Phone as Health Care Credential: Difference between revisions

From IDESG Wiki
Jump to navigation Jump to search
Line 19: Line 19:


==Solution==
==Solution==
The solution proposed is to leverage the Identity Proofing already performed at many HIPAA covered healthcare providers to allow a Credential Service Provider (CSP) to certify the installation of high assurance credential on the patient's smart phone using a native application that can also be validated by the CSP as a part of the credential. From that point forward any HIPAA covered entity can use the authentication provided by the patient's smart phone if they choose to do so.


[[File:Phone_as_HC_Cred.png]]
[[File:Phone_as_HC_Cred.png]]

Revision as of 23:46, 30 July 2019

Full Title

Using a Patient's Cell Phone as their Health Care Credential

Context

  • The wiki page Trustworthy Healthcare Ecosystem contains more context information.
  • Pew research report Enhanced Patient Matching Is Critical to Achieving Full Promise of Digital Health Records, and to prevent harm through faulty health history information. This is defiantly not patient oriented (and that is not a typo.) When they did ask patients what they wanted it was consistently shown that patients want all of the benefit of matching, with none of the downside of loss of privacy. They also found that Republican voters didn't want the government involved at all.
  1. System oriented solution needs unique patient identifiers - but what they really mean is mandatory patient IDs for life.
  2. Patient oriented solutions, like Smart Phones and QR codes, fit in better with the goal to give patients access and control of their private information, personal as well as medical.
  3. Demographic matching, bio-metrics, disease history, whatever (maybe even the old standard, the social security number).
  4. Referential from other sites, like social services agencies or similar.

The is the conclusions from that report on the use of patient's phones.

To assess that concept, Pew contracted and collaborated with the RAND Corp. to evaluate different approaches to involving patients in matching. RAND conducted a literature review, interviewed experts, and convened an advisory panel to identify different options for a patient-empowered matching strategy and criteria used to analyze each approach. The research identified several options, which ranged in the degree to which the patient would be involved. Some approaches included minimal patient involvement—patients could, for example, permit their pictures to be taken—while others included a more hands-on role for the individuals, including having each patient aggregating all his or her health data in one location or obtaining a voluntary unique patient identifier. The research identified several criteria to evaluate each solution, including the degree to which it would improve match rates, the likelihood of patient adoption and use, and the feasibility of implementation. In a report released in August 2018, (reference below) RAND recommended a patient-empowered approach for matching involving two main components: validating patient information and a smartphone application, which would then be used together once developed.

This article address the last point, the use of a smart phone application to achieve the high assurance authentication (IAL2, AAL2) required by the healthcare community. Specific recommendations from RAND include those that will advance the selected three-stage solution through development and pilot testing by:

  1. Developing technical specifications for verified data fields, developing best practices that allow health care providers to verify mobile phone numbers, and iteratively pilot testing and refining the specifications and best practices to maximize feasibility and usability
  2. Developing application programming interfaces and best practices for establishing bidirectional communication between a smartphone app and health care provider registration systems at the point of care, and iteratively pilot testing and refining them
  3. Developing advanced app functionalities to further improve record matching and increase the value of apps to patients and providers.

As reported in the Trustworthy Healthcare Ecosystem this Kantara committee proposes to build a sandbox for testing these concepts.

Solution

The solution proposed is to leverage the Identity Proofing already performed at many HIPAA covered healthcare providers to allow a Credential Service Provider (CSP) to certify the installation of high assurance credential on the patient's smart phone using a native application that can also be validated by the CSP as a part of the credential. From that point forward any HIPAA covered entity can use the authentication provided by the patient's smart phone if they choose to do so.

Phone as HC Cred.png

References