Transcription
Identity Managementfor InteroperableHealth Information ExchangesPresented to the NASMD Medicaid TransformationGrants HIE Workgroup - March 26, 2008Presented by:John (Mike) Davis, Department of Veterans AffairsCo-Chair HITSP ICM WorkgroupJohn Moerke, GE HealthcareCo-Chair HITSP SP&I Technical CommitteeGlen Marshall, Siemens HealthcareCo-Chair HITSP SP&I Technical CommitteeWalter G. Suarez, MD, Institute for HIPAA/HIT Education and ResearchCo-Chair HITSP SP&I Technical Committee
Task 1: Define terms Identity Management (IdM)The set of business processes, and a supportinginfrastructure, for the creation, maintenance, and useof digital identities within a legal and policy context. Burton Group 2003The capability to manage (create, modify, delete) alluser accounts and user profiles (and so forth) thatcan be identified with each person across theheterogeneous IT environment via a combination ofuser roles and business rules. [Gartner]A system of procedures, policies and technologies tomanage the lifecycle and entitlements of electroniccredentials [GSA]
Task 1: Define terms (cont.) Identity and Access Management (IAM) –Includes authentication and user provisioning (UP)management, password management, role matrixmanagement, enterprise single sign-on, enterpriseaccess management, federation, virtual andmetadirectory services, and auditing. (Gartner) Identity Credential Management (ICM) –Includes the management of credentials within anIdentity Management or Identity and AccessManagement framework.
Identity Management [GSA] A system of procedures, policies and technologiesto manage the lifecycle and entitlements ofelectronic credentialsDirectoryServicesRepositories for storing and managing accounts,identity information, and security credentialsAccessManagementThe process of authenticating credentials andcontrolling access to networked resources basedon trust and identityIdentityLifecycleManagementThe processes used to create and delete accounts,manage account and entitlement changes, and trackpolicy compliance
Approaches toIdentity Management
Two Views of Identity Classic: Classic patient identitysystems provide key fields necessaryto correlate patient attributes to arecord in a healthcare database.Correlation imprecision is allowed/expected.Classic patient identity systems are notintended to provide (not authoritative for) ITaccess.
Two Views of Identity Security Focused: Risk-based useridentification and credentialmanagement. Today even the mostbasic authentication methods (e.g.password) are provided based uponrisk-based assurance of identity.Security systems are not intended toprovide (not authoritative for) identity(create, update attributes, etc.) NOT usedfor IT access.
Alignment of ConceptsSecurity Services Primary Context: Services areprovided by identities (persons)Secondary Context: Persons(Identities) perform businessfunctions in multiple contextsManagement:––––––Identity can be provisionedIdentity can be authenticatedIdentity can be authorizedAccess by an identity can becontrolledIdentity can be federation amongmembersIdentity can be known in multiplecontextsIdentity Services Primary Context: Services andbenefits are provided to identities(persons)Secondary Context: Multipleorganizations collaborate indelivery of services and benefits topersons (identities)Management:–––––Identity can be consistently definedIdentity uniqueness can be identifiedIdentity can be provisionedIdentity traits can be updatedIdentity can be known in multiplecontexts
Identity ManagementProgram (VA)
CollaborationOneVA Identity Management PIVFunctions as LOB systemWould use identifier on smartcard forintegration with enterprise systemsPIV issued smartcard controlsaccess to resources e-AuthenticationIdentity Management DB can beused as additional secure identitydatabase for authentication supportfor online systemsEDI-PIVA IDDiagram presents view of possibleto-be approach to identitymanagementCorrelation service associatesexternal systems’ identities withenterprise identities, enabling sharinginformation with external agenciesConsolidated identity domain coversline of business (LOB) systemsOther identifier
Relationship of IdentityManagement to otherBusiness ProcessesAuthentication, Authorizationand Access Control
I&AM Framework
I&AM Core Components
Managing CredentialsChanging of user attributes, Revocation Maintenance Plane
BoundariesIdentity Management DoesEstablish unique identity and managechanges to identityCross reference or correlate diversesystemsDoes Not Establish what an identity can access Assign a specific token to an identityAuthentication DoesProvision credentials to authenticatedindividualsValidate an entity’s providedcredentialsEnable digital signature Does NotAssign a unique identifier to everypersonCorrelate identities between systemsEstablish what an identity can accessAuthentication DoesEstablish roles/policies for access toresourcesProvide/prevent access to resourcesconsistent with authenticated person’sroles Does NotAssign a unique enterprise identifier toevery personCorrelate identities between systemsEstablish what an identity can access
Access Management: Definition Mechanism that provides control ofentry to and use of protectedresources (information systems,buildings, etc.)
Access Management: Definition An Access Management system is responsiblefor determining, based on person’s uniqueidentity, person’s assigned role and their havingbeen authenticated, what assets the personshould be allowed to access/use. Role Based Access Control Application Integration Delegation Authentication AuthorizationLocalized enforcement of centrally managedsecurity policies using roles or business rules
Federation E-Authentication InitiativeSAML – Security Assertion Markup LanguageAssurance Levels
The Importance ofInteroperabilitySelecting and Adopting anIdentity ManagementApproach
What is “Interoperability”“The ability of different information technology systems andsoftware applications to communicate, to exchange dataaccurately, effectively and consistently, and to use theinformation that has been exchanged.”Source: National Alliance for Health Information Technology, July 2005; “Consensus Conventions for the Useof Key HIT Terms” Project – ONC/HHS, 2008
Service-oriented Security ArchitectureFine-Grain Entitlement ManagementImplementation Approaches EnableInteroperabilitySource: RSA Conference 2007 IAM-303 JPMorgan Chase HL7 world-wide standard for interoperable permissions (RBAC) that can be used withhealthcare applications, business partner exchanges and worldwide. HL7 Standard for Confidentiality Codes for patient consent directives
Review of Standards
Standards Enterprise Person IdentifierASTM e1714-00 Enterprise Person Identity ServicesHL-7OMG PIDS Security ServicesNIST – FIPS 201-1OASIS XACMLHL-7 CCOW and more Other factorsHSPD-12
HITSP and IdentityManagementIdentifying InteroperabilitySpecifications and Constructs
Health Information Technology Standards Panel(HITSP)
HITSP and Interoperability
HITSP Security, Privacy and Infrastructure(SP&I) Technical Committee Goal: Identity, evaluate and recommend security, privacy andinfrastructure constructs to address interoperability needs andrequirements defined by the AHIC-ONC Uses Cases Process:Identify Security, Privacy and Infrastructure needs (requirements) fromAHIC use-casesIdentify and document a set of common constructs that can be appliedto the initial three AHIC use cases AND to future use cases. Recommend the adoption of constructs by the SecretaryIncorporate the recommended constructs throughout all HITSPInteroperability SpecificationsMaintain/update constructs periodically (and develop new ones, asneeded) based on new use cases issued by AHIC
HITSP Security and Privacy Constructs
HITSP SP&I’s Entity Identity Assertion Scope:This Component covers all scenarios in which HITSPTransactions cross enterprise boundaries, as well astransactions that may occur within an enterprise. Construct Requirements:Entities are authenticated to assure that the entity isthe person or application that claims the identity
HITSP SP&I’s Entity Identity Assertion Functionality: The key functionality supported by thisconstruct is the identification and authentication of entitiesaccessing the protected resources. At the end of theComponent, the following conditions or outputs are provided:Entity has authenticatedAn error condition occurs. This can include errors in the verificationstep – malformed assertion; assertion from a distrusted identityprovider; assertion from individual without enough information toperform verification; or identity provider is unknownEntity identity assertion is verifiedThe results of the authentication are made available to theAuthentication ProviderA security audit event is generatedAuthentication information that was verified is available
HITSP SP&I’s Entity Identity Assertion Example of Expected Use:User using a Document Registry or DocumentRepository is the patient. They are using anauthorized PHR service which is handling theDocument Consumer responsibilities. The ServiceProvider wants to restrict the information returned tothose that have been released for patientconsumption (for example a lab result thatregulations require the provider to discuss in personbefore releasing the information)
Questions & AnswersSession
Identity Management Does Establish unique identity and manage changes to identity Cross reference or correlate diverse systems Does Not Establish what an identity can access Assign a specific token to an identity Authentication Does Provision credentials to authenticated individuals Validate an entity's provided
