CPS WORKGROUP DOCUMENT

***Working Draft *** Pre-decisional*** 12/18/06

January 23, 2007

The Honorable Michael O. Leavitt

Chairman

American Health Information Community

200 Independence Avenue, S.W.

Washington, D.C. 20201

Dear Mr. Chairman:

The American Health Information Community has identified and prioritized several health information technology applications, or “breakthroughs,” that could produce a specific tangible value to healthcare consumers. To address one of these breakthrough areas, the Confidentiality, Privacy, and Security (CPS) Workgroup was formed and given the following broad and specific charges:

Broad Charge for the Workgroup: Make recommendations to the Community regarding the protection of personal health information in order to secure trust, and support appropriate electronic health information exchange.

Specific Charge for the Workgroup: Make actionable confidentiality, privacy, and security recommendations to the Community on specific policies that best balance the needs between appropriate information protection and access to support, and accelerate the implementation of the consumer empowerment, chronic care, and electronic health record related breakthroughs.

BACKGROUND AND DISCUSSION

The following recommendations were developed by the American Health Information Community (AHIC) Confidentiality, Privacy and Security (CPS) workgroup on the topic of patient identity proofing. They seek to advance the specific charges of the Consumer Empowerment, Electronic Health Record (EHR) and Chronic Care workgroups and are not intended to introduce barriers to the efficient and effective provision of healthcare.
In addition, the recommendations below do not intend to make care conditional on the use or attempted use of services for electronic access to health information.

Furthermore, the recommendations below intend to establish a baseline for patient identity proofing in the electronic health information exchange environment. Where a particular recommendation presents a range of possible options for patient identity proofing, those options should be evaluated in the context of the specific environment to ensure the appropriate confidentiality, privacy, and security protections are put in place.

We suggest that these recommendations, if accepted by the AHIC, be considered by the Department of Health and Human Services (HHS) for adoption as HHS policy regarding current and future activities, including appropriate federal contracts, pilot and demonstration projects as they relate to the specific workgroup charges listed below and their broad charges where appropriate. Furthermore, it is the workgroup’s intention that these recommendations apply more broadly to the healthcare system, and that public and private sector organizations would parallel HHS in their implementations.

GENERAL STATEMENTS

1. We defined identity proofing as the process of providing sufficient information (e.g., identity history, credentials, and documents) to correctly and accurately establish and verify an identity to be used in an electronic environment (e.g., over the Internet).

2. The purpose of these recommendations is to advance the specific charges of the Chronic Care, EHR, and Consumer Empowerment workgroups. The workgroup discussions and these recommendations are related solely to the following issue areas. More widespread application of these recommendations may necessitate further review.

1. Chronic Care - Make recommendations to the Community so that within one year, widespread use of secure messaging, as appropriate, is fostered as a means of communication between clinicians and patients about care delivery.

2. EHR - Make recommendations to the Community so that within one year, standardized, widely available and secure solutions for accessing current and historical laboratory results and interpretations is deployed for clinical care by authorized parties.

100. Consumer Empowerment - Make recommendations to the Community so that within one year, a pre-populated, consumer-directed and secure electronic registration summary is available to targeted populations. Make additional recommendations to the Community so that within one year, a widely available pre-populated medication history linked to the registration summary is deployed.

3. All data included in secure messaging, EHRs, and PHRs are sensitive. Appropriate policies and supporting security measures must be in place to mitigate the risks of unauthorized or unintended data disclosure.

4. It is important to understand that identity proofing is just one part of an overall process (e.g., validation, revocation, etc.) for issuing and maintaining electronic identity credentials. All parts of the process are interdependent and if they do not achieve comparable levels of security, the overall strength of the electronic identity credential may not be adequate.

RECOMMENDATIONS

Recommendation 1: Entities that offer healthcare consumers or their authorized proxy(ies) The workgroup would assume that establishing authority to act as a proxy would mirror the HIPAA Privacy Rule’s provisions for personal representatives (45 CFR §164.502 (g)), applicable state law requirements or would require patient authorization. electronic access to data and services through secure messaging, PHRs, or EHRs should perform, or rely upon, identity proofing performed by the entity or an accountable trusted third partyA trusted third party is an entity that both the healthcare consumer or their authorized proxy and healthcare entity trust for the purpose of performing identity proofing on behalf of the entity. that meets or exceeds one of the following options (1.1, 1.2, 1.3). Note: If the primary method chosen by an entity does not apply in some instances, one of the other methods below should be chosen.

1.1:

When it is practical and feasible for a healthcare consumer or their authorized proxy to present themselves in-person, in-person identity proofing should be performed by the healthcare entity. Identity proofing can be achieved by using a valid, government issued, picture-ID to verify identity. Examples of such documents include: A passport; driver’s license or state issued ID; permanent resident card; military ID.

1.2:

When the healthcare consumer or their authorized proxy has an established and durable relationship (e.g., long-standing, trusted) with an entity, this relationship could be used to confirm the consumer or proxy’s identity on the basis of that relationship. Examples of confirmation may include: in-person or telephonic recognition, etc., where confirmation occurs at the time of the request. (i.e., a voicemail or message left for the entity to confirm at later time would not be acceptable).

1.3:

When the healthcare consumer or their authorized proxy is unable to meet the criteria necessary to satisfy 1.1, and the entity determines that 1.2 is not viable, identity proofing should consist of a method that verifies a persons identity based on information they know or can produce about themselves when asked (e.g., last three addresses, last prescription, electronic device, etc.). In instances where the healthcare consumer or their authorized proxy:

1. has no prior relationship with the entityIn this situation, the CPS workgroup has come to understand that if the entity contacted is a physician, and the purpose of the contact is to receive care through the physician’s electronic services, certain medical practice guidelines may govern the physician’s ability to treat or medically communicate with the requestor. ; the entity or trusted third party should 1) request basic identity data (e.g., name, address, date of birth, etc.), and 2) challenge the individual to provide some personal information verifiable by a reliable data source (e.g., Department of Motor Vehicles, Credit Bureau, State Records, etc.);

2. has a relationship with the entity; the entity or trusted-third-party should 1) request basic identity data (e.g., name, address, date of birth, etc.), and 2) challenge the individual to provide some personal information specific to that relationship.