Transforming Health Care With Trusted Access
Online access to health information has the potential to transform the healthcare system. Physicians and other clinicians can have access to the right information at the right place at the right time and provide better care to their patients. Patients and their caregivers can have access to their own information in near real time and communicate electronically with their doctors. First responders can provide more appropriate treatment to victims of accidents or disasters. Researchers can create better treatments, procedures and devices, and can determine what works and for whom. Public health officials can better track and work on improving population health.

However, none of this can happen without trust in the security and integrity of the systems and networks that house and move electronic health information. Trusted access—providing information only to people who have a legitimate right to have it and appropriate credentials to perform transactions with it—is essential to fulfilling the promise of health information technology. The Anakam Identity Suite® was created by a team that includes physicians, technologists, those who have worked on creating policy and those who have implemented policy in all parts of the healthcare system. Their experience and commitment to improving health care are built into the Anakam solution. There are legal and ethical mandates to protect health information. Law, regulation and policy requirements lead to strong authentication as an essential part of safeguarding highly sensitive and personal information related to health. The Anakam Identity Suite® was designed specifically to empower healthcare organization to provide better services at lower cost through the online channel while meeting key security and privacy mandates.

Why should a healthcare institution be concerned with strong authentication for trusted access to their healthcare systems?

HIPAA and ARRA
The Health Insurance Portability and Accountability Act (HIPAA) Security Rule requires a risk-based security assessment and the implementation of appropriate authentication for access to electronic Protected Health Information (ePHI). The American Recovery and Reinvestment Act (ARRA) extends the applicability of the HIPAA Security Rule directly to business associates, and brings in the Federal Trade Commission into the health regulatory landscape for the first time to regulate the privacy and security of Personal Health Record (PHR) systems.

The Centers for Medicare and Medicaid Services (CMS), which is responsible for enforcing the HIPAA Security Rule, recommends two-factor authentication as the Authentication Technical Standard for remote access to ePHI.

Health Information Exchange Standards
Federal, state and regional efforts are under way to develop privacy and security standards that can serve as a basis of trust models for information exchange. Forward looking states that are investing in healthcare information technology (HIT) are moving toward strong two-factor authentication as a basis of access to RHIO and HIE information and systems.

Health Information Technology Certification Standards
The Commission on Certification of Health Information Technology (CCHIT) is a Recognized Certification Body designated by the Department of Health and Human Services. CCHIT accredits Electronic Health Record (EHR) systems and health information exchange (HIE) technologies.

CCHIT roadmap requires certified EHR systems to support two-factor authentication for e-Prescribing in 2010 and requires certified HIEs to support two-factor authentication in 2011.

State Data Breach Notification Requirements
Over 40 states, the District of Columbia, and Puerto Rico have enacted laws requiring consumer notification about data breaches. ARRA makes breach notification mandatory for those who handle PHI.

Office of Management and Budget Requirements for Federal Systems
The Office of Management and Budget (OMB) has issued Memorandum M-07-16, which requires two-factor authentication for remote access to federal systems that contain personal information.

European Union Data Protection Requirements
The European Union Data Protection Directive includes health information in the category of “sensitive information.” The Article 29 Working Party issued a Working Paper on electronic health records systems, in which it call out strong authentication as the only acceptable basis for access to such systems.

Anakam has created a revolutionary platform for strong authentication in healthcare. The Anakam Identity Suite® strengthens each part of the identity management process.

• Anakam.IDP® online identity proofing and Anakam.IDV® identity verification are deployed during registration to ascertain true identity before issuing access credentials and to periodically verify that the identity has not been tampered with. This provides assurance that individuals are who they claim to be before they are issued credentials that give them to access healthcare portals, systems and networks.

• Anakam.CGW™ credentialing gateway can be used to verify individual credentials and to determine what information and transaction rights should be granted on the basis of these credentials. Credentials can be verified periodically to ensure that they remain valid. For example, credential verification can provide assurance that a physician has a valid license to practice medicine.

• Anakam.TFA® two-factor authentication provides strong authentication using devices that most people have and use, like a cell phone. Two-factor authentication transactions can be triggered by the enterprise on the basis of its risk determination—for each session, for logins from particular locations, for particular types of transactions. Two-factor authentication assures that only legitimate holders of access credentials are viewing health information, performing transactions in electronic health records systems, or issuing electronic prescriptions.

• Anakam.VPC™ uses Anakam.TFA® interoperability to provide strong authentication for virtual private networks. This provides a greater level of security for remote access to health information systems and networks.

* Anakam.SCE™ secure collaboration environment permits implementation of fine-grained access control policies that permit information discovery and collaboration while providing only information for which each participant has authorization. This allows health care organizations to ensure that physicians, nurses, and administrators have information they need to do their work while protecting information related to the most sensitive health conditions and procedures. The Anakam team is working in partnership with others in the healthcare industry, in government and in standards organizations to fully realize the potential of health information technology.