Identity Infrastructure Key for Interoperability, Health IT Security

Original Article by
Posted on October 19, 2021 by Hannah Nelson

As healthcare organizations comply with interoperability regulations, the adoption of an identity infrastructure can support health IT security.

Healthcare organizations should take an identity-centric interoperability approach to minimize health IT security risks involved in compliance with patient data sharing provisions of the 21st Century Cures Act, according to a new Health-ISAC whitepaper.

The 21st Century Cures Act information blocking provisions, which went into effect on April 5, 2021, primarily focus on ensuring patient access to EHR data through interoperable data exchange across the care continuum. Most healthcare organizations are complying with the regulations by implementing standards-based patient access application programming interfaces (APIs).

The whitepaper authors noted that to ensure the security of patient health data when complying with interoperability regulations, healthcare stakeholders must address four key functions tied to identity.

First, organizations must address authentication and access, which refers to the ability to verify a patient’s identity when she requests access to her health records.

Organizations must also address authorization, which refers to a system’s ability to efficiently capture consent of a patient when she asks to share her records with others.

Additionally, healthcare stakeholders must ensure governance and administration functions are in place to govern how a patient’s digital identity is used.

Lastly, stakeholders must ensure proper patient matching functionality. This means that if the organization has 83 “John Smiths” in its records, the system must be able to decipher which John Smith is making a request for information.

“Patient matching errors have led to medical errors for years now, and the potential for errors is now exacerbated as new channels are created for electronic health information to be shared,” the Health-ISAC authors wrote.

These four functions can be managed through robust identity infrastructure, the authors noted. The whitepaper presents an H-ISAC Framework for Managing Identity, which gives a high-level overview of how healthcare organizations can ensure health IT security while complying with interoperability regulations.

The authors noted that identify infrastructure can also enable healthcare organizations to go beyond compliance-driven health IT investment to seek strategic advantages.

For instance, adoption of a robust identity infrastructure can help organizations launch new health apps and services faster and more securely.

Additionally, identify infrastructure can help organizations streamline data sharing with other parties and make it easier to leverage electronic health information for data analytics.

The whitepaper authors also noted that identity infrastructure can simplify consent capture and management involving the release of electronic health information.

“As the healthcare industry focuses on digital adoption, identity will continue to play a foundational role,” H-ISAC officials noted. “Whether your implementation of a modern identity system is driven by regulatory and compliance requirements, security and privacy concerns, or a desire to improve customer experience, a well architected, robust digital identity solution can address all of these drivers.”