To accelerate use of the nationwide health information network (NHIN), a panel of the Health IT Policy committee met yesterday to explore methods to verify the identity of healthcare providers who will use the network to exchange patient data.
Authentication verifies identity and assigns credentials for electronic transactions but there are a variety of approaches to accomplish this basic component of e-health exchange, experts told the NHIN work group Jan. 7.
ONC planners want to come up with a common method to make the NHIN both easier to use and available through a variety of sources. That's to encourage small providers and individual physicians to start sharing records electronically. It's also to ready them for the rapidly approaching five-year window during which they are eligible for payments under the administration's health IT incentive plan.
"The goal here is what can we do today to accelerate information exchange under different scenarios," said David Lansky, chairman of the ONC's NHIN work group and president and CEO of the Pacific business Group on Health.
The policy committee will in turn make recommendations to ONC in the next few months for possible incorporation into future meaningful use regulations.
Dr. Farzad Mostashari, ONC senior advisor and representative on the panel, said he hoped to determine the minimal needed to perform authentication for the NHIN, but he noted that each of the approaches had advantages and shortcomings.
With one approach, the administration would set the standards and assurance levels, and commercial providers would issue authentication credentials or tokens through an accreditation process. "Basically, there would be a marketplace with continually improving ways to do identity proofing and authentication for providers," he said.
The advantage to this approach is that it is increasingly feasible to do. However, not all technologies that healthcare providers need to use could accommodate a credential token or card, Mostashari said.
"It could take years before that capability is available to every provider who wants to be a meaningful user in 2011 and 2012," he said.
With another approach, authentication of a physician's identity is stored on a provider organization's servers and shared with other systems.
"I'm not sure if the server-to-server approach takes us to the end point we need to get to," Mostashari said. Small physician practices without a large infrastructure might still have to get identity-proofing.
Currently, the model for exchange for the NHIN is a node-to-node sharing of data between health information exchange organizations, said Dave Riley, program lead on the Connect initiative and a contractor. Connect is federally developed software that enables the standards and protocols needed to link with the NHIN.
Connect uses Security Assertion Markup Language (SAML), an extensible markup language standard that has components to express authentication and authorization assertions.
The NHIN workgroup will present its preliminary findings to its parent policy committee Jan. 13 and continue to identify an NHIN approach to authentication.
