Management of healthcare data has become so complex that sorting out a patient’s medical history, diagnosis, test results, and payment eligibility can seem more complicated than the medical procedure itself. From the patient’s perspective, there are two questions: How do I get access to my own medical information? and How do I share it with others? Yet, neither of them has a simple answer.
A survey conducted in 2010 indicated that American patients have on average 18.7 doctors, and that figure doesn’t include hospitals, service providers such as labs and imaging services, or insurance companies. Unfortunately, the digital systems that serve these various members of the healthcare ecosystem are largely incompatible. Data exchanges must therefore take place on a one-to-one basis, which is clumsy and inefficient, and can easily fail to provide a full picture of an individual’s medical situation.
Progress towards resolving these problems is being made, spurred to a large extent by the 21st Century Cures Act of 2016. The regulations stemming from this act required that all of the health plans in the United States under the jurisdiction of the Center for Medicare and Medicaid (CMS) must implement a modern architecture that supports restful APIs, OpenID Connect and OAuth 2 – in other words, the type of architecture that prevails in the consumer world.
In addition, the Office of National Coordinator (ONC), which oversees electronic health records, has promulgated the ONC Interoperability and Patient Access Rule. This rule mandates interoperability for virtually all the types of information that patients, doctors, service providers (e.g. hospitals) and payers (insurance companies) might need to exchange – patient demographics, clinical notes, lab results, treatment plans, procedures and so on.
Meanwhile, groups like the CARIN alliance, a bipartisan, multi-sector collaborative, are working to advance consumer-directed exchange of health information. Their goal is to rapidly advance the ability for consumers and their authorized caregivers to easily get, use, and share their digital health information when, where, and how they want.
A New, Federated Approach to Digital Identity
In short, all the pieces to support an efficient and comprehensive exchange of healthcare data – frameworks, policies, standards and industry consortiums – are now in place. What’s needed is a secure, user-friendly means to access and share that data. The solution that’s gaining the most traction is a federated digital identity system for healthcare. Such a system digitally authenticates individuals in a trusted way without being tied to the creation of separate portal accounts. This model is designed to allow individuals to use that same trusted authentication to access their health information across multiple doctors, providers and payers.
It is based on a user-centric approach, where an individual creates and owns their digital identity, typically using a standards-based approach that stores private keys on a user’s device. This portable digital identity can be trusted by all the parties that rely on it. Furthermore, users can allow or deny access to all or any part of their healthcare data as they wish.
Here’s how the process of creating such an identity using a digital wallet typically works. When users launch the app of a provider, payer, or other member of the federated system, they are invited to create a new account. The “please register” option leads users to a screen where, by clicking on a button, they can start creating their new digital identity using the services of a vetted credential service provider (CSP). Users are typically given several choices of CSPs, but the end result is the same.
Once they have made their choice, they are then prompted by the CSP to take a picture of a photo ID such as a driver's license or passport, followed by a video selfie where they smile or wink. The CSP will verify the validity of the photo ID and also verify that the individual in the photo matches the selfie. Finally, the CSP gives the user a private key that is immutably linked with their biometric. This adds the extra convenience of passwordless authentication if desired.
Once the digital identity is established, it can be used to easily access and share data. The user always has the option of approving or denying access. All the information in the digital wallet is protected by asymmetrical (public/private key) encryption.
The availability of portable, trusted digital IDs is convenient for patients, but also has significant benefits for doctors, hospitals, service providers and payers as well. Beyond far easier sharing of data, these institutions can effectively offload much of the work associated with vetting identities and protecting them against attack to CSPs that meet the strict regulations governing healthcare data. Identity brokers now exist that link users to their CSP of choice at the front end of the process, making the implementation of the federated approach as simple and straightforward as possible.
The concept of federated digital identity powered by sophisticated CSPs is gaining momentum, and the leaders of healthcare organizations should keep their eye on this important trend. It’s safe, convenient, and most importantly, promises better care for patients.