Operations Management - Nature & Scope of Operations & Operations Strategy, 2010, SIMSR
Collaborationthroughtrust… · Special Operations Commander, US Army Matthew Thompson President...
Transcript of Collaborationthroughtrust… · Special Operations Commander, US Army Matthew Thompson President...
![Page 1: Collaborationthroughtrust… · Special Operations Commander, US Army Matthew Thompson President _____ Chief Security Officer, Covisint Director of Operations for General Motors TradeXchange](https://reader035.fdocuments.us/reader035/viewer/2022081523/5fcb1f651c39ba428a51eff9/html5/thumbnails/1.jpg)
Collaboration through trust…
![Page 2: Collaborationthroughtrust… · Special Operations Commander, US Army Matthew Thompson President _____ Chief Security Officer, Covisint Director of Operations for General Motors TradeXchange](https://reader035.fdocuments.us/reader035/viewer/2022081523/5fcb1f651c39ba428a51eff9/html5/thumbnails/2.jpg)
2
What is NSTIC?
HealthIDx, Inc. Confidential & Proprietary Information
Called for in President’s Cyberspace Policy Review (May 2009): a “cybersecurity focused identity management vision and strategy…that addresses privacy and civil-‐liberties interests, leveraging privacy-‐enhancing technologies for the nation.”Guiding Principles
NSTIC calls for an Identity Ecosystem, “an online environment where individuals and organizations will be able to trust each other because they follow agreed upon standards to obtain and authenticate their digital identities.”
![Page 3: Collaborationthroughtrust… · Special Operations Commander, US Army Matthew Thompson President _____ Chief Security Officer, Covisint Director of Operations for General Motors TradeXchange](https://reader035.fdocuments.us/reader035/viewer/2022081523/5fcb1f651c39ba428a51eff9/html5/thumbnails/3.jpg)
3
Key Implementation Steps
HealthIDx, Inc. Confidential & Proprietary Information
•August 2012: Launched privately-‐led Identity Ecosystem Steering Group (IDESG). Funded by NIST grant, IDESG tasked with crafting standards and policies for the Identity Ecosystem Framework http://www.idecosystem.org/
•October 2013: IDESG incorporates as 501(c)3, prepares to raise private funds•July 2014: NIST awards IDESG Inc. follow-‐on grant
Convene the Private Sector
•Four rounds of pilot grants since 2012•12 pilots now active
Fund Innovative Pilots to Advance the Ecosystem
•White House effort to create a Federal Cloud Credential Exchange (FCCX)•Last year: USPS awards FCCX contract; Now: rethink how USG buys identity services
•Next month: FCCX goes live! FedRAMP certified. Rename as Connect.gov
Government as an early adopter to stimulate demand
![Page 4: Collaborationthroughtrust… · Special Operations Commander, US Army Matthew Thompson President _____ Chief Security Officer, Covisint Director of Operations for General Motors TradeXchange](https://reader035.fdocuments.us/reader035/viewer/2022081523/5fcb1f651c39ba428a51eff9/html5/thumbnails/4.jpg)
4
Executive Order 13681
HealthIDx, Inc. Confidential & Proprietary Information
Sec. 3. Securing Federal Transactions Online. To help ensure that sensitive data are shared only with the appropriate person or people, within 90 days of the date of this order, the National Security Council staff, the Office of Science and Technology Policy, and OMB shall present to the President a plan, consistent with the guidance set forth in the 2011 National Strategy for Trusted Identities in Cyberspace, to ensure that all agencies making personal data accessible to citizens through digital applications require the use of multiple factors of authentication and an effective identity proofing process, as appropriate.
Within 18 months of the date of this order, relevant agencies shall complete any required implementation steps set forth in the plan prepared pursuant to this section.
-‐10/17/2014
![Page 5: Collaborationthroughtrust… · Special Operations Commander, US Army Matthew Thompson President _____ Chief Security Officer, Covisint Director of Operations for General Motors TradeXchange](https://reader035.fdocuments.us/reader035/viewer/2022081523/5fcb1f651c39ba428a51eff9/html5/thumbnails/5.jpg)
5
Things we’ve learned
HealthIDx, Inc. Confidential & Proprietary Information
1. “Ain’t no party like a relying party” – Business models must be compelling, or nobody will bother to accept an external credential
2. “Remote” identity proofing has its limitations; in-person options are needed to cover the full population
3. Interoperability is not just a technical issue – the policies and business rules are vital too
4. User Experience must be outstanding – make it simple for the consumer and you win!
![Page 6: Collaborationthroughtrust… · Special Operations Commander, US Army Matthew Thompson President _____ Chief Security Officer, Covisint Director of Operations for General Motors TradeXchange](https://reader035.fdocuments.us/reader035/viewer/2022081523/5fcb1f651c39ba428a51eff9/html5/thumbnails/6.jpg)
6
NSTIC Pilot Overview
HealthIDx, Inc. Confidential & Proprietary Information
• Public-‐private partnership forming an ecosystem comprised of Relying Parties, Identity Providers, Identity Proofers, Attribute Verifiers, Attribute Providers, Credential Service Providers and other Participants
• Governing Board members representing:
“This work was performed under the following financial assistance award 70NANB12D297 from U.S. Department of Commerce, National Institute of Standards and Technology. The views expressed do not necessarily reflect the official policies of the NIST or NSTIC; nor does mention by trade names, commercial practices, or organizations
imply endorsements by the U.S. Government.”
![Page 7: Collaborationthroughtrust… · Special Operations Commander, US Army Matthew Thompson President _____ Chief Security Officer, Covisint Director of Operations for General Motors TradeXchange](https://reader035.fdocuments.us/reader035/viewer/2022081523/5fcb1f651c39ba428a51eff9/html5/thumbnails/7.jpg)
Who is HealthIDx
• HealthIDx provides outsourced high-‐assurance Identity and Access Management services (IDAM) to the healthcare industry.
• In doing this, HealthIDx aggregates the technology, data, policies, procedures, certifications, and support necessary to create, provision, maintain, and monitor trusted identity credentials for the healthcare identity eco-‐system.
HealthIDx Proprietary & Confidential 7
![Page 8: Collaborationthroughtrust… · Special Operations Commander, US Army Matthew Thompson President _____ Chief Security Officer, Covisint Director of Operations for General Motors TradeXchange](https://reader035.fdocuments.us/reader035/viewer/2022081523/5fcb1f651c39ba428a51eff9/html5/thumbnails/8.jpg)
HealthIDx Key PersonnelRavi GanesanProject Architect, Technical Lead, and SME_______________________________________ Founder, Maya.NinjaFounder and CEO, SafeMashupsFounder and CEO, TriCipher
President, HealthIDx, Inc.Founder and COO, ID.meSpecial Operations Commander, US Army
Matthew ThompsonPresident______________________________________
Chief Security Officer, CovisintDirector of Operations for General Motors TradeXchangeChief Architect, Secureway (a division of IBM)
David MillerProject Architect, Technical Lead, and SME_______________________________________
Trell RohovitProject Architect, Technical Lead, and SME_______________________________________Founder and CEO, HydrantIDPresident and CEO, Venafi, Inc.Information Risk Management SME, KPMG
Chief Architect, HealthIDx, Inc.Program Manager and Architect, ID.meProgram Manager for e-Identity, Virginia DMV
Michael FarnsworthCustomer and Technical Solutions_______________________________________
Scott KernProject Architect, Technical Lead, and SME_______________________________________VP of Customer and Tech Solutions, HydrantIDLead Identity Architect, Verizon BusinessChief Software Systems Engineer, SAIC
CEO, HealthIDx, Inc.GM of Public Sector & Healthcare, SecureKeyFounder and CEO, Digital Signature Trust
Scott LowryCEO______________________________________
HealthIDx, Inc. Confidential & Proprietary Information8
![Page 9: Collaborationthroughtrust… · Special Operations Commander, US Army Matthew Thompson President _____ Chief Security Officer, Covisint Director of Operations for General Motors TradeXchange](https://reader035.fdocuments.us/reader035/viewer/2022081523/5fcb1f651c39ba428a51eff9/html5/thumbnails/9.jpg)
Why do we care about all this identity stuff?
HealthIDx Proprietary & Confidential 9
![Page 10: Collaborationthroughtrust… · Special Operations Commander, US Army Matthew Thompson President _____ Chief Security Officer, Covisint Director of Operations for General Motors TradeXchange](https://reader035.fdocuments.us/reader035/viewer/2022081523/5fcb1f651c39ba428a51eff9/html5/thumbnails/10.jpg)
HealthIDx Proprietary & Confidential 10
![Page 11: Collaborationthroughtrust… · Special Operations Commander, US Army Matthew Thompson President _____ Chief Security Officer, Covisint Director of Operations for General Motors TradeXchange](https://reader035.fdocuments.us/reader035/viewer/2022081523/5fcb1f651c39ba428a51eff9/html5/thumbnails/11.jpg)
Because, nobody knows you’re a dog…YOU cannot assert your identity on the internet and be trusted!
HealthIDx Proprietary & Confidential 11
![Page 12: Collaborationthroughtrust… · Special Operations Commander, US Army Matthew Thompson President _____ Chief Security Officer, Covisint Director of Operations for General Motors TradeXchange](https://reader035.fdocuments.us/reader035/viewer/2022081523/5fcb1f651c39ba428a51eff9/html5/thumbnails/12.jpg)
And, because you can’t, we’ve invented Credential Service Providers (aka CSPs) to do it for you…
HealthIDx Proprietary & Confidential 12
![Page 13: Collaborationthroughtrust… · Special Operations Commander, US Army Matthew Thompson President _____ Chief Security Officer, Covisint Director of Operations for General Motors TradeXchange](https://reader035.fdocuments.us/reader035/viewer/2022081523/5fcb1f651c39ba428a51eff9/html5/thumbnails/13.jpg)
Trusted Identity Credentials: How does a CSP get there from here?• Two challenges:
1) CSP must first satisfy themselves that you are whom you purport to be, and
2) Once satisfied with your identity, how they (CSP) will communicate their identity assertion about you to other
HealthIDx Proprietary & Confidential 13
![Page 14: Collaborationthroughtrust… · Special Operations Commander, US Army Matthew Thompson President _____ Chief Security Officer, Covisint Director of Operations for General Motors TradeXchange](https://reader035.fdocuments.us/reader035/viewer/2022081523/5fcb1f651c39ba428a51eff9/html5/thumbnails/14.jpg)
Getting there – Proofing Your Identity
HealthIDx Proprietary & Confidential 14
Cross generational DNA testing
DMV/Gov records
Credit bureaus
Family and friends
Stranger in a bar
Guess
![Page 15: Collaborationthroughtrust… · Special Operations Commander, US Army Matthew Thompson President _____ Chief Security Officer, Covisint Director of Operations for General Motors TradeXchange](https://reader035.fdocuments.us/reader035/viewer/2022081523/5fcb1f651c39ba428a51eff9/html5/thumbnails/15.jpg)
Getting there – Communicating Your Identity to Others
HealthIDx Proprietary & Confidential 15
Whisper – Letter – UN/PW-‐MFA -‐ Imbedded Chip
![Page 16: Collaborationthroughtrust… · Special Operations Commander, US Army Matthew Thompson President _____ Chief Security Officer, Covisint Director of Operations for General Motors TradeXchange](https://reader035.fdocuments.us/reader035/viewer/2022081523/5fcb1f651c39ba428a51eff9/html5/thumbnails/16.jpg)
Finding the Sweet Spot
HealthIDx Proprietary & Confidential 16
Cross generational DNA testing
DMV/Gov records
Credit bureaus
Family and friends
Stranger in a bar
Guess Whisper – Letter – UN/PW-‐MFA -‐ Imbedded Chip
NIST LoA 3
Identity
Communication Package
![Page 17: Collaborationthroughtrust… · Special Operations Commander, US Army Matthew Thompson President _____ Chief Security Officer, Covisint Director of Operations for General Motors TradeXchange](https://reader035.fdocuments.us/reader035/viewer/2022081523/5fcb1f651c39ba428a51eff9/html5/thumbnails/17.jpg)
HealthIdx -‐ What we do…
HealthIDx Proprietary & Confidential 17
![Page 18: Collaborationthroughtrust… · Special Operations Commander, US Army Matthew Thompson President _____ Chief Security Officer, Covisint Director of Operations for General Motors TradeXchange](https://reader035.fdocuments.us/reader035/viewer/2022081523/5fcb1f651c39ba428a51eff9/html5/thumbnails/18.jpg)
We do for identity what VISA does for payments…
HealthIDx, a trusted identity credential, enabling spontaneous stranger to stranger communications
across the internet
HealthIDx Proprietary & Confidential 18
![Page 19: Collaborationthroughtrust… · Special Operations Commander, US Army Matthew Thompson President _____ Chief Security Officer, Covisint Director of Operations for General Motors TradeXchange](https://reader035.fdocuments.us/reader035/viewer/2022081523/5fcb1f651c39ba428a51eff9/html5/thumbnails/19.jpg)
Why HealthIDx:The Credit Card Analogy -‐ Part I
• In the beginning all banks issued BoA creditcards…but, nothing is forever
• Enter the Last Bank of Boise, ID• Unfortunately, their card holder’s card declined on first attempt to use card.
HealthIDx Proprietary & Confidential 19
![Page 20: Collaborationthroughtrust… · Special Operations Commander, US Army Matthew Thompson President _____ Chief Security Officer, Covisint Director of Operations for General Motors TradeXchange](https://reader035.fdocuments.us/reader035/viewer/2022081523/5fcb1f651c39ba428a51eff9/html5/thumbnails/20.jpg)
What had to happen before Last Bank’s card to be accepted?
• It had to have VISA on the front – why?• VISA stands for: – Tech standard & – Contract infrastructure between bank, merchant, & card holder
HealthIDx Proprietary & Confidential 20
![Page 21: Collaborationthroughtrust… · Special Operations Commander, US Army Matthew Thompson President _____ Chief Security Officer, Covisint Director of Operations for General Motors TradeXchange](https://reader035.fdocuments.us/reader035/viewer/2022081523/5fcb1f651c39ba428a51eff9/html5/thumbnails/21.jpg)
Why HealthIDx:The Credit Card Analogy -‐ Part II
• And so too will it be in healthcare…• On its own, The Last Group Practice of New Milford, CT will not be able to issue trusted (portable) identities to its providers or patients.
• With the “HealthIDx” Trust Mark and TrustFramework, organizations can issue portable trusted identities credentials and thus enabling “Stranger 2 Stranger” communication
HealthIDx Proprietary & Confidential 21
![Page 22: Collaborationthroughtrust… · Special Operations Commander, US Army Matthew Thompson President _____ Chief Security Officer, Covisint Director of Operations for General Motors TradeXchange](https://reader035.fdocuments.us/reader035/viewer/2022081523/5fcb1f651c39ba428a51eff9/html5/thumbnails/22.jpg)
Why its important…
HealthIDx Proprietary & Confidential 22
![Page 23: Collaborationthroughtrust… · Special Operations Commander, US Army Matthew Thompson President _____ Chief Security Officer, Covisint Director of Operations for General Motors TradeXchange](https://reader035.fdocuments.us/reader035/viewer/2022081523/5fcb1f651c39ba428a51eff9/html5/thumbnails/23.jpg)
Healthcare is Going Though a Digital Revolution
• Healthcare is a team sport• High quality, patient centered care requires collaboration along the entire “continuum of care” and ancillary processes and services.
• This collaboration often occurs between strangers – i.e. spontaneous stranger to stranger communications
• Trusted identities & secure communication channels are the cornerstone of collaboration between strangers.
HealthIDx Proprietary & Confidential 23
![Page 24: Collaborationthroughtrust… · Special Operations Commander, US Army Matthew Thompson President _____ Chief Security Officer, Covisint Director of Operations for General Motors TradeXchange](https://reader035.fdocuments.us/reader035/viewer/2022081523/5fcb1f651c39ba428a51eff9/html5/thumbnails/24.jpg)
HealthIDx Value Proposition
• HealthIDx provides outsourced high-‐assurance Identity and Access Management services (IDAM) to the healthcare industry.
• In doing this, HealthIDx aggregates the technology, data, policies, procedures, certifications, and support necessary to create, provision, maintain, and monitor trusted identity credentials for the healthcare identity eco-‐system.
HealthIDx Proprietary & Confidential 24
![Page 25: Collaborationthroughtrust… · Special Operations Commander, US Army Matthew Thompson President _____ Chief Security Officer, Covisint Director of Operations for General Motors TradeXchange](https://reader035.fdocuments.us/reader035/viewer/2022081523/5fcb1f651c39ba428a51eff9/html5/thumbnails/25.jpg)
How do we do it…
HealthIDx Proprietary & Confidential 25
![Page 26: Collaborationthroughtrust… · Special Operations Commander, US Army Matthew Thompson President _____ Chief Security Officer, Covisint Director of Operations for General Motors TradeXchange](https://reader035.fdocuments.us/reader035/viewer/2022081523/5fcb1f651c39ba428a51eff9/html5/thumbnails/26.jpg)
We connect PEOPLE to data, and things– Enable the enterprise to outsource and externalize core business processes– Faster, better, cheaper than the business can do– Where the current process is broken and where value can be added– To digitally transform an enterprise
Enable the enterprise to:– Reduce cost and risk– Improve speed to market– Minimize complexity– Achieve differentiation in a rapidly commoditized space
– Purpose-‐built platform with enterprise-‐grade SLA– Based on strong security and identity management– Open standards and designed for existing enterprise tools
26HealthIDx, Inc. Confidential & Proprietary Information
HealthIDx Platform
![Page 27: Collaborationthroughtrust… · Special Operations Commander, US Army Matthew Thompson President _____ Chief Security Officer, Covisint Director of Operations for General Motors TradeXchange](https://reader035.fdocuments.us/reader035/viewer/2022081523/5fcb1f651c39ba428a51eff9/html5/thumbnails/27.jpg)
HealthIDx Credentials: The Trusted Identity Solution
• “Logon with HealthIDx” means:– FICAM (Federal Identity, Credential, and Access Management) standard & certification 1
– NIST Level of Assurance (LoA) 3 credentials 2
– EPCS Certification– HIMSS Patient Authentication Guidelines3
1. www.idmanagement.gov (SAML 2.0)2. http://www.nist.gov/itl/csd/ct/eauthentication.cfm-‐ 22k-‐ 2015-‐04-‐153. See: HIMMS Identity Management Task Force 2015
HealthIDx Proprietary & Confidential 27
![Page 28: Collaborationthroughtrust… · Special Operations Commander, US Army Matthew Thompson President _____ Chief Security Officer, Covisint Director of Operations for General Motors TradeXchange](https://reader035.fdocuments.us/reader035/viewer/2022081523/5fcb1f651c39ba428a51eff9/html5/thumbnails/28.jpg)
28
Cloud Services
Social Networks
Data Center
InformationFrom Anywhere
“Things”
Smartphone
PC Browser
Tablet
Vehicle
Business Partners
Suppliers
Customers
Employees
On Any Device
To AnyUser
Aggregated and Presented
HealthIDx Cloud Platform
Developer Tools
User Experience
Identity Services Data Exchange Services
28HealthIDx, Inc. Confidential & Proprietary Information
HealthIDx enables the extended enterprise
![Page 29: Collaborationthroughtrust… · Special Operations Commander, US Army Matthew Thompson President _____ Chief Security Officer, Covisint Director of Operations for General Motors TradeXchange](https://reader035.fdocuments.us/reader035/viewer/2022081523/5fcb1f651c39ba428a51eff9/html5/thumbnails/29.jpg)
User Experience
Platform
Identity Broker
Cloud GatewayService
Integration Broker
AuthenticationServices
Provisioning Services
Custom API Frameworks and Data Mashups
Data Exchanges
Application Frameworks IoT Solutions
Web and Native Mobile
Applications
+
AdditionalExternal HostedCustom Solutions
Cloud Service Bus
Identity and Access Control Platform
Identity Services Data Exchange Services
29HealthIDx, Inc. Confidential & Proprietary Information
The HealthIDx Platform
![Page 30: Collaborationthroughtrust… · Special Operations Commander, US Army Matthew Thompson President _____ Chief Security Officer, Covisint Director of Operations for General Motors TradeXchange](https://reader035.fdocuments.us/reader035/viewer/2022081523/5fcb1f651c39ba428a51eff9/html5/thumbnails/30.jpg)
How people use it…
HealthIDx Proprietary & Confidential 30
![Page 31: Collaborationthroughtrust… · Special Operations Commander, US Army Matthew Thompson President _____ Chief Security Officer, Covisint Director of Operations for General Motors TradeXchange](https://reader035.fdocuments.us/reader035/viewer/2022081523/5fcb1f651c39ba428a51eff9/html5/thumbnails/31.jpg)
Provider Use Cases
HealthIDx Proprietary & Confidential 31
HealthIDx
PDMP
EPCS/esMG
EHR/PHR/HIE
EnterpriseNetwork
DIRECT/Secure Messaging
Collaborative Web Services
Clinical Research
Subscription Services
![Page 32: Collaborationthroughtrust… · Special Operations Commander, US Army Matthew Thompson President _____ Chief Security Officer, Covisint Director of Operations for General Motors TradeXchange](https://reader035.fdocuments.us/reader035/viewer/2022081523/5fcb1f651c39ba428a51eff9/html5/thumbnails/32.jpg)
Patient Use Cases
HealthIDx Proprietary & Confidential 32
HealthIDx
Consent / Authorization
PHR
CLIA Test Tesults
eClaims Inquiries
Personal Health Cloud
Telemedicine
Home Health / Alerting
Internet of Things
![Page 33: Collaborationthroughtrust… · Special Operations Commander, US Army Matthew Thompson President _____ Chief Security Officer, Covisint Director of Operations for General Motors TradeXchange](https://reader035.fdocuments.us/reader035/viewer/2022081523/5fcb1f651c39ba428a51eff9/html5/thumbnails/33.jpg)
By the time its obvious, it will be too late…
HealthIDx Proprietary & Confidential 33
![Page 34: Collaborationthroughtrust… · Special Operations Commander, US Army Matthew Thompson President _____ Chief Security Officer, Covisint Director of Operations for General Motors TradeXchange](https://reader035.fdocuments.us/reader035/viewer/2022081523/5fcb1f651c39ba428a51eff9/html5/thumbnails/34.jpg)
For More Information
J. Scott [email protected]
Matt [email protected]
Michael [email protected]
HealthIDx Proprietary & Confidential 34