Medicare Patient logs into MyMedicare.gov site to access their records

From IDESG Wiki
Jump to navigation Jump to search

Title:


Use Case Description: Medicare Patient logs into MyMedicare.gov site to access their records.


Use Case Category: Authentication


Contributor: IDESG Health Care Committee


Use Case Details

Actors:

  • Provider
  • Relying Party (mymedicare.gov)
  • Patient


Goals: Permit patients to download their own health information.


Assumptions:

  • Medicare proofing uses 3rd party service to achieve LOA3
  • MyMedicare acts as as patient Portal - similar to myHealtheVet. Typically this services is provided by a Heath Information Service Provider
  • Use of userid and password authentication limits interactions to LOA2


Requirements:


Process Flow: Patient has been registered with Medicare and been seen for healthcare services for which a provider has been paid. Medicare has stood up a Personal Health Record environment enabling the Medicare Patient to track claims submitted for payment. Patient registers with MyMedicare.gov by entering their Medicare Number (SSN plus a letter, usually 'A'), their last name, birthdate, gender, and zip code. Patient can then choose a username and password under rules for complexity. Subsequent logins are authenticated using this username and password. Once logged in, patient selects the 'Blue Button' and then can view and download their PHI in text or pdf formats or transmit their health record to another provider using a Direct address provided to the patient at time of care.


Success Scenario:


Error Conditions:


Relationships

  • Extended by:
  • Extension of:
  • Remote electronic identity proofing
  • Authenticate Person Use case

References and Citations

  • NIST SP 800-63
  • Meaningful Use Stage 2 45 CFR 170.314(b)(2) Federal Register /Vol. 77, No.171 September 4, 2012 54163 at 54288