Credentialing and Access Management (HICAM) federation is an
alliance of organizations who agree to abide by a common set of protocols, policies
and practices (the three P’s)
Protocols
Policies
Practices
HICAM Federation
Identity Exchange Hub
Health
Systems
Health
Plans
Qualified
Organizations
Direct Secure
Messaging
HISPs
Statewide
Health Provider
Directory
Consent and
Advanced
Directive
Registries
State of
Michigan
MICAM
Gift of Life
Registry (organ
donors)
Federation Participants(providers)
www.DirectTrust.org
1101 Connecticut Ave NW, Washington, DC 20036
11
Creation of the HICAM Federation
Health Identity Credentialing and Access Management (HICAM) federation is an
alliance of organizations who agree to abide by a common set of protocols, policies
and practices (the three P’s)
Protocols
Policies
Practices
HICAM Federation
Identity Exchange Hub
Personal
Health
Records
(PHRs)
Patient
Portals
Medicaid
Member Portal
(MyHealthPortal)
Direct Secure
Messaging
HISPs
Statewide
Consumer
Directory
Advanced
Directive
Registries
State of
Michigan
MICAM
Consent
Management
Systems for
standard
behavioral health
consents
Federation Participants (consumers)
www.DirectTrust.org
1101 Connecticut Ave NW, Washington, DC 20036
12
Trusted, federated identities for healthcare
Federated Identity Management (FIDM) in general consists of:
PROTOCOLS: The technical connectivity between
systems
•
•
•
Expand Single-Sign-On (SSO) across organizational boundaries
Standards include OASIS, SAML 2.0, XACML
NIST 800-63 Levels of Assurance (LOA)
POLICIES: Legal and Trust Framework development
•
•
•
Legal agreements establishing “trust beyond reproach”
Federated Sharing Organization Agreement (FSOA)
Use Case Agreements (UCAs)
PRACTICES: Process implementation
•
•
•
Process workflow – precise series of steps
User Acceptance Testing (UAT)
Monitor the process – end to end walk through with participants
www.DirectTrust.org
1101 Connecticut Ave NW, Washington, DC 20036
13
Protocols: Technical and Logical Connectivity
Currently connected Service Providers (for providers):
–
–
–
–
–
Beaumont Hospital
MiHIN Biometric LOA 3 Identity Provider
MiHIN Active Directory Identity Provider
Statewide Health Provider Directory (HPD) (Salesforce.com)
Direct Secure Messaging HISPs
Planned Service Providers for consumers:
– Personal Health Records (PHRs) and Patient Portals
• MS-Healthvault
• NoMoreClipBoard
• Patient portals determined by Health Systems
– Consent and Advanced Directive Registries
• Gift of Life Registry (organ donors)
• Peace of Mind registry (living wills, DNRs, durable powers of attorney)
• Standard Consent Management Systems (CMS)
www.DirectTrust.org
1101 Connecticut Ave NW, Washington, DC 20036
14
LOA 3 Identity Registration System
and Identity Provider
• Created an Identity Provider (IdP) capable of registering LOA 3
credentials for the HICAM federation
• Setting up identity proofing processes at USPS retail locations,
Secretary of State offices and onsite at other health
systems/plans (e.g. Beaumont Hospital)
First Provider, Dr. Robert Jackson registering for LOA 3 with biometric
www.DirectTrust.org
1101 Connecticut Ave NW, Washington, DC 20036
15
Biometrics as Second Factor
Fujitsu Palm Scanners
Iris Scanners
www.DirectTrust.org
1101 Connecticut Ave NW, Washington, DC 20036
16
USPS Digital Credential Process
MiHIN
Identity
Registration
Step 1
Provider presents
credentials to
passport clerk at
USPS retail outlet
passport window
(or Secretary of
State, other sites)
Step 2
Obtain secure
biometric identity
by scanning palm
and/or iris
Step 3
Register provider
and link biometric
template to
provider account
information
www.DirectTrust.org
1101 Connecticut Ave NW, Washington, DC 20036
Step 4
Digital credential
created.
Palm/iris scanner
can now be used to
login, or secure id
and password can
be used
17
Identity Registration Screens
Welcome to trusted identity enrollment
www.DirectTrust.org
1101 Connecticut Ave NW, Washington, DC 20036
18
Confirm Person (HPD lookup)
Statewide Health
Provider Directory
query results
[email protected]
www.DirectTrust.org
1101 Connecticut Ave NW, Washington, DC 20036
19
Confirm Person (verify ids)
Identity Proofing
www.DirectTrust.org
1101 Connecticut Ave NW, Washington, DC 20036
20
Select Biometric Form Capture
Picture alternately could be
utilized for facial recognition in
the future
www.DirectTrust.org
1101 Connecticut Ave NW, Washington, DC 20036
21
Capture Palm
[email protected]
www.DirectTrust.org
1101 Connecticut Ave NW, Washington, DC 20036
22
Registration Completed
[email protected]
www.DirectTrust.org
1101 Connecticut Ave NW, Washington, DC 20036
23
Provider & Consumer Use Cases
Use Case for Identity Providers (IdPs):
•
•
•
Many health systems and health plans (including Medicaid) will stand up their own
Identity Providers (IdPs)
Provide the trusted identities that Identity Exchange Hub federates
IdPs must conform to HICAM Protocols from Implementation Guide
Use Case for Service Providers (SPs):
•
Service Providers under HICAM consist of services such as:
–
–
–
–
–
Direct HISPs
Statewide Health Provider Directory
EHRs
Health and Medicaid systems inside state firewalls via MICAM
Health registries outside state firewalls such as:
•
•
•
•
•
Peace of Mind (Advance Directives e.g. Living Wills)
Gift of Life (Organ donors)
Consent registries (standard consents at CMHs, clinical trial consents)
Trusted identities from an IdP can be used for SSO between SPs
SPs must conform to HICAM Protocols from Implementation Guide
www.DirectTrust.org
1101 Connecticut Ave NW, Washington, DC 20036
24
Thank you
Please send questions/inquiries to:
Jeff Livesay – Associate Director
[email protected]
Brian Seggie – Director of Security
[email protected]
www.DirectTrust.org
1101 Connecticut Ave NW, Washington, DC 20036
25
Workgroup Reports
• Patient and Consumer Participation in Direct – Lucy Johns and
Leslie Kelly Hall
• Directory Policy – Bruce Schreiber and Jim Fisher
• Security and Trust Compliance – Luis Maas and Jeff McDonald
• Trust Anchor Bundle Operations – Greg Meyer
• Certificate Policy and Practices – Don Jorgenson
• Clinical Transitions of Care – Holly Miller and David Kibbe
www.DirectTrust.org
1101 Connecticut Ave NW, Washington, DC 20036
26
Discussion
David C. Kibbe MD, President and CEO DirectTrust.org
[email protected]
[email protected]
913.205.7968
Lucy Johns, MPH
Independent Consultant
[email protected]
www.DirectTrust.org
1101 Connecticut Ave NW, Washington, DC 20036
27

similar documents