Online Health Identity - Maximizing Value While Maintaining Privacy

Online Health Identity - an RSA SecurID dongle

Fragmentation is a significant barrier to the progress of health information technology. Early adopters of online services and health devices are finding it excruciatingly difficult to manage their data across disconnected platforms. This hinders their ability to make use of the data and discourages them from further engagement. We cannot expect mainstream adoption and improvements in population health if early adopters are not being given a compelling experience.

During Health and Wellness Innovation 2011, Dazza Greenwood from the eCitizen Foundation, Rob Masson from EMC, Stephen Quatrano from Cisco began tackling this problem by prototyping an online health identity service that is open source and that uses open standards. Its goal is to serve as a consistent ID for people across electronic medical record systems, personal health records, online health services, and networked health devices. It becomes the glue for successful marshalling of data and for maintaining patient data privacy. The team has envisioned some exciting advances for this identity including the ability to provision certificates to individuals and to health professionals so that they can digitally sign data placed into personal health records. Also, the system could escalate the level of authentication required by a user based on the context in which the identity is being used. For example, to fill a prescription at a pharmacy, the user may simply have to enter a password. To authorize sharing data from the record with someone new, however, the user may have to use a password along with an RSA SecurID or biometric data such as a fingerprint scan or facial recognition. This will help to ensure that private health data remains private while at the same time minimizing the burden on individuals.

Narration Transcript:

Electronic networked health records offer amazing potential for higher data quality with lower care and service costs--–but what about privacy and security? And how can the various technologies work together seamlessly for the Patient?

To solve these issues, what’s needed is an Open Patient Identity Service. Creating a common login for Patients is the first step in this process

A single login serves as a common thread throughout the services and devices stored within the patient’s wellness toolbox.

This solution also works hand in glove with widely used authorization and secure data linking tools, empowering the Patient to individually link devices and apps to their health record. The patient can tie consumer medical devices—like a glucose meter, pedometer or smart scale—to their personal health record to keep the information up-to-date and accurate.  It also works with smart phone medical apps and online health and fitness services.

Each service provider will still keep a unique identifier for the information that the patients has  entrusted them with, but the patient is relieved of the burden of marshaling changes to common information across multiple products and services.

If patients access the records from a different computer or there are other unusual characteristics, their identity can be authenticated to an even higher level of assurance, ensuring the security and privacy of their health information. 

All this gives their doctors and other providers much more valuable data to work with, enabling them to analyze their needs and provide periodic feedback, either through live video, e-mails or texts - any way that works for the patient.

By providing an open source, open standards solution for a Patient ID Service, an Open Architecture can emerge that enables a competitive marketplace for services, while keeping the patient in the driver’s seat when it comes to accessing or sharing their health information.