HIAWG Trust Exchange and Interoperability - Position Statement v0 3 - plp.docx

The Kantara Initiative’s Value Proposition for the Healthcare Modernization  - DRAFT 6/20/2012




There are numerous initiatives evolving in the health care sector that require strong identity management to ensure security, privacy, and trust. These include the many Health Information Exchanges (HIEs) being deployed around the country, the Drug Enforcement Agency's electronic prescribing of controlled substances (EPCS) rule, ONC's Direct effort,  the Nationwide Health Information (NwHIN) development, Accountable Care Organization (ACO) pilots, and "meaningful use" interoperability requirements.  The standards, policies, and programs of the Kantara initiative provide all of the basic elements needed to create an identity ecosystem where a single identity can be used and re-used in these and numerous other healthcare scenarios.


Today, a health care provider’s identity is tied to each clinical and administrative system they use. Single sign-on solutions exist for large organizations; however, these solutions do not necessarily scale beyond the walls of the organization where point-to-point integration and agreements must exist between organizations in order to provide system access to individuals. This requires health care providers to manage a multitude of credentials to access their various accounts for clinical and administrative data exchange.


Health care providers need solutions that are portable and ubiquitous, while health care provider organizations such as integrated delivery systems need assurance that their affiliated health care providers are trusted to access services and information regarding their mutual patients. Clinical system vendors need a common standard to minimize their operational cost while maximizing options for their customers.


The Kantara Initiative is a non-profit, member driven organization which develops standards and runs an accreditation program in the area of digital identity management. 


The Kantara Initiative is a robust, open and transparent focal point for collaboration to address shared issues across the identity community: Interoperability and Compliance Testing; Identity Assurance; Policy and Privacy; Cross-Community Coordination and Collaboration; Education and Outreach; Use Cases and Requirements; Harmonization; and Tool Development. 


Kantara has over 80 members and partners representing national and international interests to build Trusted Identity Systems across varying sectors including: government agencies, healthcare, telecommunications, financial, and eCommerce. Our working groups focus primarily on: Identity Assurance, Healthcare Trusted Systems, eGovernment requirements, Privacy and Policy, and interoperability.

The Kantara Initiative Identity Assurance Framework (IAF) was developed over the past 10 years in order to provide a standard, well understood methodology for issuing and managing digital credentials. 


The IAF and the federal government's NIST 800-63 standard have been harmonized and support the following to ensure identity trust and interoperability:


1. Four progressively stronger levels of assurance

2. The identity proofing requirements for each level of assurance

3. The types of credentials that can be used at the various assurance levels

4. The acceptable methods for authenticating these credentials

Additionally, the Kantara Initiative has been approved by the US Federal Government Federal Identity Credential and Access Management team as a Trust Framework Provider qualified to operate at Assurance Levels 1, 2 and 3 non-crypto.  Kantara-Approved Services are qualified to issue and manage credentials that can interoperate and access US Government on-line services such as National Institute of Health (NIH) research libraries or Veterans Association (VA) benefits. Kantara Initiative also actively works with international governments, regions including North America, Europe and Pan-Asia, to align this program for multi-jurisdictional adoption.

What we offer:

Kantara Initiative offers our Identity Assurance Accreditation and Approval program for adoption by varying end-user communities.  Our program is operational and managed by world-wide experts in the fields of: Identity Management, Federation Operators, Government Policy Makers, Assessors, Service Providers (Relying Parties), and Research and Education Networks. One of our main goals is to ensure that organizations and communities to not need to reinvent the wheel to perform such services.  Kantara continually collaborates with partners and peers to provide a high value trusted services to end-user stakeholders.


Based upon previous work of Electronic Authentication Partnership, the Liberty Alliance, ISO and NIST 800-63, Kantara Initiative has developed the Identity Assurance Framework – Service Assessment Criteria to provide Credential Service Providers with guidance with regard to fulfillment of Levels of Assurance (1-4) as well as to provide Assessors with guidance to executing independent assessments.


Additionally, Kantara has developed a “shell” process to manage the Accreditation of Assessors and verification that criteria is fulfilled by Credential Service Providers.  Our Accredited Assessor ecosystem includes: Deloitte & Touche, Electrosoft, and eValid8.  Assessor applicants in progress are Europoint and Zygma.  Our Approved Credential Service Providers are Verizon Universal Identity Service with Experian in process of an Identity Proofing service component Approval.  We have additional applicants in our queue who have asked to remain confidential until their review is completed.  We respect confidentiality and privacy as a core component of trust.

Kantara Alignments by Activity

Below the reader will find summaries of each initiative considered in this paper as well as clear statements of how programs of Kantara would directly align and support the enablement of desired healthcare exchange and interoperability Trusted Identity Systems. 

Nationwide Health Information Network: Conditions for Trusted Exchange


This RFI seeks broad input on a range of topics, including: the creation of a voluntary program under which entities that facilitate electronic health information exchange could be validated with respect to their conformance to certain ONC-established “conditions for trusted exchange (CTEs);”

Kantara Value Proposition:

The Kantara IAF and  the associated assessor’s program could be very useful in jump starting trust and identity management components and eliminate the need to develop new CTEs in these areas.


Drug Enforcement Administration Interim Final Rule (IFR): Electronic Prescriptions for Controlled Substances


The Drug Enforcement Administration (DEA) has revising its regulations to provide practitioners with the option of writing prescriptions for controlled substances electronically. The regulations will also permit pharmacies to receive, dispense, and archive these electronic prescriptions.

Kantara Value Proposition:

Because the Kantara IAF has been harmonized with NIST SP 800-63 and the Kantara programs have been approved as Trust Framework Provider by the General Services administration, the IAF should satisfy the Assurance level 3 trusted identity requirements of this IFR.


Federal Register – CMS NRMP: Meaningful use stage 2 interoperability criteria


This proposed rule would specify the Stage 2 criteria that eligible professionals (EPs), eligible hospitals, and critical access hospitals (CAHs) must meet in order to qualify for Medicare and/or Medicaid electronic health record (EHR) incentive payments. This proposed rule would also revise certain Stage 1 criteria, as well as criteria that apply regardless of Stage.

Kantara Value Proposition:

The secure exchange of clinical information is present in at the various MU stages, which implies a requirement of standardized identity management.  Once again, the IAF and the associated assessors program could be especially valuable for satisfying this requirement.


Infrastructure for Accountable Care Organizations (ACOs)


The concept of accountable care organizations (ACOs) has been set forth in recently enacted national health reform legislation as a strategy to address current shortcomings in the U.S. health care system.  This promotes the notion that patients are best served if their care is coordinated and managed at the community level rather than just by individual providers.

Kantara Value Proposition:

ACOs will only be successful if the identities of the participants are trustworthy.  The Kantara Initiative IAF and other work products can serve as valuable assets for ACOs which can be leveraged to ensure this trustworthiness.

Infrastructure for Health Insurance Exchanges


The Affordable Care Act requires each state to create an electronic exchange where people can go to shop for health insurance and enroll in Medicaid programs. 

Kantara Value Proposition:


Again, having trustworthy digital identities is the only way the Exchanges can be successful.  People’s privacy and the integrity of their transactions are at stake. The Kantara Initiative IAF and other work products can serve as valuable assets for these exchanges, which can be leveraged to ensure this trustworthiness.







The Katanra Initiative can play a vital role in ensuring the success in the healthcare sector as it transitions from the paper to digital world.