Clarification and stabilization of the market rules for sellers and consumers of accreditation services in the areas of identity, trust, and secure communications in Healthcare, and thus to research options to that may optimize the number of overlapping accreditation and approval programs that Kantara Service Provider Members are required to engage.
Summary & Context:
As the healthcare sector faces numerous initiatives requiring the transport and exchange of health information over the internet, adequate security is critical in preserving the integrity of transactions and the privacy of Personal Healthcare Information (PHI). Also, to achieve an effective collaborative ecosystem, organizations need to establish a risk=based level of trust of the individuals involved in such transactions.
While identifying individuals through the use of credentials is common, the validity and acceptance of them such credentials between distinct organizations a newer activity, and increasingly a challenge as the proof of identity requires higher assurance due to inconsistencies in implementation of policy, process and technology concerning the vetting and management of organizational identity, credentials, and the binding and usage of the two.
Therefore, the healthcare community must implement consistent strong identity management practices to facilitate a level of trust that can be broadly applied across the healthcare sector..
Identity Trust Framework Providers (TFP) facilitate these goals by providing a set of principles, policies, processes, best practices and specifications that can be certified and replied upon to attest to the implementation of strong identity systems., Such TFPs harmonize interoperability and adoption across communities in a meaningful and repeatable manner, eliminating the need for customized agreements for each relationship.
A number of TFPs now exist and while there are similarities amongst them, they require distinct auditors, service assessments, and accreditation for certification of component entities. Such differences create unique challenges for stakeholders (those responsible for selling or consuming accreditation services) in the community. A few examples may be (but not limited to):
HISPs, CAs, and RAs: Currently each unique Trust Framework requires a separate assessment against the requirements of that TFP for certification of the entity. This drives cost and resource use for the applying entities. If the costs become unreasonable the entities may choose to not participate in some programs. This poses a risk to the entire community as these entities are critical for the entire ecosystem implementation and continued operation.
End-User Organizations: Payers and Providers wishing to facilitate compliance with mandates and incentives that require trusted identity are not certain which supporting entities they should use. This results in indecision thereby stunt adoption.
Identity Trust Framework Providers: Requirements for multiple certification of HISPs, CAs and RAs or lack of demand from their customers for specific accreditations may impact adoption and further development of valuable programs.
The Kantara Board of Directors
Feasibility Study Output & Delivery:
This report provides candidate recommendations that may stabilize the market rules while providing insight and clarity as to the opportunities and barriers that are associated with them. Terry Gold will be serving as the overall coordinator to lead the work effort. The HIAWG Chair will deliver the completed Feasibility Study to the Sponsors that have commissioned the effort.
The Kantara Board (sponsors) will review and discuss report with other entities (such as EHNAC and DirectTrust with which they have executed MOU’s, and others as determined by them to be appropriate). The Board will determine which options, if any, may be pursued in collaboration to reach the goals of the Mission Statement.
Key questions that the feasibility study should endeavor to answer:
- Core: Why do various accreditation organization exist? Can they be merged, or why not.
- Drivers: Enablers and barriers for relying parties (RPs) to accept one but not another. Gaps, impact, etc.)
- Challenge: Enablers and barriers to reciprocal arrangements for acceptance of assessment results across TFPs.
- Measure: How do the service assessment criteria differ from one program to another?
- Enablement: What are the opportunities, enablers and barriers for/to a common pool of assessors?
Focus and Scope
Will only look at Identity Proofing, as it the common piece between the accreditation initially in scope. A separate future study may be performed to expand the scope of this work.
The work will be broken down into three focus groups.
- Business Case Focus Group (Terry Gold, interim group leader) - Seeking input from the industry, investigate and describe the overall challenges, considerations and body of the study.
- Overlap Focus Group (Rich Furr, group leader) - Performing a comparative review of the policies between each accreditation in scope and providing clarity where commonality, similarities and differences exist.
- Metrics Focus Group (Bob Sullivan, group leader) - Analyze the financial impact of achieving harmonization between TFPs and enabling organizations to execute accreditation more efficiently.
The Feasibility Study endeavors to be inclusive and benefit from a variety of experiences and perspectives. If you are interested in participating, please reach out to Terry Gold.