Identity Assurance WG testimony to Health IT Committee and NHIN

The content below is a transcript of testimony that was presented at the Health IT Committee/Nationwide Health Information Network (NHIN) Workgroup public hearing on identity management and authentication on Jan. 7. by Frank Villavicencio, chair of the Identity Assurance Work Group (IAWG). The NHIN is a collection of standards, protocols, legal agreements, specifications, and services that enables the secure exchange of health information over the internet. To learn more about the NHIN please visit their site. If you would like to subscribe to the IAWG mail list or become involved in the IAWG activities visit their home page for further details.
Update on Jan 14, 2010: Frank Villavicencio (IAWG Chair) has also posted some follow-on additional information on his blog here >>
Testimony transcript is below —
My name is Frank Villavicencio, and I am here in my capacity of Chair of the Identity Assurance Work Group of the Kantara Initiative. We thank you for this invitation to testify.
The Kantara Initiative is an industry consortium formed by more than 120 different organizations, governments, foundations, associations, and individuals working on various aspects of digital identity.
Kantara’s goal is to develop the mechanisms to support industry development of interoperable identity management frameworks to increase Internet security while making it easier for users to log into multiple services. As such we believe strongly that the current Kantara work offers immediate solutions to healthcare’s security needs.
I believe that a specific program that Kantara has developed, the Identity Assurance Framework, or IAF, can be adopted immediately by the NHIN, it is ready now and is, in fact, already in use. The Identity Assurance Framework is technology agnostic and already supported by a wide range of industries and organizations globally, both within and outside of healthcare. This program allows multiple identity service providers to support the vast array of users in health care.
The Identity Assurance Framework (IAF) has been developed through collaboration and input from members of the global financial services, government, healthcare, biopharmaceutical, IT security, and telecom sectors. It is based on the four levels of assurance defined in NIST SP 800-63 and OMB publication M04-04. It supports different authentication solutions and identity proofing methods at the various levels of assurance. It recognizes the differences between low and high value transactions and, as such, associated risk profiles and trust levels. Specifically, the Kantara Identity Assurance Framework consists of four parts:

  • Assurance Level Definitions
  • Service Assessment Criteria
  • Assurance Assessment Scheme and Certification Program
  • Deployment Guidelines
  • The end goal of the IAF work is to provide public and private sector organizations a uniform means of relying on digital credentials issued by a variety of identity assurance providers (credential service providers) to support multiple levels of assurance to facilitate public access to online information. The IAF does not replace any of the existing certificate service providers, nor does it aim to become a Federated Identity Provider. Rather, it provides the criteria to assess and measure compliance with established standards to assure interoperability of e-authentication systems.
    Specifically for the focus of this forum, a common set of policies, procedures, and standards to facilitate reliable and secure access to health information is required. Such an approach assures the continued local authorization while using these standards and practices to specify what patient information can be shared, and how the information can be used. To ensure such compliance, yet maintain a level of local autonomy, we suggest the participating members of the NHIN belong to an IAF-compliant Identity Federation. Federation, in this view, is a response to the difficulties presented by the need to maintain decentralized systems with a certain level of local autonomy, yet ensure secure access to critical patient data. Formal federation using a standard set of policies, rules and procedures allows participants to access critical information across the federation.
    We believe the adoption of federated identity is key to a viable national health network that protects the privacy and security of all ecosystem participants and helps contain escalating healthcare costs.
    The implementation of the IAF supports identity federation that is secure, private, and auditable. It offers businesses, government, employees and consumers a more convenient and reliable way to exchange identity information in today’s digital economy. Please consider the following:

    1. The IAF is a finished industry standard—it’s publicly accessible, based on recognized US Government standards and open and available for free use and implementation today.
    2. The IAF is cross-industry—there is no need to create a Health-specific project which may or may not be adopted. Indeed, other experts before you today already utilize and/or have contributed to the IAF. It is currently in evaluation by the Federal CIO Council’s Identity Credentialing & Access Management (ICAM) sub-committee as the first US Government recognized Trust Framework.
    3. The IAF structure is compatible with the existing NHIN/Connect gateways. It has already been utilized in various proofs of concept by HIMSS and GSA, HISPC, and others, and has been publicly adopted by the Michigan Health Information Exchange and the Minnesota HIE-Bridge Health Information Exchange. Additionally, the three co-chairs of our Healthcare Identity Assurance Workgroup, John Fraser, Pete Palmer, and Rick Moore, through their HIMSS support, led a pilot with the GSA in 2007 showing that six Health Information Exchanges (HIEs) spread across the country—Connecticut, Michigan, Minnesota, Nevada, Ohio and Texas, could use a common authentication framework. It was based on the operational interoperability defined in the IAF. (
    4. The IAF is technology agnostic. Through its four NIST-based levels of assurance, it is compatible with federal security architectures. In fact, in a co-funded exercise with the GSA in fall 2008, we mapped NIST 800-63 and the IAF requirements and found them to be compatible and complementary.
    5. The IAF can help increase NHIN security, which helps protect patient privacy. This is a core tenant, we believe, to effective identity management—in fact, we have a whole work group dedicated to privacy issues—and we are committed to strong security in all activities.
    6. Given all of these factors, use of the IAF will build stronger trust into NHIN, which will accelerate adoption. Widespread use will lead to better consistency of practice, cost savings and increased privacy and security.
    7. Consistent process and the operational interoperability achieved via the IAF will help reduce the “fear factor” for health information exchanges (HIEs) to plug in and share. Indeed, the South-East Michigan Health Information Exchange (SEMHIE) has already paved the way to success here.
    8. The urgency and importance of making this transformation to a better use of information and related technologies in the health system is very widely appreciated. Dozens of communities and innovative networks across America have begun implementing information exchange solutions – the IAF delivers a common pathway, uniform standards, and a secure, private and consistent basis for information exchange. Use of the IAF as a common framework will maximize the value of other U.S. Government efforts already in progress.

    The NHIN can *only* succeed if digital identities are issued and credentials are managed using a common set of rules (policies and procedures). The IAF provides this rule book and has a program to assess and certify compliance. No other standards body provides this kind of comprehensive support for trusted identity management on a national and global scale