1 / 12

Meaningful Use Stage 2 ID Verification Policies And Authorized Access

Meaningful Use Stage 2 ID Verification Policies And Authorized Access.

ayame
Download Presentation

Meaningful Use Stage 2 ID Verification Policies And Authorized Access

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Meaningful Use Stage 2ID Verification PoliciesAnd Authorized Access Highlights of the November 29, 2012,Trusted Identity of Patients in Cyberspace Hearing – Policy: P&STT and the HITSC Privacy & Security Workgrouphttp://www.healthit.gov/policy-researchers-implementers/federal-advisory-committees-facas/calendar/2012-11?tid=125

  2. Introduction • Identity management is a fundamental issue for the healthcare industry, and that any efforts to improve healthcare information systems, reduce administrative costs, fight healthcare fraud and identity theft, and improve patient care must start by building a solid healthcare identity foundation. • HHS should educate the general public on Levels of Assurance and recommend the use of higher assurance credentials (Level 3 and Level 4). • The Blue Button Initiative makes it imperative that two-factor authentication be offered to those who are utilizing the Blue Button to download their health information. • Neither the FACAs nor ONC should endorse specific products; rather they should approach the issue of patient authentication with an eye towards a standards-based solution that utilizes non-proprietary, mature technologies that have a proven track record.

  3. The Problems: ‘Siloed’ Records and Access Consent • John Halamka, MD, tells the story of his mother’s hospitalization: • A fall resulted in a broken hip, • IV morphine administered on admission • Pain and morphine resulted in an inability to reconcile her own medications • No easy exchange of electronic records available • Medication ‘reconciliation’ via examination of all medication bottles in her name resulted in her being put on 22 medications • Further deterioration of mental status limited capability to provide informed consent for her son to act as her healthcare advocate

  4. How Meaningful Use Stage 2 Helps • Due to Dr. Halamka’s intervention: • the care team understood the poor quality of the data they had reconciled and the lack of coordination among caregivers, they agreed to discontinue everything except Tylenol and an anti-hypertensive. • The next morning, the patient was ‘foggy’ and had no recollection of the previous two days, but regained her involvement with the rehabilitation process and became a partner in her care planning. • Under Stage 2 of meaningful use, patient and family view/access/download/transmit to her various data sources will be required: • Data exchange at transitions of care will be required. • Decision support that would likely have offered best practices for medication management in the elderly would have prevented the cocktail that altered her mental status.

  5. Developing a Strong Health Information Management System • Starts with the accurate identification of each person receiving or providing healthcare services, as well as anyone accessing or using this information. • Issues with establishing identity are compounded as electronic medical records (EMRs) are used by many different organizations at the regional, state, and national levels. • There must be a way to uniquely and securely authenticate each person across the healthcare infrastructure, whether that interaction is in-person at point of care or over the Internet.

  6. Online Credentialing Solutions Issues • In some cases, in-person single-factor authentication could be sufficient. • Providing patients with a username and password that would grant them access to already-established patient portal profiles. • Jonathan Hare, chairman and founder of Resilient Network Systemstestified that this system is not foolproof: • Front desk staff responsible for issuing online credentials typically has no training in ID verification • Process relies too heavily on single-factor authentication, which is not the most secure approach. • "If you want to have high assurance you should be using multiple, independent ways to verify identity"

  7. Multifactor Authentication Not Foolproof • Multifactor authentication may be more secure, but it has its drawbacks • Elizabeth Franchi, data quality program director at the Veterans Health Administration who has worked on the VA's Blue Button initiatives: • Adding more steps to the verification process typically causes users to drop out of the system before completing verification, leading to low utilization of patient portals and other online services. • For example, the doctor may issue a username and password during a patient visit, and then call the patient's personal phone number to make sure the patient was in fact the person who entered the account before allowing full access. • Patients often find this type of process onerous, making them less likely to follow it through to the end. • "Our biggest lesson learned is that burden has to be lessened for the patient. In order to facilitate this, we need to streamline this.”

  8. Smart Card Solutions • Mature, trusted, and non-proprietary technologies • Any technology deployed to modernize our healthcare system must perform a number of tasks: it must improve the quality of patient care, reduce costs, minimize provider workflow and address the concerns and efficiencies required to justify investment. • Being able to validate a person’s identity immediately introduces real benefits to health care delivery and the ability to control cost and reduce fraud. • Identification and authentication are currently uncontrolled and not standardized among medical systems, locations, and organizations within the healthcare community. • Smart Cards provide the easiest, most cost-efficient, secure, and user-accepted method for solving the healthcare identity management problem

  9. Smart Cards and Emergency Medical Information • A secure, portable way to store patient data that could be critical in case of an emergency, such as: • current medications, • allergies, and • blood type

  10. American Medical Association’s (AMA) Health Security Card (HSC) • A three-year public health translational research • In April 2012, a live simulation of a public health triage scenario using the HSC was conducted. 40 patients were divided into two equal groups: • Group 1 carried a HSC containing name, gender, date of birth, allergies, current medications, blood type. • Group 2 did not have a HSC. Some had an ID card or health insurance card. • The average length of patient encounter was • 53 seconds for those not carrying a HSC • 32 seconds when the HSC was presented • Patient satisfaction was significantly higher • 75% of individuals carrying a HSC rating the quality of their care to be Excellent or Very Good • 35% of those not carrying a card gave a rating of Excellent or Very Good

  11. Combining Smart Card Technology, Cryptographic Functions and Biometrics • Digital signatures ensure that the biometric template being used has not been altered. • Encryption protects the biometric template and other personal information stored on the smart card. • The smart card compares the live biometric template with the biometric template stored on the card. The biometric template never leaves the card, protecting the information from being accessed during transmission • A cryptographic challenge authenticates the legitimacy of the card and the reader, ensuring privacy for the cardholder, preventing inappropriate disclosure of sensitive data, and thwarting “skimming” of data that might be used for identity theft.

  12. Sources Burns, E. (12/3/2012). ID verification policies needed in stage 2 meaningful use. SearchHealthIT. http://searchhealthit.techtarget.com/news/2240173745/ID-verification-policies-needed-in-stage-2-meaningful-use. Halamka, J. (11/6/2012). Why meaningful use Stage 2 is so important. Healthcare IT News. http://www.healthcareitnews.com/news/why-meaningful-use-stage-2-so-important. Magrath, M. (November 29, 2012) Testimony at P&STT and the HITSC Privacy and Security Workgroup Meeting. HealthIT.gov. http://www.healthit.gov/sites/default/files/20121129_michael_magrath_testimony_-_gemalto_and_smart_card_alliance.docx.

More Related