NSTIC Pilot for Patient-centered Coordination of Care delivers Health Information Exchange and Privacy via the Trust Network Ecosystem

SAN FRANCISCO, April 1, 2014 /PRNewswire-iReach/ — Resilient Network Systems and its Trust Network ecosystem partners are proud to announce successes from their Patient-centered Coordination of Care (PCC) pilot, funded through the U.S. Department of Commerce as part of the National Strategy for Trusted Identities in Cyberspace (NSTIC). (Source Link)

As health information exchanges (HIE) have moved online, healthcare organizations require new technologies to exchange patient’s electronic health records while complying with HIPAA. Among the new challenges are requirements to authenticate and confirm authorization for recipients of patients’ information, while keeping costs and technical barriers low, and also preserving the privacy of all parties’ personally identifiable information. Combining requirements from both HIPAA and NSTIC requires new identity ecosystems bringing together existing sources of identity attributes for healthcare providers, their staff, and the patients they are treating.

“The PCC pilot program has achieved its goals to implement an identity ecosystem encompassing patients, physicians and staff in multiple states that facilitates coordinated care,” said Richard Spires, CEO of Resilient Network Systems, “by providing them with secure, HIPAA-compliant access to electronic referral and transfer of care messaging, through Trust Network-enabled services for encryption and multi-factor, on-demand authentication and authorization.” The new HIE solutions enabled by this identity ecosystem can reduce barriers to adoption from legal compliance, technical integration, and change management costs for healthcare providers who need to communicate beyond the boundaries of their organization, state, and health information technology platforms. A video demonstration of the pilot can be viewed at www.resilient-networks.com/nstic/ereferraldemo.html.

One of two HIE organizations participating in the PCC pilot is Gorge Health Connect, which coordinates health information technology connections among healthcare provider organizations in Oregon’s Mid-Columbia Gorge region. “Many provider organizations are striving to meet upcoming requirements to use Direct messaging technology, yet are delayed by their EHR vendors’ 2014 version certifications or by requirements to have HISPs [Health Information Service Providers] coordinate their Direct message encryption certificates,” said Lori Nelson, President of Gorge Health Connect. “With the messaging services from PCC, our providers can use their existing Direct software to reach any other provider in Oregon or California, regardless of what EHR they’re using. And, they can trust that the recipient of their message, often a member of the other provider’s staff, will be authorized to receive it, so the patient’s privacy is being protected.” Gorge Health Connect also supports care coordination with provider organizations throughout Oregon and across their border with Washington. They can see greater and greater value as this technology enables expansion of electronic messaging among providers and other care coordination participants, including labs, decision support services, etc.

The other HIE participating in PCC is San Diego Health Connect. Secure messages were exchanged between providers in the Gorge region and in San Diego during the pilot, demonstrating cross-state HIE. This scale of solution was possible through the Trust Network’s ability to tap into existing, national-scale identity datasets, including the American Medical Association’s Physician Verification Service and LexisNexis’ Instant Authenticate service for knowledge-based authentication. Both were able to receive discrete attributes about recipient providers via the Trust Network, and to perform their services without developing new accounts, passwords or duplicate entries from those attributes.

Authentify, Inc. has also connected their telephone enabled Out-of-Band Authentication service to the Trust Network. During PCC, they provided this multi-factor capability to authenticate providers without creating accounts or passwords. Peter Tapling, President and CEO of Authentify said, “The typical credential in cyberspace is usually just a username and password. Today, we need more than a password to bridge the gap between the real world and cyberspace when activating a credential or granting online access, especially for patients’ healthcare information.” Authentify is a leader among the authentication services available via the Trust Network platform, and is also contributing services to two other NSTIC pilots.

Another critical aspect of PCC’s success was the development of a Trust Framework for HIPAA-compliant HIE that supports cross-state exchange, and which can expand into additional use cases, through its alignment with the Trust Network’s ecosystem. This was developed through a collaborative working group of PCC pilot participants and independent HIE and HIPAA experts, coordinated by the National eHealth Collaborative. Further, the pilot explored certification of these new capabilities to multiple Levels of Assurance, by mapping the Trust Network and ecosystem of services model for dynamic trust to the Kantara Initiatives’ Identity Assurance Framework.

Participants in the PCC pilot continue using solutions developed in PCC, and are exploring commercial terms for expanding their use. The ecosystem of services available via the Trust Network grew thanks to the NSTIC pilot, and they can be efficiently re-used to enable new solutions in healthcare, education, government, and other sectors. Resilient Network Systems and its partners will continue discussing these opportunities during the Identity Ecosystem Steering Group (IDESG) 8th Plenary Session, being held in Mountain View, CA on April 1-3, 2014.

About RNS

Resilient Network Systems provides the Trust Network platform to bring trust to the cloud and the Internet of Things. Trust Networks virtualize real-world relationships and conditions of trust by resolving identities in the network and enforcing each party’s rules in transit. This enables disparate organizations and users to share sensitive information and applications while maintaining control. www.resilient-networks.com.

About Gorge Health Connect

Gorge Health Connect (GHC) is a membership based organization and a 501(c)3 non-profit corporation in the State of Oregon, serving as a health information exchange (HIE) that connects hospitals, federally-qualified health clinics, primary care providers (PCPs), specialists, public health and others. GHC focuses on routing referrals, summary care records and results between PCPs and specialists; transmitting PCP referrals and summary care records to hospitals; and sending discharge information from hospitals back to referring PCPs. www.gorgehealthconnect.org.

About Authentify

Authentify, Inc. is the leading innovator of global phone-based, out-of-band authentication services and is ranked as a visionary in the Gartner Research, Magic Quadrant for end user authentication. Authentify markets primarily to corporate security, e-commerce, e-payment and financial services firms that need to protect accounts from compromise or other exploits against digital assets. www.authentify.com.

News distributed by PR Newswire iReach: https://ireach.prnewswire.com

SOURCE Resilient Network Systems