TASCET comments on ONC Draft Trusted Exchange Network

March 1, 2018

[The attached letter is TASCET’s formal response to the ONC’s request for public comment regarding the Draft Trusted Exchange Network. You can access their draft here: https://www.healthit.gov/sites/default/files/draft-trusted-exchange-framework.pdf]

Don Rucker, M.D.

National Coordinator for Health Information Technology

U.S. Department of Health and Human Services

200 Independence Ave., S.W.

Washington, D.C. 20201

RE: Draft Trusted Exchange Framework

Dear Dr. Rucker:

TASCET appreciates the opportunity to provide comments on the draft Trusted Exchange Framework released January 5 by the Office of the National Coordinator for Health Information (ONC). TASCET is an identification company, providing software for the unique identification of individuals. We focus on the technology and processes needed to ensure individuals are not attributed to multiple identities, whether as a result of human error or an attempt at identity misrepresentation and fraud.

My comments address those sections of the Trusted Exchange Framework that relate to individual and end user identification (identity proofing), and specifically the question posed by ONC on page 11 of the draft document: Are there standards or technical requirements that ONC should specify for identity proofing and authentication, particularly of individuals?

In the draft Trusted Exchange Framework, ONC has recommended that identity proofing processes for individuals and end users/participants meet a minimum of Identity Assurance Level 2 (IAL2) as described in NIST Special Publication 800-63 (Revision 3). Establishing requirements for identity proofing is vital to the successful exchange of health information, patient safety and privacy, however, this recommendation is flawed.

Identity assurance level 2 incorrectly bases identity on the presentation of information and documents (e.g. driver’s licenses, passports or identification badges) that are highly vulnerable to forgery, loss, theft and shared use. By accepting IAL2 as the minimum requirement for individual identity proofing, ONC is also accepting a level of risk in identity processes that will threaten patient safety, lead to the contamination of health information networks with synthetic identities, and undermine trusted health information networks and exchange.

NIST defines identity as “the set of physical characteristics by which an individual is uniquely recognizable,” and identification as “the process of discovering the true identity of a person from the entire collection of similar persons.” Individuals are not uniquely recognizable by documents that can be fraudulently obtained and easily shared, stolen and forged. Nor are they ‘identified’ through a process that verifies the integrity of the document provided. Verification provides evidence of the documents supplied, not of the identity.

Data breaches now pose the greatest identity risk to healthcare organizations, health information networks and trusted exchange. The information compromised is sent to underground markets to be sold and resold for identity misrepresentation, synthetic identities (fictitious identities created by pairing false information with the valid information stolen in a breach) and fraud. Criminals use the data to impersonate patients to receive healthcare or to avoid detection when obtaining opioids and other high-risk medications. Health information compromised in a breach is also combined with other data to create complete ‘packages’ of identity information which sell for $1,000 or more. The information stolen is also used for document fraud, enabling criminals to fraudulently obtain valid credentials including driver’s licenses and passports – the documents accepted for identity proofing within IAL2.

ONC must not publish a framework for the trusted exchange of health information without addressing and proactively planning for the impact of data breaches, not only with respect to the security of information, but more importantly for the purpose of protecting patients, providers and others participating within a health information network from identity fraud. ONC must also not ignore the potential for blockchain and distributed ledger technology to fundamentally change the way patients and their health information are recorded. Instead, the Trusted Exchange Framework should establish guidelines that will secure the identity and anonymity of patients, providers and end users as health organizations and networks move to systems built on blockchains and private ledgers.

As part of the comment process, ONC has asked for input on standards or technical requirements that ONC should specify for identity proofing, particularly of individuals. What is needed is not a standard for identity proofing, but a standard protocol for identification.

This protocol must center on the use of physical characteristics, not on information and documents, and prevent individuals from being attributed to multiple identities, whether as a result of human error, inconsistencies in data entry, or an attempt at identity misrepresentation to commit fraud.

The implementation of an identification protocol for health information networks and trusted exchange will align the identity processes used by all participating healthcare organizations. This protocol must break down barriers between disparate health information networks and systems to fully achieve interoperability, ensuring that individuals have a single identity, and can be linked to their patient records – and only their records – across nationwide health information exchange.

A standardized identification protocol establishing a single identity for patients will serve as the foundation of the single “on ramp” to electronic health information envisioned by ONC. It will enable individuals to be accurately identified regardless of the electronic health record and health IT platforms used, or the location of the patient’s records. It also provides a seamless transition for healthcare organizations and health information networks to systems built on blockchains and distributed ledgers technologies, preventing the existence of synthetic identities and providing anonymity, security and identity for patients, providers and others.

Identity proofing at assurance level 2 provides the path of least resistance for criminals whose aim is to use flawed processes for personal gain by using the health information of someone else. IAL2 is based on the assumption of identity, not identity. This may be adequate for some low-security purposes, but not the trusted exchange of health information.

The Trusted Exchange Framework has given ONC – and the healthcare industry – the opportunity to set the bar higher, to establish a standardized protocol for identification based on the person, not on the documents and information they present. When patient safety is at stake, no level of risk is acceptable. The industry must engage with companies providing solutions that meet the identity risks facing health information networks today and in the future, rather than look back at antiquated and flawed identity processes and standards.

I appreciate the opportunity to provide comment on the vital work to enable interoperability across disparate health information networks. I would be happy to discuss our response in more detail and work with the Office of the National Coordinator for Health Information on a standardized identification process as you refine the Trusted Exchange Framework. Please contact me at laubol@tascet.com, or my colleague Kari Douglas at kdouglas@tascet.com. We look forward to hearing from you.

Sincerely,

Larry Aubol

Chief Executive Officer