Download our Digital Identity and Federation White Paper
Focus: Advancing implementation of the NIST Identity Assurance Level 2 (IAL2) and Authenticator Assurance Level 2 (AAL2) guidelines in health care
Work in Development: An open source framework for federating trusted Identity Assurance Level 2 (IAL2) certified credentials across health care organizations using a person-centric approach which leverages biometrics and mobile technologies.
Attestation, Identity, and Trust Framework by CARIN
HL7 Connectathon Attestation
Digital Identity and Federation White Paper
The 21st Century Cures Act, the ONC Cures Act Final Rule, and the CMS Interoperability and Patient Access rule have accelerated the ability for an individual to access their personal health information via an application of their choice leveraging HL7® FHIR® Application Programming Interfaces or APIs. To support consumer access, we must ensure that people are who they claim to be so the right information can be shared with the right person at the right time. CARIN supports “person-centric” digital identity credentials to facilitate this ecosystem; an individual has a portable, high-assurance digital identity credential they can use to control when and how their personal information is shared across systems.
The CARIN Alliance is working on development of a federated trust agreement to foster and federate trust in digital identity credentials. The federated trust agreement will address standardization and best practices related to security, data protection, authentication, identity proofing, privacy, user experience, interoperability and the conformance regime to ensure these specifications and policy obligations are certified and can be enforced.
Read more about the importance of this work in our draft White Paper: Digital Identity and Federation in Health Care
2019 CARIN Health Care Digital ID Summit
A cross-section of industry leaders from both inside and outside health care met to discuss how to digitally identify individuals across systems without the need for portals in Washington, D.C. as part of a digital identity summit on June 4th. Participants discussed how to improve the exchange of data across systems leveraging a person’s individual consent preferences and the use of Fast Healthcare Interoperability Resources (FHIR) application programming interfaces (APIs). The group highlighted best practices and open standards for securely identifying, authenticating, and matching individuals to their health information across multiple health plans, providers, and health information exchanges (HIEs) in a trusted way with consumer consent.
Collecting Patient Attributes
National Association of Healthcare Access Management (NAHAM)
Pew Charitable Trusts
Digital Identity and Authentication Guidelines
ONC FAST Solutions
The FIDO Alliance uses an open, universal two-factor authentication standard (combination of your finger’s biometric and a cryptographic key built into the hardware in your phone) to eliminate the need for user names and passwords on the internet. See their resources:
Trust & Federation
The third-party certifiers that independently verify identity providers and their processes.