Digital Identity

Download our Digital Identity and Federation White Paper

Focus: Advancing implementation of the NIST Identity Assurance Level 2 (IAL2) and Authenticator Assurance Level 2 (AAL2) guidelines in health care

Work in Development: An open source framework for federating trusted Identity Assurance Level 2 (IAL2) certified credentials across health care organizations using a person-centric approach which leverages biometrics and mobile technologies.

CARIN Resources

Attestation, Identity, and Trust Framework by CARIN
HL7 Connectathon Attestation

Digital Identity and Federation White Paper

The 21st Century Cures Act, the ONC Cures Act Final Rule, and the CMS Interoperability and Patient Access rule have accelerated the ability for an individual to access their personal health information via an application of their choice leveraging HL7® FHIR® Application Programming Interfaces or APIs. To support consumer access, we must ensure that people are who they claim to be so the right information can be shared with the right person at the right time. CARIN supports “person-centric” digital identity credentials to facilitate this ecosystem; an individual has a portable, high-assurance digital identity credential they can use to control when and how their personal information is shared across systems.

The CARIN Alliance is working on development of a federated trust agreement to foster and federate trust in digital identity credentials. The federated trust agreement will address standardization and best practices related to security, data protection, authentication, identity proofing, privacy, user experience, interoperability and the conformance regime to ensure these specifications and policy obligations are certified and can be enforced.

Read more about the importance of this work in our draft White Paper: Digital Identity and Federation in Health Care

2019 CARIN Health Care Digital ID Summit

A cross-section of industry leaders from both inside and outside health care met to discuss how to digitally identify individuals across systems without the need for portals in Washington, D.C. as part of a digital identity summit on June 4th. Participants discussed how to improve the exchange of data across systems leveraging a person’s individual consent preferences and the use of Fast Healthcare Interoperability Resources (FHIR) application programming interfaces (APIs). The group highlighted best practices and open standards for securely identifying, authenticating, and matching individuals to their health information across multiple health plans, providers, and health information exchanges (HIEs) in a trusted way with consumer consent.

Other Resources on ID & Authentication

Collecting Patient Attributes

National Association of Healthcare Access Management (NAHAM)

  • NAHAM provides a set of best practices, developed by the professional association of patient registrars, for better collecting key patient data attributes.


Patient Matching

Pew Charitable Trusts


Digital Identity and Authentication Guidelines


ONC FAST Solutions


User Authentication

FIDO Alliance

The FIDO Alliance uses an open, universal two-factor authentication standard (combination of your finger’s biometric and a cryptographic key built into the hardware in your phone) to eliminate the need for user names and passwords on the internet. See their resources:


Trust & Federation

The third-party certifiers that independently verify identity providers and their processes.

Kantara Initiative

Direct Trust


SAFE Identity