The future of your identity
-
Upload
thomas-petry -
Category
Technology
-
view
39 -
download
0
Transcript of The future of your identity
05/02/23 Thomas J. Petry - AITP NoVa 1
The Future of Your Identity
Thomas (Pete) PetryAITP NOVA
Thursday, May 10th, 2006Ft. Myers Officer’s [email protected]: 202-367-5971
05/02/23 Thomas J. Petry - AITP NoVa 2
The Future of your Identity
A
Healthcare
Informatics
Perspective
05/02/23 Thomas J. Petry - AITP NoVa 3
Overview
The Human Thirst for Knowledge Informatics
– Healthcare Informatics (HCI) and Personal Informatics (PI)– How HCI and other related fields impact PI– Key HCI Stakeholders
Healthcare– Administrative Law– HIPAA– US Healthcare Market
Point of no return– Technological and Regulatory Trends– Convergence and Vortex of the Future– The Future of your Identity
05/02/23 Thomas J. Petry - AITP NoVa 4
Proverbs Chapter 25 Verse 2
“It is the glory of God to hide a thing ...”
“… but it is the glory of Kings to seek out a matter …”
05/02/23 Thomas J. Petry - AITP NoVa 5
Humans Like Information
We Seek it … We Collect it … We Classify it … We Manipulate it … We Store it .. We Retrieve it … and We Disseminate it …
05/02/23 Thomas J. Petry - AITP NoVa 6
The Thirst of Knowledge
“Knowledge is Power”– Sir Francis Bacon– Sir Isaac Newton– Sir Winston Churchill
“Knowledge is Power; Information liberating; Education the premise of progress in every society and in every family”– Kofi Atta Annan, Seventh Secretary-General of the United
Nations (1997-2007) co-recipient of the Nobel Peace Prize in 2001
05/02/23 Thomas J. Petry - AITP NoVa 7
Overview
The Human Thirst for Knowledge Informatics
– Healthcare Informatics (HCI) and Personal Informatics (PI)– How HCI and other related fields impact PI– Key HCI Stakeholders
Healthcare– Administrative Law– HIPAA– US Healthcare Market
Point of no return– Technological and Regulatory Trends– Convergence and Vortex of the Future– The Future of your Identity
05/02/23 Thomas J. Petry - AITP NoVa 8
What is Informatics?
Short Answer:– The Science of Information
05/02/23 Thomas J. Petry - AITP NoVa 9
What is Informatics?
Short Answer:– The Science of Information
More Definitive:– The coupling of IT with applied information
sciences in a given field– A bridge that connects people, information
and technology to a given field of study
05/02/23 Thomas J. Petry - AITP NoVa 10
People
Information Technology
Informatics
05/02/23 Thomas J. Petry - AITP NoVa 11
History of Informatics
Coined in the 1960’s by the French Came from Applied Information Science Popularized by the Soviets (Informatika) US continued to use Information Science During late 70’s several fields of IT flirted with
the term Medical/Healthcare Informatics caught hold
05/02/23 Thomas J. Petry - AITP NoVa 12
Need for Informatics
– Vast amounts of data are being generated in virtually all fields of science and is increasing exponentially …
– Rapid advances in computer hardware and software allows us to capture more and more data …
– Rapid proliferation of broadband networks and high speed data communication protocols …
– Trend is for information storage to continue become more and more pervasive …
Hence: The need to understand and warehouse this data and the emergence of Informatics particularly in Medicine, Biology and other related sciences …
05/02/23 Thomas J. Petry - AITP NoVa 13
Informatics Studies
The structure, behavior and interactions of natural and artificial systems that:
– store– process, and– communicate information
Healthcare Informatics (HCI) is the study of the cognitive, information processing, and communication tasks of human medical practice and the systems we employ use in the diagnosis, treatment, research, regulation, education, funding, payment, or reimbursement for services designed to provide desired healthcare outcomes …
05/02/23 Thomas J. Petry - AITP NoVa 14
Communication
Data Processes
Informatics/Technology
05/02/23 Thomas J. Petry - AITP NoVa 15
Merging of HCI Sub Disciplines
Medical Informatics is expanding into HCI– Bio Informatics (Biometrics)– Structural Informatics– Clinical and Clinical Research Informatics– Pathology Informatics– Imaging Informatics– Public Health Informatics– Pharmacy Informatics– Health Informatics Law
Shift from Medical to Total Healthcare Solutions Shift to recognize citizens as agents of their own care
05/02/23 Thomas J. Petry - AITP NoVa 16
Clinical
Imaging Consumer Health
Healthcare Informatics
05/02/23 Thomas J. Petry - AITP NoVa 17
Human Biological Informatics
Your own body can be thought of as a massive database storing data in basic storage units called DNA …
DNA contains the genetic instructions used in the development and functioning of your body
It provides long-term storage of information– genes, chromosomes, genomes …
Provides instructions to regulate the use of that information:– DNA Sequences/Bases …
05/02/23 Thomas J. Petry - AITP NoVa 18
Human Biological Informatics
Human bodies contain approximately 3 billion base pairs of DNA …
Arranged nicely into 46 chromosomes … In the same way that the body stores and
uses information … Informatics allows us to understand these complex processes and to apply these concepts to other related fields
05/02/23 Thomas J. Petry - AITP NoVa 19
Non-Medical Informatics
Chemical Informatics … Geographic Informatics … Mechanical Informatics … Economic Informatics … Identity Informatics … Social Informatics … Personal Informatics …
05/02/23 Thomas J. Petry - AITP NoVa 20
Personal Identity Informatics
Expanded far beyond your SSN PI now concerned with:
– Financial Services Identity (Credit and Portfolio)– Health Identity (Pre-Existing Conditions)– Criminal Identity (Background Checks)– Employment Histories– Education, Licensing, and Accreditation– Address Information– Vital Statistics and other public records– Business and Commercial Identity– Use of Biometrics– Data Breach Notification and Response– Security and Privacy Concerns– Identity Management
05/02/23 Thomas J. Petry - AITP NoVa 21
Ethical
Social Legal
Personal Identity Informatics
05/02/23 Thomas J. Petry - AITP NoVa 22
Concepts of Informatics
The specialization of information management to the processing of data, information and knowledge in a named field of study …
– Introduces relational concepts and theory– Enriches the understanding of both the data and the field of study– Deals with storage, retrieval, relational design and optimal use of
information– Aids in problem solving and decision making– Covers the entire spectrum of information in the related field
including all basic sciences– Studies the social, ethical and human factors of a given field– Ties business process, data, and communications– Can be thought of as the next generation of Library Sciences
05/02/23 Thomas J. Petry - AITP NoVa 23
The Glory of Kings
Informatics is logical end point to Human Thinking … The more information we collect … The more we classify that information … The more we classify … The better we define our body of knowledge … The more defined our concepts … The more we understand other data … The better we define Concepts of Informatics … The more information we collect …
05/02/23 Thomas J. Petry - AITP NoVa 24
Key HCI Stakeholders
National Institute of Standards and Technology (NIST)
Health Level 7 (HL7) National Committee on Vital and Health
Statistics (NCVHS) Centers for Disease Control and Prevention
(CDC) Healthcare Information and Management
Systems Society (HIMSS)
05/02/23 Thomas J. Petry - AITP NoVa 25
Key HCI Stakeholders
National Committee for Quality Assurance (NCQA)
Joint Commission on Accreditation of Health Care Organizations (JCAHCO)
American National Standards Institute (ANSI) World Health Organization (WHO) The American Health Information
Management Association (AHIMA)
05/02/23 Thomas J. Petry - AITP NoVa 26
Key HCI Stakeholders
American Health Information Community (AHIC)
American Society for Testing and Materials Association for Electronic Health Care
Transactions (AFEHCT) National Center for Health Statistics Center for Healthcare Information
Management (CHIM)
05/02/23 Thomas J. Petry - AITP NoVa 27
Key HCI Stakeholders
College of Healthcare Information Management Executives (CHIME)
Healthcare Information and Management Systems Society (HIMSS)
Health Informatics Standards Board (HISB) Agency for Healthcare Research and Quality
(AHRQ) Massachusetts Health Data Consortium
(MHDC)
05/02/23 Thomas J. Petry - AITP NoVa 28
Key HCI Stakeholders
National Association of Health Data Organizations (NAHDO)
National Institutes of Health (NIH) National Human Genome Research Institute
(NHGRI) National Institute of Biomedical Imaging and
Bioengineering (NIBIB) International Medical Informatics Association
(IMIA)
05/02/23 Thomas J. Petry - AITP NoVa 29
Overview
The Human Thirst for Knowledge Informatics
– Healthcare Informatics (HCI) and Personal Informatics (PI)– How HCI and other related fields impact PI– Key HCI Stakeholders
Healthcare– Administrative Law– HIPAA– US Healthcare Market
Point of no return– Technological and Regulatory Trends– Convergence and Vortex of the Future– The Future of your Identity
05/02/23 Thomas J. Petry - AITP NoVa 30
Current US Regulatory Environment
Constitutional Law (Amendments)– Over 10,000 introduced since 1789– Only 27 ratified (last ratification in 1992 Limiting Congressional Pay Raises)– Bill of rights was actually the last 10 of 12 proposed (ratified between 1789 and 1791)– 27th amendment was actually the 2nd of the first 12 introduced
Legislative Law (USC)– Acts of Congress cannot violate the Constitution– Hundreds of Thousands introduced into House and/or Senate– Close to 600 actually got ratified
Requires both Congressional Ratification then President “signs into law” Unless VETO by the President or Reconsideration by Congress after VETO Must pass Judicial Scrutiny
Administrative Law (CFR)– New regulations issued daily– Published in a Multi-Volume set known as the code of federal regulations– Divided into 50 distinct categories known as titles– Several Thousands have been codified– Containing hundreds upon thousands of titles, chapters, parts, and sub-parts
05/02/23 Thomas J. Petry - AITP NoVa 31
Administrative Law
Results from rulemaking, adjudication, or enforcement of a specific regulatory agenda by an agency of the US Government
Scope of Authority comes from both Executive Order and Congressional Legislation
Decision-making bodies (tribunals, boards, commissions, agencies, etc.)
Published in the CFR (Code of Federal Regulations) Expanded Greatly in 20th century world wide – Not
just in the United States
05/02/23 Thomas J. Petry - AITP NoVa 32
Well Known Administrative Laws
Interstate Commerce Act – 1887 Communications Act – 1934 Old Age Pension Act – 1935 Federal Food, Drug and Cosmetic Act – 1938 National Aeronautics and Space Act – 1958 Social Security Act – 1965
05/02/23 Thomas J. Petry - AITP NoVa 33
Areas of Administrative Law
International Trade Banking/Commerce Manufacturing Environment Taxation Broadcasting Immigration Transport Labor
Agriculture Homeland Security Elections Employee Benefits Housing Highways Education Telecommunications Public Health
05/02/23 Thomas J. Petry - AITP NoVa 34
Scope of Administrative Laws
Must be consistent with legislative intent Must be consistent with statutory authority Cannot violate Constitutional authority Cannot violate Legislative authority Generally cannot explicitly deny authority Cannot overlap a duplicated authority Must be based on factual findings Must serve the public interest
05/02/23 Thomas J. Petry - AITP NoVa 35
Federal Rulemaking Process
Q: How does Administrative Law work under the US Constitution?
05/02/23 Thomas J. Petry - AITP NoVa 36
Federal Rulemaking Process
Q: How does Administrative Law work under the US Constitution?
Answer:– Enacted by Congress by the
Administrative Procedures Act of 1946– Follows the Federal Rulemaking Process
05/02/23 Thomas J. Petry - AITP NoVa 37
Federal Rulemaking Process
Ensures the public is informed Allows the public to comment Allows public access to the proposed rules Ensures agencies analyzes public comments Ensure agencies create permanent record of their
analysis and the rulemaking process Ensures agency rules can be reviewed by judicial
branch to ensure correct process was followed Has seven (7) distinct steps or phases
05/02/23 Thomas J. Petry - AITP NoVa 38
1. Legislation
The US Congress passes a law and assigns an agency of the government to promulgate additional regulations
– Example: Clean Water Act– Delegation: EPA
05/02/23 Thomas J. Petry - AITP NoVa 39
2. Advance Notice of Proposed Rulemaking
This is an optional step AKA: Notice of Intent (NOI) Involves publishing the agencies initial
analysis of the subject matter Asks for early public input on key issues All data and communications made
available to the public
05/02/23 Thomas J. Petry - AITP NoVa 40
3. Notice of Proposed Rulemaking (NPRM)
Publication of the actual proposed regulatory language (Federal Register)
Full discussion of the justification and analysis behind the rule
Includes agency response to any prior public comment on advanced notice
05/02/23 Thomas J. Petry - AITP NoVa 41
4. Public Comment
Public Comment Period Begins Agency required to respond to each issue
raised in the comments Comment periods may last for 30 to 180 days
or more Similar to Private Rulemaking – Internet,
Java, American National Standards, ISO, etc.
05/02/23 Thomas J. Petry - AITP NoVa 42
5. Final Rule
Usually the proposed rule becomes the final rule with some minor modifications
Agency publishes full response to issues raised by public comments and an updated analysis and justification for the rule including an analysis of any new data submitted by public (Code of Federal Regulations)
In some cases agencies may publish a second draft proposed rule
05/02/23 Thomas J. Petry - AITP NoVa 43
6. Judicial Review
In some cases interested parties file law suits (this step is therefore situational)
Courts review whether regulation exceeds authority
In USA Administrative Law carries the same authority as Legislative Law or Constitutional Law if not in conflict
05/02/23 Thomas J. Petry - AITP NoVa 44
7. Effective Date / Compliance Date
Rule does not immediately become effective Allows regulated parties to “come into
compliance” Might allow for up to several years to comply Compliance Dates can be extended Compliance Dates can be selectively
enforced– Complaint Based– Good Faith Effort
05/02/23 Thomas J. Petry - AITP NoVa 45
Overview
The Human Thirst for Knowledge Informatics
– Healthcare Informatics (HCI) and Personal Informatics (PI)– How HCI and other related fields impact PI– Key HCI Stakeholders
Healthcare– Administrative Law– HIPAA – Legislative or Regulatory?– US Healthcare Market
Point of no return– Technological and Regulatory Trends– Convergence and Vortex of the Future– The Future of your Identity
05/02/23 Thomas J. Petry - AITP NoVa 46
HIPAA - Legislation
The Health Insurance Portability and Accountability Act of 1996 (Kennedy-Kassebaum Act)– Title I – Portability– Title II – Accountability – Delegated wide
authority to the Department of Health and Human Services
05/02/23 Thomas J. Petry - AITP NoVa 47
HIPAA Title II - Regulation
Title II included a provision known as Administrative Simplification (or A/S)
Delegated Authority to the Department of Health and Human Services to draft rules aimed at increasing the “efficiency of the US Healthcare system” by creating standards for the use and dissemination of healthcare information
Delegated Authority to HHS:– HSS already controls Medicaid, Medicare and State
Children Health Insurance Programs– HSS now regulates portions of the entire healthcare
industry
05/02/23 Thomas J. Petry - AITP NoVa 48
HHS Promulgated Five Rules
The Privacy Rule The Security Rule The Enforcement Rule
– Mostly Legal Implications The Transaction and Code Set Rule The Unique Identifiers Rule
– Mostly Technological Implications
Note: All five of them had a direct impact on your Healthcare Identity
05/02/23 Thomas J. Petry - AITP NoVa 49
Privacy – Security – Enforcement
Defined who has access to your data Defined how to protect that access Set civil penalties for violations and
established procedures for investigations Defined two distinct terms related to your
Healthcare Identity:– Individually Identifiable Health Information (IIHI)– Protected Health Information (PHI)
05/02/23 Thomas J. Petry - AITP NoVa 50
Individually Identifiable Health Information
Member or Subscriber Names All geographic subdivisions smaller than a state Dates of Birth, Admission, Discharge, Death Telephone Numbers Fax Numbers Social Security Numbers Member Identification Numbers Email Addresses, Web URLs, IP Protocols Any other information that could be used alone or in
combination with other information to identify a person who is the subject of the information
05/02/23 Thomas J. Petry - AITP NoVa 51
Protected Health Information
PHI is any information containing IIHI weather:– Oral, written, electronic, visual, pictorial, physical,
or any other form;– That relates to an individuals past, present or
future; Physical or mental health Status, condition, treatment, service, products
purchased, or provision of care Which reveals the identity of the individual
05/02/23 Thomas J. Petry - AITP NoVa 52
Disclosure of PHI
Covered Entities can disclose PHI within chain of trust:– Business Associate/Business Associate Agreement– Minimum Scope of Disclosure– Notice of Disclosure– Authorization of Disclosure
Exceptions made:– Law Enforcement– Public Health Programs– National Security– Other
05/02/23 Thomas J. Petry - AITP NoVa 53
Transaction and Code Set Rule
Standard Transactions– Enrollment and Maintenance– Eligibility Request/Response– Referrals and Authorizations– Claims– Claim Status Request and Response– Remittance Advice and Premium Payments
Code Sets to be used in transactions– Internal and External Code Sets– Medical and Non-Medical Code Sets
Important Note: This made the format of your Health Information Record a matter of Public Knowledge
05/02/23 Thomas J. Petry - AITP NoVa 54
Health Care Data Element Dictionary
Contains over 1,000 data elements just to support nine required transactions necessary to support the lifecycle of a healthcare claim from enrollment of a beneficiary to the remittance for services
Each of these data elements reference external code sets that in turn call upon hundreds upon thousands of external code descriptions
Future transactions anticipated for the future:– Report of first injury– Claims Attachments– Electronic Medical Records and Personal Health Records– Clinical Decision Support Systems– Regional and National Health Information Exchanges (HIE)– Non implemented enumeration systems
05/02/23 Thomas J. Petry - AITP NoVa 55
Unique Identifiers Rule
National Health Plan ID (N Plan ID)– Handled by National Plan and Provider Enumeration System
(NPPES) National Provider ID (NPI – May 23, 2007 Compliance Date)
– Handled by National Plan and Provider Enumeration System (NPPES)
National Employer ID (EIN)– Used Existing EIN assigned by SSA
National Patient ID … – Most Controversial of all rules– Congress provisioned additional congressional approval– NOI Put on hold/additional hearing postponed indefinitely– Privacy and Security not the only Concerns– Consider the cost of enumerating 300 million Americans
05/02/23 Thomas J. Petry - AITP NoVa 56
Did HIPAA Solve the Problem?
An attempt to control 20th century medicine with 19th century paperwork
An attempt to regulate the Healthcare Industry into adopting standards it was unwilling or unable to do by consensus
– Tried to solve a business problem through regulation– Healthcare spending still way out of control
An attempt to solve an administrative nightmare through the use of additional paperwork
– Short Term increased rather than decreased the cost of Healthcare HIPAA isn’t a collection of compliance dates – it’s a process
– Notice of Proposed Rulemaking (NPRM) continues– HHS still has widely delegated powers
05/02/23 Thomas J. Petry - AITP NoVa 57
Overview
The Human Thirst for Knowledge Informatics
– Healthcare Informatics (HCI) and Personal Informatics (PI)– How HCI and other related fields impact PI– Key HCI Stakeholders
Healthcare– Administrative Law– HIPAA– US Healthcare Market
Point of no return– Technological and Regulatory Trends– Convergence and Vortex of the Future– The Future of your Identity
05/02/23 Thomas J. Petry - AITP NoVa 58
Current US Healthcare Market
Spending 15% of the GDP increasing to over 20%– 3 times more costly than the United Kingdom– Highest Pharmaceutical costs in the world– Highest Overall Healthcare costs in the entire world
17% of the US Population still has no Insurance Emergency Medical Treatment and Active Labor Act (EMTALA)
ensures they get treatment anyway Plagued with
– Healthcare disparities– Equal access to quality healthcare– Preventable Adverse Drug Events– Plagued with Preventable Medical Error
05/02/23 Thomas J. Petry - AITP NoVa 59
Current US Healthcare Market
Most scientifically and technologically advanced healthcare system in the world, But:
– Lacks the elements Of a free market– Lacks the elements of transparent pricing– Lacks incentives necessary to build industry consensus– Highly Regulated on supply side– Healthcare Systems are still highly complex, fragmented and use
multiple IT systems and vendors incorporating different standards– Results in healthcare inefficiencies, waste, adverse drug reactions
and medical errors AND: Only country in the developed world where you loose
your health insurance at the same time you loose your ability to purchase more
05/02/23 Thomas J. Petry - AITP NoVa 60
The US Healthcare Evolution
Self Pay– 1ST Party Payment (Patient at risk)– Early 1900s
Indemnity– 3rd Party Payment (Insurance Co at risk)– Employer based group plans– 1920’s through 1990’s
Shared Risk (but still employer based)– Capitation – 2nd Party Payment (Provider at risk)– Integrated Networks (Insurance and Provider)– Consumer Driven Health Plans (all share risk)– 2000 and beyond
05/02/23 Thomas J. Petry - AITP NoVa 61
Employer Based Healthcare
America's Insured46.6 Million People in the US without Healthcare
Insurance for Part of 2005
59% Through Employer
9% Purchase Directly
27.3% GovernmentPrograms
05/02/23 Thomas J. Petry - AITP NoVa 62
US Healthcare Costs
Growing at a rate of 2.5 times faster than our economy Rose from 7% to 15% of GDP in last 35 years, rapidly approaching 20% Huge price-shifting strategies to accommodate
– Uninsured patients– Litigation– Research
Yet still we continue to fund research and trials– $111 billion in 2005– $61 billion for pharmaceuticals
Why?– Consistent ROI – $2.5 to $38.5 ROI for every extra $1 spent on healthcare– Value of Life (VOL) between $50,000 and $100,000 – We might save money if we didn’t but more people would die from disease
or accidents and less babies would survive …
05/02/23 Thomas J. Petry - AITP NoVa 63
Overview
The Human Thirst for Knowledge Informatics
– Healthcare Informatics (HCI) and Personal Informatics (PI)– How HCI and other related fields impact PI– Key HCI Stakeholders
Healthcare– Administrative Law– HIPAA– US Healthcare Market
Point of no return– Technological and Regulatory Trends– Convergence and Vortex of the Future– The Future of your Identity
05/02/23 Thomas J. Petry - AITP NoVa 64
Point of No Return
Can’t go back to Free Market Healthcare Can’t put our Personal Identity back in the box
– We were told SSN would never be used for anything else– Asking for SSN in merchant transactions has proliferated our SSN into
countless databases– Healthcare informatics and other trends are likely to proliferate our
Healthcare Identity into thousands upon thousands of more Can’t turn back the regulatory clock
– Regulatory Capture– Deregulation Ineffective
Can’t switch off and slow down technology– Roadrunner Culture– World of Instant Gratification– Do you really want to go back to a world without advanced medical care?
So where are we going?
05/02/23 Thomas J. Petry - AITP NoVa 65
Health Technology Reform
National Health Information Infrastructure (NHII)– Distributed National Health Information Database– Regional Health Information Organizations (RHIO)– Proliferation of Health Information Exchanges (HIE)– Expanded use of EMR, EHR, and PHR
Clinical Improvements– Expanded use of Clinical Decision Support Systems
(CDSS)– Expanded use of Computerized Physician Order Entry
(CPOE)– Proliferation of Retail Healthcare Clinics– Globalization of Standard Clinical Vocabulary
05/02/23 Thomas J. Petry - AITP NoVa 66
Health Technology Reform
Interoperability between Medical Devices (HL7) National Patient Identification System Expanded use of RFID Technology in Healthcare Multiple Quality Initiatives for Improvements to patient
safety Wider Use of electronic Prescribing (e-Prescribing)
– Improvements to pharmaceutical and patient safety– Wider availability of patient histories including medication
usage– Elimination waste fraud and abuse (physician shopping)
05/02/23 Thomas J. Petry - AITP NoVa 67
Convergent Globalization
Convergence of technology (research, connectivity, integration), inter-dependence, economic (pricing, products, wages, interest rates, profits), geopolitical (social, cultural, political) towards a developed countries norms
– Every day life is being standardized throughout the world– Life expectancy almost tripled in developing countries since WWII– Child Labor drops from 24% in 1960 to 10% in 2000
In healthcare ICD directly impacts global standardization:– Most widely used statistical classification system in the world– Web-based approach to revise ICD-11 planned for 2008-2014– ICD-9-CM 1977 (USA) – ICD-10-CM/PCS 1983-1992 (Many other
countries) Read the book “The World is Flat” 2006 by Thomas L. Friedman
– Advanced technologies developed– Engineers in New Delhi, programmers in Poland, customers is Boise
05/02/23 Thomas J. Petry - AITP NoVa 68
Convergent Legislation and Regulations
World Intellectual Property organization Copyright Treaty (WIPO) 1996
Digital Millennium Copyright Act (DMCA) 2000 Patriot Act of 2001 Identity Theft and Assumption Deterrence Act of 2003 Real ID Act of 2005 – DHS promulgating rules Payment Card Industry Data Security Standard (PCI
DSS)
05/02/23 Thomas J. Petry - AITP NoVa 69
Potential Future Legislation
Cyber-security Enhancement and Consumer Data Protection Act, HR 836
The Internet SAFETY Act, HR 837 The Spy Act, HR 964 HR 948 unlawful to sell or buy Social Security
numbers Prevention of Fraudulent Access to Phone
Records Act, HR 936
05/02/23 Thomas J. Petry - AITP NoVa 70
ID Theft Still Real and Continuing
Retail Giant TJX recent disclosure – as many as 45.7 million customer records stolen by intruders
The President's Identity Theft Task Force has plans for creating a national identity theft law center and educating the public on the dangers of identity theft
– Government seeking national data protection standards in the private sector
– Task force aimed recommendations at both private companies and government agencies
Ordinary citizens now beginning to protect themselves through the use of an alias
– In future ordinary citizen use of alias could out number use by criminal element
– Still the fastest growing crime in the world
05/02/23 Thomas J. Petry - AITP NoVa 71
Putting SSN back in the box
ID Task Force recommends reduced use of SSN as an identifier but knows patients must still be enumerated
Social Security Administration knows of wide spread breaches in use of SSN
Some have proposed scrapping the SSN system and starting over
Use of National ID system may eventually replace SSN and also solve Patient ID and other problems (Bio-surveillance, immigration)
05/02/23 Thomas J. Petry - AITP NoVa 72
Bio-Surveillance
Anticipated to be used by both public health and homeland defense
Expanded use of Healthcare technology in all areas to serve the public interests
Requires the use of both Healthcare Informatics and Geographic Informatics
Must exploit data from multiple sources and monitor for:– Naturally occurring epidemics– Potential Bio-Terrorism
Delicate balance between your personal freedom’s and the safety and security of an improved quality and security of life
05/02/23 Thomas J. Petry - AITP NoVa 73
Your Digital Identity
Pieces of your personal identity scattered across multiple domains:
– Employer– Social Security Administration, IRS and State Tax Agencies– Financial Institutions and Brokers– Insurance Carriers– Retail, Utility and Telecommunication Providers
Internet has caused our digital identities to become even more numerous and more fragmented
Ability to coordinate, interact and control our identity has become increasingly more difficult
– Name, Address, SSN, Dates of Birth, Death, Marriage, Divorce– Account Numbers, User ID’s and Passwords– Transaction Data, IP Addresses
05/02/23 Thomas J. Petry - AITP NoVa 74
Patient Identification Technology
Six-digit compression of the patient’s health ID number– Could eventually be expanded to replace SSN
Expanded use of Biometric technologies:– National Health ID Card based on a number of key Personal
Biometric Indicators: Any one of which would be difficult to duplicate Used in combination would be highly unlikely it could ever be
reproduced– What arbitrary number is assigned to you, therefore
becomes meaningless from a Personal smart card technology
05/02/23 Thomas J. Petry - AITP NoVa 75
Trust Hierarchy and Authentication
Necessary to ensure Health Information in the hands of the right people at the right time (homeland defense, public health,
A dozen different states are already competing to host a new, $450 million government Bio-Defense research lab that will employee approximately 300 researchers
Extensible hierarchical based authentication trust trees– Includes standards for optimal use by both government and private
providers– Current recommendations include accelerating the definition and
establishment of same Wider use of Federated Identity Management (FIM)
– Security Assertion Markup Language (SAML)– Federated Trust Models
Authentication means for anonymous entities
05/02/23 Thomas J. Petry - AITP NoVa 76
Vortex of Convergence
Convergence of Informatics Convergence of Standards Convergence of Legislation Convergence of Globalization
The Convergence of multiple phenomena is driving us to towards a seemingly unstoppable future which will directly impact our identities (both personal and digital) of the future …
05/02/23 Thomas J. Petry - AITP NoVa 77
What is the Future of your personal identity?
An individuals comprehension of him or herself as a discrete, separate identity:
– Personal Identity is defined by you!– Can anyone really steal your personal identity?– Is a person at one time the same person at another time?
Your electronic Identity is defined by others:– Financial Identity (Credit and Portfolio Profiles)– Health Identity (Pre-Existing Conditions)– Criminal Background Checks– Employment Histories– Address Information– Business and Commercial Identity
What responsibilities do we have as IT Professionals?
05/02/23 Thomas J. Petry - AITP NoVa 78
Overview
The Human Thirst for Knowledge Informatics
– Healthcare Informatics (HCI) and Personal Informatics (PI)– How HCI and other related fields impact PI– Key HCI Stakeholders
Healthcare– Administrative Law– HIPAA– US Healthcare Market
Point of no return– Technological and Regulatory Trends– Convergence and Vortex of the Future– The Future of your Identity
05/02/23 Thomas J. Petry - AITP NoVa 79
QUESTIONS?
Thomas (Pete) PetryCell: 202-367-5971
Email: [email protected]
Thank You for your time!