NASH has failed: agreement set to delegate identity authentication to vendors

Secure messaging vendors will have the ability to issue authentication certificates on the spot and use their own identifiers as an interim measure while work continues on making messaging systems interoperable, with a project also underway on a FHIR-based directory standard that will allow rival vendors to query each other's address books.

Variously describing the National Authentication Service for Health (NASH) and the Healthcare Identifiers (HI) Service as “failures”, “unwieldy” and “unsuccessful”, messaging vendors told the Health Informatics Conference (HIC) in Brisbane last week that an agreement to give vendors more control over the interoperability agenda was soon to be signed.

Posted in Australian eHealth

Tags: SMD, NASH, secure messaging, HI Service

Comments  

0 # Lynden Crawford 2017-08-16 16:20
Medical-Objects would prefer that PKI be authenticated by the Government and not the individual messaging vendors. Privacy and security depend on the validity of those certificates and we would like to see uniform trusted authentication. The NASH Certificates have some issues at present, but the ADHA has expressed that they will be fixing those issues next year and that would be our preference.
Reply
0 # John Lambert 2017-08-19 12:27
It's great to see these issues being discussed and ideally addressed.

Distributed or federated systems managed by vendors are fine as long as the standards exist and are applied consistently (just like web site security certificates). I suspect ADHA has a role to play there.

I would caution against mandating location as a destination end point. For SOME use cases, constraining an end point to person AND service/locatio n is required. For other use cases, service/locatio n is best (e.g. Many types of referrals to clinics instead of individuals). In other circumstances, a person end point is required WITHOUT service/locatio n (letter o be read urgently by Dr X. regardless of his/her current location).

There are even instances where a communication to a person needs to be able to changed to a letter to a location, potentially using rules (result ordered by a Locum, Locum returns to another country, and even where a communication to a person needs to be viewed by another person (communication to a practioner about a patient and the practitioner is on leave/off sick/off duty/has unexpectedly died).

Until these use cases (and probably others) are addressed together with the usability impacts, any implementation will fail IMHO.
Reply

Add comment

Please note comments of a self-promotional nature are likely to be deleted.

Security code
Refresh

Sign up for Pulse+IT eNewsletters

Sign up for Pulse+IT website access

For more information, click here.

Copyright © 2020 Pulse+IT Magazine
No content published on this website can be reproduced by any person for any reason without the prior written permission of the publisher.