Www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 1:00 pm EDT, October 3, 2014 (626)

www.DirectTrust.org1101 Connecticut Ave NW, Washington, DC 20036 1

DirectTrustAll Members Meeting

1:00 pm EDT, October 3, 2014

https://global.gotomeeting.com/meeting/join/930802605

(626) 521-0013 -- 930-802-605#

http://www.directtrust.org/





Agenda

• Welcome and new member greetings• DTAAP, industry update, and news from members.• Presentation from MiHIN– “Identity Exchange Hub: Trusted Provider and Consumer

Identities”

• Workgroup updates• Open discussion and comment

“You are the most trusted names in Healthcare Exchange”


www.DirectTrust.org1101 Connecticut Ave NW, Washington, DC 20036

DirectTrust Members142 and Counting…..

33



DirectTrust Members142 and Counting….



New Members

• Prosocial Applications, Inc

• IOS Health Systems

• Ready Computing Inc

• HealthBridge

• RazorInsights, LLC

• Sujansky and Associates, LLC

• HealthShare Exchange of Southeastern Pennsylvania, Inc



Renewing Members



Newest Accreditations

• Health Companion• RelayHealth• Axesson



Facts and figures, August, 2014

8

145 member organizations Coop Agreement extended another year 20 fully accredited and audited HISPs, 13

CA/RAs 20 candidate status HISPs, 2 CA/RAs 37 HISPs in trust anchor bundles 50+ HIEs and 250+ certified EHRs supported 29,000 health care organizations supported 420,000+ Direct accounts/addresses

provisioned 8 million Direct messages past 13 months 450,000 Direct messages for Stage 2

Meaningful Users in month of July, 2014

DorectTrust Network



Identity Exchange Hub

Trusted Provider and Consumer Identities



Why are we doing this?

• Improve identity verification to reduce fraud

• Leverage and use the identity proofing processes of other trusted organizations

• Reduce IT staff workload (fewer account creations)

• Reduce number of IDs and passwords for providers and participants

• Improve security through standard processes

• Leverage State’s investment in Michigan Identity Credentialing and Access Management (MICAM)



Creation of the HICAM Federation

HICAM FederationIdentity Exchange Hub

Health Systems

Qualified Organizations

Direct Secure Messaging

HISPs

Statewide Health Provider

Directory

State of Michigan MICAM

F e d e r a ti o n P a r ti c i p a n t s ( p r o v i d e r s )

Protocols Policies Practices

HealthPlans

Consent and AdvancedDirectiveRegistries

Gift of Life Registry (organ

donors)

Health Identity Credentialing and Access Management (HICAM) federation is an alliance of organizations who agree to abide by a common set of protocols, policies and practices (the three P’s)



Creation of the HICAM Federation

HICAM FederationIdentity Exchange Hub

Personal Health

Records(PHRs)

Medicaid Member Portal (MyHealthPortal)

Direct Secure Messaging

HISPs

Statewide Consumer Directory

State of Michigan MICAM

F e d e r a ti o n P a r ti c i p a n t s ( c o n s u m e r s )

Protocols Policies Practices

Patient Portals

AdvancedDirectiveRegistries

ConsentManagementSystems for

standard behavioral health

consents

Health Identity Credentialing and Access Management (HICAM) federation is an alliance of organizations who agree to abide by a common set of protocols, policies and practices (the three P’s)



Trusted, federated identities for healthcare

Federated Identity Management (FIDM) in general consists of:

PROTOCOLS: The technical connectivity between systems• Expand Single-Sign-On (SSO) across organizational boundaries• Standards include OASIS, SAML 2.0, XACML• NIST 800-63 Levels of Assurance (LOA)

POLICIES: Legal and Trust Framework development• Legal agreements establishing “trust beyond reproach”• Federated Sharing Organization Agreement (FSOA) • Use Case Agreements (UCAs)

PRACTICES: Process implementation• Process workflow – precise series of steps• User Acceptance Testing (UAT)• Monitor the process – end to end walk through with participants



Protocols: Technical and Logical Connectivity

Currently connected Service Providers (for providers):– Beaumont Hospital – MiHIN Biometric LOA 3 Identity Provider– MiHIN Active Directory Identity Provider– Statewide Health Provider Directory (HPD) (Salesforce.com)– Direct Secure Messaging HISPs

Planned Service Providers for consumers:– Personal Health Records (PHRs) and Patient Portals

• MS-Healthvault• NoMoreClipBoard• Patient portals determined by Health Systems

– Consent and Advanced Directive Registries• Gift of Life Registry (organ donors)• Peace of Mind registry (living wills, DNRs, durable powers of attorney)• Standard Consent Management Systems (CMS)



LOA 3 Identity Registration System and Identity Provider

• Created an Identity Provider (IdP) capable of registering LOA 3 credentials for the HICAM federation

• Setting up identity proofing processes at USPS retail locations, Secretary of State offices and onsite at other health systems/plans (e.g. Beaumont Hospital)

15

First Provider, Dr. Robert Jackson registering for LOA 3 with biometric



Biometrics as Second Factor

16

Fujitsu Palm Scanners

Iris Scanners



USPS Digital Credential Process

MiHINIdentity

Registration

Step 1 Provider presents credentials to passport clerk at USPS retail outlet passport window(or Secretary of State, other sites)

Step 2Obtain secure biometric identity by scanning palm and/or iris

Step 3 Register provider and link biometric template to provider account information

Step 4 Digital credential created.

Palm/iris scanner can now be used to login, or secure id and password can be used



Identity Registration Screens

18

Welcome to trusted identity enrollment



Confirm Person (HPD lookup)

19

[email protected]

Statewide Health Provider Directory query results



Confirm Person (verify ids)

20

Identity Proofing



Select Biometric Form Capture

21

Picture alternately could be utilized for facial recognition in the future



Capture Palm

22

[email protected]



Registration Completed

23

[email protected]



Provider & Consumer Use Cases

Use Case for Identity Providers (IdPs): • Many health systems and health plans (including Medicaid) will stand up their own Identity

Providers (IdPs)• Provide the trusted identities that Identity Exchange Hub federates• IdPs must conform to HICAM Protocols from Implementation Guide

Use Case for Service Providers (SPs): • Service Providers under HICAM consist of services such as:

– Direct HISPs– Statewide Health Provider Directory– EHRs– Health and Medicaid systems inside state firewalls via MICAM– Health registries outside state firewalls such as:

• Peace of Mind (Advance Directives e.g. Living Wills)• Gift of Life (Organ donors)• Consent registries (standard consents at CMHs, clinical trial consents)

• Trusted identities from an IdP can be used for SSO between SPs• SPs must conform to HICAM Protocols from Implementation Guide

24



Thank you

Please send questions/inquiries to:

Jeff Livesay – Associate [email protected]

Brian Seggie – Director of [email protected]


mailto:[email protected]



Workgroup Reports

• Patient and Consumer Participation in Direct – Lucy Johns and Leslie Kelly Hall

• Directory Policy – Bruce Schreiber and Jim Fisher• Security and Trust Compliance – Luis Maas and Jeff McDonald• Trust Anchor Bundle Operations – Greg Meyer• Certificate Policy and Practices – Don Jorgenson • Clinical Transitions of Care – Holly Miller and David Kibbe



Discussion

David C. Kibbe MD, President and CEO [email protected]@mac.com913.205.7968

Lucy Johns, MPHIndependent Consultant [email protected]




Documents

Www.DirectTrust.org 1101 Connecticut Ave NW, Washington, DC 20036 1:00 pm EDT, October 3, 2014 (626)