FRAMINGHAM (04/20/2000) - Health information executives have welcomed the launch of a coalition of 23 vendor and health care organizations that will define specifications for authenticating health-related transactions over the Web.
In addition to heavyweights such as Intel Corp., Cisco Systems Inc., Sun Microsystems Inc. and Oracle Corp., members of the coalition - dubbed the 11.19 Working Group - include MedicaLogic in Hillsboro, Oregon, VeriSign Inc. in Mountain View, California, and Aetna U.S. Healthcare in Blue Bell, Pennsylvania.
Gregory Miller, chief Internet strategist at MedicaLogic, said the coalition's efforts will enable health care organizations to verify the authenticity of the sender or receiver of electronic health information.
For instance, a pharmacy would be able to determine whether the person sending a prescription is a licensed physician.
Currently, health organizations use a variety of methods - including smart cards, passwords and biometric devices - to authenticate users.
Trust But Verify
The coalition's goal would be to establish digital credentials for medical professionals and create specifications so that various methods of authentication would be interoperable for transactions such as lab tests, claims submissions and pharmacy orders.
"Since there's no single dominant Internet health care company out there, these organizations [coming] together to determine [specifications] is really critical," said Scott Cebula, executive director of information services at Long Beach, California, health care provider MemorialCare. However, Cebula said, he would like to see some user representation in the coalition.
Miller said the 11.19 Working Group hopes to open membership to users by early next month and noted that two dozen health care providers have already expressed an interest in joining. The group also expects to publish a draft of its guidelines by next month, said Miller.
In Texas, Medical Center of Lewisville CIO Connie Salsman said the group's specifications would help health care organizations gear up for the Health Insurance Portability and Accountability Act (HIPAA).
Though the legislation has yet to be handed down in its final form, HIPAA will impose fines and possibly jail time for officials of health care organizations that don't adequately safeguard the privacy and security of electronic information.
"There has to be a way for the average user to know that what [the user is] doing is comparable" to what the HIPAA legislation will entail for users, said Salsman. "HIPAA will require a better way of authenticating [users]."