The Carin Alliance interoperability collaborative is launching a proof-of-concept project with two Health and Human Services Department agencies, with a vision of making it easier for patients to access health data, the group announced at a health IT conference Tuesday.
The Carin Alliance—a group founded by former national coordinators for health IT David Blumenthal and David Brailer, former U.S. chief technology officer Aneesh Chopra, and former HHS secretary Mike Leavitt in 2016—is leading the project, with involvement from CVS Health, Oakland, California-based Kaiser Permanente and Renton, Washington-based Providence.
The project aims to establish a single way to verify a patient's identity, so a patient could use that credential to request data from multiple providers and health plans. Today, a patient would have to request health records from individual providers and payers separately, verifying their identity each time—often needing to remember multiple usernames and passwords.
The Carin Alliance is proposing an approach similar to how people use driver's licenses to verify identity, said Ryan Howells, a program manager at the Carin Alliance and principal at Leavitt Partners, a consulting firm.
To receive a driver's license, a person uses a series of "trusted identifiers"—like a birth certificate and passport—to prove they are who they say they are.
But "once you've received a driver's license, you're not going to go get a different driver's license for every use case you need to prove your identity," Howells said during a panel discussion at the ViVE health IT conference in Miami Beach, Florida, on Tuesday. "You'll use that same credential multiple different times."
It's similar framework to how Google, Facebook and other companies have "single sign-on," so that users can sign up for various other services with their same username and password.
The Carin Alliance's vision is for patients to use a credentialing service that's been certified by an independent third-party and partnered with HHS's external user management system. That credentialing service "authenticates" the patient, who's now able to access data from participating providers and payers, according to a presentation on Carin Alliance's website.
That relies on providers, health plans and other organizations trusting that the credentialing service has adequately established that the patient is who they say they are.
"There is inherent risk in this model," Howells said. "Who am I going to trust? Why do I trust them? … We're going to try to answer that question."
The project so far includes 20 participants, including a handful of providers, health plans, digital health applications, credentialing service providers and trust frameworks to credential participants, all of whom agree to adhere to technical, policy, legal and certification guidelines established by the Carin Alliance.
The Office of the National Coordinator for Health Information Technology and the Centers for Medicare and Medicaid Services, two agencies at HHS that had companion data-sharing rules go into effect last year—will also participate as "government observers," according to Carin Alliance's website.