Thursday Dec 10, 2009

Federated Identity for Electronic Medical Records

Many thanks to my good friend Jonathan Gershater for sending me the link to another excellent post about Identity and Healthcare.  I particularly like his illustration of using Federated Identity to facilitate trusted exchange of medical records between different medical service providers. 

A user of any (Healthcare) ServiceProvider, who has been issued a digital identity by the trusted IdentityProvider, may seamlessly interact with the healthcare providers (SPs). The user will present the digital identity issued by the IdP, the SP will verify the Identity, and the user will be granted access to the Service Provider’s application. However, based on the user’s attributes and role, the functionality available to the user will vary.  A physician may alter a medical record but only within their specialty ( a dermatologist cannot alter a prescription for spectacles). A pharmacist may view but not alter the prescription for insulin in a healthrecord.  A patient may only view but not alter their medical record.

Federated Identity for Electronic Medical Records

Identity Enables NHIN or Health Internet

Jonathan Gershater recently published an interesting blog post exploring the conceptual differences between the National Health Information Network (NHIN) infrastructure, “a collection of standards, protocols, legal agreements, specifications, and services that enables the secure exchange of health information over the internet,” and an alternate approach known as the Health Internet, “an open-market standards-based approach to enable the exchange and sharing of electronic health data, using existing Internet standard protocols and web technologies.”

Jonathan referenced two informative posts on The Health Care Blog and Practice Fusion’s blog.  I’m still trying to wrap my mind around the significance of these two architectural directions, but it certainly appears that Identity is a critical part of the solution, regardless of what alternative approach or derivatives thereof may emerge.  Any Electronic Health Record (EHR) system must be based upon secure, flexible and scalable Identity Management system.

Thank, Jonathan, for the excellent reference.

Tuesday Nov 17, 2009

Identity and Access Management - Enabling HIPAA/HITECH Compliance

hipaa The white paper I mentioned several days ago, Identity and Access Management – Enabling HIPAA/HITECH Compliance, is now hot off the press and ready for download.  Thanks to all the great people at Sun Microsystems that contributed to this project and made it a reality.  Hopefully, the paper will be beneficial to those who are facing the challenges of how to comply with the increasing regulations surrounding management of healthcare data and information systems.

The paper’s abstract reads:

As healthcare organizations and vendors become more reliant on digital information technology, complying with increasing regulatory requirements presents a range of challenges. This paper explores the requirements that these organizations face, best practices for implementing identity management systems that help ensure compliance, and how Sun’s pragmatic approach to identity management simplifies the technology environment.

The table of contents:

  1. Executive Summary
  2. Healthcare Information Technology Challenges
  3. Health Insurance Portability and Accountability Act (HIPAA)
  4. Health Information Technology for Economic and Clinical Health Act (HITECH)
  5. Impact of HIPAA, HITECH and Related Regulations
  6. The Role of IAM in HIPAA/HITECH Compliance
  7. Sun IAM Product Introduction
  8. Best Practices for the IAM/Compliance Journey
  9. How to Get Started with HIPAA/HITECH and IAM
  10. The Sun IAM Workshop
  11. References

Please let me know if you have any questions or would like to discuss the content in more detail.

Tuesday Apr 07, 2009

Sun Microsystems - Powering the National Health Information Network reported yesterday that "Sun Microsystems is partnering with the US Federal Government to create a secure technology platform to connect federal health agencies and private institutions to the National Health Information network:"
"Sun open-source software, including GlassFish and Java technologies, will be the backbone of a national network designed to offer a secure technology platform so public and private health agencies can exchange electronic medical records and other information over the Internet."
The US Department of Health and Human Services (HHS) annnounced:
"The Federal Health Architecture is making software available as a first step to help public and private health information technology systems communicate to the Nationwide Health Information Network (NHIN), a federal initiative to facilitate the electronic exchange of health information.  The Federal Health Architecture, an E-Gov initiative led by the Office of the National Coordinator for Health Information Technology (ONC), is making this free software, called CONNECT, and supporting documentation available at"
Having health records on line holds the promise of higher quality, less expensive health care for consumers because critical information is more accessible more timely and more accurate than with traditional paper-based methods. As both a consumer of healthcare and as a taxpayer, it is good to see this important initiative moving forward. It's also great to see Sun at the forefront of providing key technology to make it happen.

Technorati Tags: , , ,


Discovering Identity was founded on in May 2005 as a means of documenting my exploration of the field of Identity and Access Management. In February, 2010, I switched to hosting the blog at In March 2012, I began posting Oracle-related information in both places.

Thanks for stopping by.

Please connect with me in cyberspace at LinkedIn or Twitter.

The views expressed on this blog are my own and do not necessarily reflect the views of my employer, Oracle Corporation, or any other person or organization.


« February 2017