Thursday, July 23, 2009

Designed this for GHN - Good Health Network, Inc.

Good Health Network (GHN) and the GHN Security Service is a socially responsible healthcare technology company focusing on patient/consumer privacy and confidentially by protecting their electronic personal health data. GHN provides both an identity management service and a Personal Health Record (PHR) program.

GHN is a Credentials Service Provider (CSP) that empowers individuals with their digital identity by allowing one to electronically document their confidential information and to securely share data such as protected health information or financial records with others via the Internet.

GHN is a CA or Certification Authority with a specific focus on healthcare. A CA is defined as a trusted entity that issues and/or revokes any public key certificate which is a digital file issued and digitally signed by the private key of a certification authority that binds the user name to a public key. The user is identified in the certificate as the one who has sole control and access to the private key.

As noted above GHN verifies an individual’s identity through an electronic authentication process known as e-Authentication. This process establishes a confidence level in a user’s identity when used over the internet. The e-Authentication process presents a variety of technical challenges in verifying one’s identity over a network. In order to establish a strong ID management process GHN embraces and follows the Electronic Authentication Guideline for federal agencies, NIST Special Publication 800-63 Version 1.0.2 . This guideline, published by NIST, establishes four assurance levels with Level 1 being the lowest and Level 4 being the highest

GHN functions as a CSP and is considered a trusted entity that issues electronic credentials and/or tokens to subscribers. Individuals who elect to enroll in the service undergo an identity proofing process in which their identity is first validated and then bound to an authentication certificate. The certificate is embodied into a token that the user either has (token) or controls with secret information such as a password which when used authenticates their identity.

Privacy - protecting the personal information from unauthorized use or intrusion.

Security - specifically addresses procedures and functions of how PHI is managed, shared, protected and stored in an electronic environment.

Confidentiality - a process by which personal information is kept private. In doing so, controlled access to protected health information is not available or disclosed to unauthorized persons. The information stored on a system is protected against unintended or unauthorized access.

Authentication - the process of determining whether someone or something is, in fact, who or what it is declared to be. Most systems have a unique verification process using biometrics and multi-factor credentials for validating an individual’s digital identity. e-Authentication is the same process over the Internet.

Identity proofing - a process used by a registration authority to validate sufficient information to uniquely identify a person ((FIPS 201and Real ID).

No comments: