Healthcare Identity Management and Role-Based Access

in a Federated NHIN

The e-Authentication Project Phase 4

Co-presenters:Richard Moore, President

eHealth Ohioand

John Fraser, CEOMEDNETWorld.com

Session 246 HIMSS 2010 Atlanta, GA

Thursday, March 4, 11:15 AM - 12:15 PM

Conflict of Interest Disclosure Rick Moore and John Fraser

Have no real or apparent conflicts of interest to report.

Abstract• The Nationwide Health Information Network requires the secure connection of health organizations within and

across state borders. The goal of Phase 4 of the e-Authentication Pilot Study is to investigate a specific solution to this issue.

• In 2006 HIMSS sponsored Phase 1 of the e-Authentication Pilot Study which modeled the use of the General Services Administration (GSA) electronic authentication certificates using PKI and SAML in a healthcare information exchange (HIE) environment by 6 Regional Health Information Organizations (RHIOs) located in 5 different states.

• Phase 2 extended the work of Phase 1 to model federated single sign-on into a distributed multi-state HIE using PKI certificates for secure identity management, open source Internet2 middleware (Shibboleth and Shibboleth tools) for the authorization architecture and single sign-on capability and OASIS defined Security Assertion Markup Language (SAML) for access control. Phase 2 concluded in the development of a healthcare specific configuration of the Shibboleth network architecture and the development of healthcare related directory objects for role-based authorization. The Phase 2 technology was successfully demonstrated in the 2008 IHE Showcase.

• Phase 3 of the e-Authentication Pilot Study extended the network to include NHIN connectivity as a participant in

the NHIN2 project. Advancements included: Record Location Services (RLS); proprietary Electronic Health Records (EHR); Personal Health Record Service (PHR); Public Health Immunization Record Service; VMWare virtual server technology.

• Phase 4 extends the use of NHIN Connector for Clinical and Administrative transactions, connection to OpenVISTA, work with the Voluntary Universal Healthcare Identifier (VUHID) and the growth of the network to 18 hospitals. Liberty Alliance/Kantara Workgroup for Health Identity and Assurance continues to participate to define Health Identity Management best practices and Role-based Authentication.

Talk Outline• Problems & Opportunity• Key Benefits – what does this mean to you?• Project Review & History• Case Studies: Building a Federated NHIN

• eHealth Ohio• HIE-Bridge HIE in Minnesota• NHIN Federated HIE Model

• Recommendations

Key Problems• When doctors connect nationally or outside their

HIE, how do they know who is on other end of a request for medical information?

• Usernames and passwords problems• Too many• Lose track• Very frustrating to remember them all• Very unsecure• Need to share username/passwords between apps

Opportunity• Demonstrate methods to authenticate doctors• Provide one credential to access multiple services

• Share the credential within a clinic or across the country• Using existing standards – don’t re-invent the

wheel.• Use new Health Information Exchanges to

validate these solutions.• Leverage the new NHIN standards

Key Benefits• Providers and Staff:

• Simplify the process• Modernize user authentication• Help link systems together

• Managers and Technologists• Manage to national standards• Use open standards – vendor neutral

• Benefits to Patients• More secure systems• Protection of patient privacy• Easier interaction with systems

Past projects - eHealth Ohio and MN• 2006 - Completed HIMSS/GSA project

• PKI Certificate provisioning and use• HIMSS e-Authentication Whitepaper

• 2007 - Phase 2• MN & OH linked using Shibboleth “Club” federation

• 2008 - Phase 3• NHIN2 work in MN

• 2009 – Phase 4 and beyond• Tying NHIN / HIE interests together• Developing framework for national NHIN federation• Kantara Group to build consensus on national standards

• Who: HIMSS and The General Services Administration (GSA)• When: 2006, early 2007• Purpose: Demonstrate federally approved authentication

services• What: Pilot used Electronic Authentication Service

Components established under Homeland Security Presidential Directive HSPD 12, Policy for a Common Identification Standard for Federal Employees and Contractors.

• Pilot Participants: Seven Regional Health Information Organizations (RHIOs)/health information exchanges (HIEs) and ORC, Inc. Federal Certificate Authority.

• HIMSS e-Authentication Whitepaper http://www.himss.org/content/files/GSAwhitepaper.pdf

Phase 1 - HIMSS/GSA eAuthentication Project

Phase 1 – 8 Participants - 20061. GSA: ORC, Inc. ACES Certificate Authority2. CT: e-Health Connecticut 3. MI: Michigan Data Sharing & Transaction Infrastructure

Project4. TX: CHRISTUS Health, Health eCities of Texas Project5. MN: Community Health Information Collaborative6. OH: eHealth Ohio/OSC Bioinformatics7. OH: Virtual Medical Network 8. NV: Single Portal Medical Record Project

Phase 2 – 5 Participants - 2007/20081. CT: e-Health Connecticut 2. MN: MEDNET, USA3. MN: Community Health Information

Collaborative (CHIC)4. OH: eHealth Ohio5. OH: Virtual Medical Network

Phase 3 – 2008/2009

• The Original Focus of Phase 3 was to extend the Role-Based Access Model and scalability.

• CHIC was selection for the NHIN2 development and NHIN work took precedence for 2008.

• Based on the participation in the NHIN, the e-Authentication project is now a portal to the NHIN.

• Scalability gains were achieved by using virtualization of servers to reduce maintenance and application deployment.

• Streamlining certificate provisioning.

Phase 4 – 2009

• Case Studies - Implement lessons learned in HIE• Work with other Open Source solutions• Implement a federated identity management

system that can be shared between HIEs and states

• Connect to NHIN to exchange clinical and Administrative transactions

• With Kantara develop a reference implementation for federated identity

eHealth Ohio Developments 2009• Who:

• Rubicon Group (TRG), • Provider Business Group (50 practices and 200

physicians)• What:

• HIE Pilot• Hosted at TechColumbus Platform Laboratory• VMWare Cloud-based

• Studies:• Pediatric Physician Record Locator service for a local

Pediatric Urgent Care• Hospital to TRG Physician connectivity for Mobile Office

Resource services

RLS Service

Service Provider

MEDNETGateway

MEDNETNHIN

Gateway

MEDNETGateway MEDNET

Gateway

MEDNETNHIN

Gateway

MEDNET HIEMEDNET HIE

IdentityProvider

IdentityProvider

TechColumbus Platform LabTechColumbus Platform Lab

Physician Portal

eHealth Rubicon Service

Service Provider

EHR/EMRSOAP/HTTPS

Firewall Firewall

eHealth Ohio Developments 2009

MEDNET HIE-Bridge Case Study• Situation – Clinics and Hospitals

• Spending too much time contacting providers for patient medical records

• Difficult to manage incoming patient requests• Incomplete information delayed accurate and timely patient care

• Strategy• Adopt existing NHIN standards and Internet connectivity• Implemented a “Smart Index” at each participating clinic and

hospital• Implemented Translation Engine• Patient Privacy and Trust Services• Implement a security “Gatekeeper” to keep out the bad guys• Implemented PKI Security with audit and logging

MEDNET HIE-Bridge Case Study (cont)

• Results• Increased patient privacy• Less hassle to users for logins• Eliminated the need for a central

database to reduce security threats• Saves 15 – 45 minutes per patient• Increase security and audit capability

CHIC & eHealth Ohio – Record Locator Service & NHIN

21

CHICSISU / St.Luke’s VRMC Users

NHIN Backbone connecting HIEs

Community Security/Privacy OfficersLog Reviews

PersonalHealthRecord(PHR)

MEDNET NHIN

GatewayRole Based

Access Control Service

Community Patient Privacy

Manager

Audit Database

XDS Registry and

Repository

Record Locator Service

Patient Clinical Info

Retrieval Lookup

Federated Identity

Management Service

MEDNET GRID SERVER

Immunization Connection

eHealth Ohio, RubiconTechColumbusTest server

LOGIN

What is the Nationwide Health Information Network - NHIN• Developed by Department of Health and Human

Services• 18 initial participants• Internet-based, uses existing Internet standards• Web Services based with SAML security• No centralized servers / control• Moving into production in 2010

NHIN Connectivity Overview

Your existing

sites

Your organizations

network

Feds: SSA, DoD, VA, CDC,

etc

Nationwide Health Information Network - NHIN

INTERNET

PayersProviders

State & Local

Health Information Exchanges

(HIE)

NHIN Needs• What do you want? – Standardized services

• Supported by NHIN Core Services• Services listed in a directory (UDDI)• Uses Standardized Web Services (SOAP)

• Who am I? - Need to federate, or share identities• NHIN is a network of networks – who do you trust?

• Do you trust me? - Standardized PKI security• Kantara / Liberty Alliance’s IAF framework• SAFE BioPharma global infrastructure

NHIN Message Security

• Authenticated• Secure• Not subject to later repudiation• NHIN implementing Public Key Infrastructure

(PKI), based on X.509 certificates• Basis of trust at the implementation level is a

shared Certificate Authority chartered by NHIN governance body

Messages between HIEs must be:

NHIN Message Security*

Required in allNHIN SOAPmessages

(*) standard SAML-secured SOAP message – not NHIN specific

Example payload: HL7v3 CCD Message in XML format

Who am I on NHIN?• Need standardized identity sharing across

multiple HIEs• No central registry (no big brother)

• Shibboleth open-source identities between HIEs• Supports multiple providers of identities from small

clinics to huge research centers

CHIC & eHealth Ohio – Record Locator Service & NHIN

29

CHICSISU / St.Luke’s VRMC Users

NHIN Backbone connecting HIEs

Community Security/Privacy OfficersLog Reviews

PersonalHealthRecord(PHR)

MEDNET NHIN

GatewayRole Based

Access Control Service

Community Patient Privacy

Manager

Audit Database

XDS Registry and

Repository

Record Locator Service

Patient Clinical Info

Retrieval Lookup

Federated Identity

Management Service

MEDNET GRID SERVER

Immunization Connection

eHealth Ohio, RubiconTechColumbusTest server

LOGIN

Recommendations and Future Vision• Investigate federations for community projects• PKI provides better security and patient privacy• Consider federated databases for systems – avoid

centralizing information to increase security

• Future predictions• HIE building will standardize on NHIN architecture• NHIN will adopt some type of federation approach• PKI will become required for HIE to HIE

connectivity

Kantara Initiative – Leading the Way• Healthcare Identity Assurance WG

• Co-chairs John Fraser, Pete Palmer & Richard Moore

• Build Reference Implementation• Use “Identity Assurance Framework” approved by ICAM• Voluntary User Health ID

Resources

To learn more about NHIN:

Visit: http://blog.mednetworld.com/survey

to complete a two question survey on our talk, and download a free copy of an e-Book that we've developed on the topic.

Presenter information:1. Rick Moore

• eHealth Ohio• +1 877.813.9750• rkmoore@ehealthohio.org• Co-chair of the Kantara Healthcare Identity Assurance

Workgroup

2. John Fraser• MEDNETWorld.com• +1 612.435.7602• john.fraser@mednetworld.com• Co-chair of the Kantara Healthcare Identity Assurance

Workgroup