Who would you trust to identify you in accessing your health record?

Abstract

Within health and social care there is a strong need to provide access to highly sensitive information, and one which requires high levels of identity assurance. This paper outlines a joint project between Edinburgh Napier University and miiCard [10], and which aims to provide trusted identities in order to support both the access to health records, and also support the requirements to share information across domains. It provides an overview of some of the key issues involved in proving identity within the access to health care records, and also the proposed framework, safi.re, that is being used in the joint project. The paper also includes the results from a survey on the attitudes to the access to electronic health records, and shows that users in the survey often require high-levels of assurance in the identity provision that is used in health record access. A key finding is that users mostly prefer to use an identity provision method that they control, along with one which has high levels of assurance, and this re-enforces the viewpoint that LOA (Level of Assurance) 3+ should be used to control the access for public access to electronic patient records. The paper outlines the differing levels of assurance and proposes that LOA 3+should be the minimum requirement for health record access for citizens.