Skip to content Skip to navigation

A NSTIC Healthcare Pilot Underway to Build Nationwide Trust Framework

October 8, 2012
by Jennifer Prestigiacomo
| Reprints
Pilot organizations to ‘demonstrate a nationwide capability for patient-centric care’

A pilot is now underway to demonstrate that sensitive health transactions on the Internet can earn patient and physician trust by using a trust network built around privacy-enhancing encryption technology to provide secure, multifactor, on-demand identity proofing, and authentication across multiple sectors.

In September, the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) announced more than $9 million in grants to support the National Strategy for Trusted Identities in Cyberspace (NSTIC). The five pilots span multiple sectors, including healthcare, online media, retail, banking, higher education, and state and local government, and will test new solutions and interoperable identity credentials to access online services in a way that promotes confidence and is HIPAA compliant.

For the healthcare pilot, Resilient Network Systems Inc. received close to $2 million to partner with the American Medical Association, Aetna, the American College of Cardiology, ActiveHealth Management, Medicity, LexisNexis, NaviNet, the San Diego Beacon eHealth Community, Gorge Health Connect, the Kantara Initiative, and the National eHealth Collaborative.

“The overriding issue is how can we exchange messages between our addressing systems and how can we handle identity management,” says Brian Ahier, president of Gorge Health Connect Inc., and health IT evangelist at the Mid-Columbia Medical Center in The Dalles, Ore. “This [pilot] is creating a need for a scalable way for identity management and a trust fabric to be built.”

Brian Ahier

The pilot organizations will “demonstrate a nationwide capability for patient-centric care,” says Jonathan Hare, founder and president, Resilient Network Systems. “A patient gets their care from many different providers, and their data lives in many different places, and organizations typically don’t agree on how to identify a patient, so you have to have a consistent way on agreeing who is who and verifying identities and relationships.”

Much ongoing work has been done by the EHR-HIE interoperability workgroup, Western States HIE Consortium, to create identity management standards, and the NSTIC pilot will continue this work and run in parallel with these efforts.

“We’re hoping to solve a broader problem than what we’re facing here locally, in that health information service providers (HISPs) that provide Direct messaging services tend to have localized trust fabrics,” says Ahier. “If I wanted to send a message HISP to HISP and connect outside of our network, then we’d have some trust issues and ID management issues that have to be to overcome.”

Ahier says developing a scalable method for identity management will be helpful to prevent “one-off” trust management connections and will better coordinate care for snowbirds that spend time in different states. In his state there are seven local HIEs, in addition to the Oregon state HIE, CareAccord, which equates to a number of local HISPs that Gorge Health Connect would want to create trust relationships with.

“My primary interest in this was solving this particularly thorny problem of HISP to HISP connectivity and building out that trust fabric that we could scale at a national level,” says Ahier. “Direct is baked into Stage 2 meaningful use, so I think it is vital now that we enable this trust fabric to scale at national level. I want to avoid the problem of having these walled garden approaches where local HIEs and vendors have the capabilities for Direct messaging, but only within their own systems.”

A use case that Ahier is particularly excited about is solving the provider management connection challenges for a migrant population from San Diego that pick fruit in Oregon orchards and receive care at La Clínica del Cariño Family Health Care Center, a federally-qualified health center (FQHC) in Hood River, Ore.

The discovery phase of the one-year pilot is just getting kicked off, which will be followed in January by prototype building, creating service connectors, and integrating policies for third-party systems. In May 2013, pilot testing will begin.

“I think there are going to be some paths to commercialization that will open up based on market opportunities,” says Ahier. “Especially as we get to the ending phases of the pilot and we start to see the opportunity for us to expand the trust network and support additional projects and gives us an opportunity to move toward nationwide expansion. It is very far off, but I am very hopeful that we will succeed.”