Tuesday, February 2, 2016

Patient as a User - becoming "known to a practice"

The current practice is ‘in person proofing’… as the first encounter with the patient is as a … patient… Now many patients are not at their ‘best’ when they first appear, so the understanding of their identity evolves over the first hours and days and weeks. Thus in healthcare practice we often know the patient by many identifiers that we have either merged or linked. And there are cases where a merged or linked patient needs to be unmerged or unlinked. Very messy business. Ultimately the patient gets billed for the services they have received, and the identity gets confirmation that they paid, thus stronger. This is just a discussion of the patient id, not the patient as a user.  See my topics on Patient Identities.

Patient as User

The patient as a User usually starts with this in-person relationship. Most often the healthcare organization uses the identity they know, and the billing address to send them postal-mail (covered by strong fraud laws). This kickstarts an online confirmation workflow that binds the human patient identity to a user identity. Unfortunately this often is by way of a hospital managed user account, and not an internet friendly OAuth identity.

There are increasing cases where an internet friendly OAuth identity is used. However these (Facebook, Google, etc) are very low assurance identities, as anyone can claim to be anyone. To use these in healthcare we elevate the LoA using the above described online confirmation workflow so that the result is an identity that the patient wants to use, elevated to a higher assurance level through the healthcare driven identity confirmation workflow.See my User Identity topics.   Specifically getting to mHealth solutions - real People

User Identity and Authentication 

Patient Identity