Test-Driving a New Approach to Online CredentialsNIST Healthcare Pilot Project Designed to Identify Best Practices
A soon-to-be-launched pilot project funded by the National Institute of Standards and Technology aims to provide a potential model for how online access to patient information can be streamlined while boosting security, says NIST trusted identities expert Phil Lam.
NIST's National Strategy for Trusted Identities in Cyberspace - or NSTIC - program will examine proposals from healthcare provider organizations for enabling secure patient and clinician access to medical records from systems at various facilities using one trusted, federated online credential. Later this year, NIST will select one recipient for a $750,000 to $1 million grant to support an 18-month pilot project. The deadline for applications is June 1.
The Office of the National Coordinator for Health IT will join NIST in the review of the submissions. Once the pilot is completed, NIST and ONC plan to issue a report on best practices, Lam explains in an interview with Information Security Media Group.
"The hope here is that if we can have a pilot with measurable impacts that addresses usability and security in the healthcare space ... that [will bring] movement toward easier access that's also stronger," Lam says.
NIST is hopeful the report on the results of the pilot project "can help inform other healthcare providers that there are solutions out there that can secure the front doors to their electronic health records by securing the credentials folks use to log into these systems," he says. "We hope to have many other healthcare provider organizations take a look at this as a capability they want to utilize as well."
Demonstrating a New Approach
The pilot project is designed to demonstrate how, for example, a patient or a clinician could use one credential to securely log into multiple EHR systems across a number of different organizations, he says.
Simplifying and strengthening authentication for records access is becoming increasingly important as more records are shared among providers, including through health information exchanges.
In this interview (see audio player below photo), Lam also discusses:
- The security and privacy challenges NIST hopes to address in its pilot project;
- The types of multifactor authentication that could be part of the solution;
- Details of how the NIST project will proceed.
Lam is a trusted identity strategist for the NSTIC National Program Office. In that role, he leads pilot projects under cooperative agreements with private sector companies, providing subject matter expertise on user experience, security, interoperability standards and privacy. The goal is to seed the marketplace with solutions for accessing online services in a manner that promotes confidence, privacy, choice and innovation.