I’ve recently returned from the 7th ID Ecosystem Steering Group Plenary in Atlanta. This is an international public-private project focused on the anything-but-trivial issue of issuing people authoritative cyber-credentials: digital passports you can use to access government services, healthcare, banks and everything else online.
Cyber ID is more than a single-sign-on convenience, or a money-saver when businesses can stop asking you for the names of your pets, it’s rapidly becoming a critical foundation for cyber-security because it impacts the resiliency of our critical infrastructure.
Healthcare, it turns out, is becoming a design center for IDESG because healthcare represents the most diverse collection of human interactions of any large market sector. If we can solve cyber-identity for healthcare, we will have solved most of the other application domains.
The cyber-identity landscape includes:
- proving who you are without showing a physical driver’s license
- opening a new account without having to release private information
- eliminating the risk of identity theft
- civil or criminal accountability for your actions based on a digital ID
- reducing your privacy risks through anonymous or pseudonymous ID
- enabling delegation to family members or professional colleagues without impersonation
- reducing hidden surveillance by state or private institutions
- when appropriate, shifting control of our digital tools to us and away from corporations
The IDESG process is deliberate and comprehensive. It impacts many hot issues in health care including patient matching, information sharing for accountable care and population health, health information exchanges, prescription drug monitoring programs, accounting for disclosures, patient engagement and meaningful use, the physician’s ability to communicate and refer without institutional censorship, the patient’s ability to control information from our increasingly connected devices and implants, and more.
Hospitals and health industry incumbents that seek to solve the hot issues raised by health reform are not eager to wait for a deliberate and comprehensive process. For them, privacy and cyber-security is a nice-to-have. Who will pay for this digital enlightenment?
This results in a tension between public and industry interest as the healthcare industry tries to decide whether to fund the IDESG path or spawn ever more incremental solutions.
Our Healthcare Working Group is an interesting example. Although the chair, the vice-chair and many active members are physicians, there’s not a single hospital, insurer, health records, or information exchange vendor! I suspect this is about to change.
For me, the most exciting presentation at this meeting was from kindred spirits in the UK. Their cyber identity program, driven by the Digital by Default government mandate, is well under way. This summer, they begin a beta rollout of digital access to driver accident “points” and to employer tax deduction information. Health care, they acknowledge, is the most complex and likely among the last of the digital by default cyber-identity transitions.
IDESG is arguably the only current health IT program that makes citizen privacy and autonomy the design foundation. Necessity, in this case for digital efficiencies and cybersecurity, is the mother of invention. For me, as a patient and physician advocate, it’s an exciting time as industry and professional societies begin to see Digital by Default on the horizon and join the parade.
Adrian Gropper, MD is Chief Technical Officer of Patient Privacy Rights and participates in Blue Button+, Direct secure messaging governance efforts and the evolution of patient-directed health information exchange.