NSTIC & ONC Work On Trusted Identity

Thirty-eight percent of adults think it would be easier to solve world peace than remember all their passwords – and many would rather undertake household chores such as scrubbing their toilet than even try.

That’s according to James Sheire, a senior advisor at the National Strategy for Trusted Identities in Cyberspace, speaking at the Government Health IT Conference and Exhibition in Washington, D.C., on Wednesday.

“As we all know,” Sheire said, “usernames and passwords are hopelessly broken.”

Most Americans have 25 username and password combinations, on average, and tend to use the same ones over and over again, he added, rendering even slightly complex ones including capital letters and numbers as veritable keys to the kingdom.

Which is why the private-sector led NSTIC was established in 2009 to address trusted identities across a number of industries; particular to healthcare that begins with the conundrum of how patients access electronic records and how they are balanced with privacy and security.

“Health is going to be one of the more sensitive applications,” Sheire said. “In healthcare, EHRs can save billions but many deployments are stymied without solving identity and authentication challenges.”

The trusted identity ecosystem that NSTIC is working to create with ONC, among multiple other entities, can serve as foundation to fight cybercrime and identity theft, tighten security standards, and enable the sharing of a minimal amount of information, just enough to conduct a transaction, all of which, at least in theory, will improve consumer confidence.

Although healthcare is a particularly fragmented and challenging market, Sheire said it shares many of the same identity management issues as other industries, namely authentication and verification, access to various resources, the need for solutions that scale to large organizations.

“The identity ecosystem will enable health information exchange,” Sheire explained, adding that it will simultaneously streamline patient and provider access to multiple systems, secure patient access, and provide the ability for ID matching.

Imagine a single identity with which a patient can access an EHR, enable sharing of health data across applications, allow providers to share patient data with each other, Sheire urged the audience.

Conceptually similar credentials are emerging in the marketplace. Companies such as Amazon, Facebook and Google are offering single sign-on to multiple websites other than just their own, Sheire noted.

“We want to make sure the various industries can interoperably use these wherever they go,” he said. “For patients this means no longer having to remember usernames and passwords, while at the same time making [transactions] more secure.”

NSTIC solutions will work everywhere – health, banking, shopping, he added. Since 2009, NSTIC has created the ID ecosystem steering group, awarded $9.2 million to fund pilot programs, and is currently evaluating applications for second round of pilots in 2013.

“This summer we should have more news on upcoming pilots and steering committees,” Sheire said.

Article written by Tom Sullivan