First point of call for secure identity management
Healthdirect Australia has contracted Brisbane-based identity and access management firm First Point Global to design a secure, centralised identity management solution for its cloud-based health portal platform, which includes the National Health Services Directory (NHSD), My Aged Care and a number of information services and telephone hotlines.
The solution is currently live for a range of Healthdirect's application programming interfaces (APIs), and will provide the identity and access management (IAM) and security foundations for the government-funded organisation's websites and information portals as they expand and mature. Healthdirect is currently exploring options to provide cloud-based video as well as telephone consultations for its health advisory services.
The My Aged Care website recently began publishing maximum accommodation prices for aged care providers as well as a fee calculator for residential aged care.
First Point Global has recommended a mix of open source and commercial-off-the-shelf technologies for the solution, which covers access request management, password management, authentication and authorisation – including web access control and single sign-on – as well as access management for the APIs and a range of data protection and security technologies.
The company says the advantages of this approach include a better experience for users, easier compliance with legislation, consistency of policy enforcement, and the ability for users to manage their private data irrespective of where it is stored.
Healthdirect requires rigorous security standards as it provides public-facing government services such as My Aged Care as well as the NHSD, which provides public information on locations and contact details for healthcare services including GPs, community pharmacies and hospitals.
It is also being integrated with the PCEHR and the Healthcare Identifiers (HI) Service. As such, Healthdirect Australia needs to comply with the security standards mandated by the government's Information Security Manual (ISM) standard and the Protective Security Policy Framework (PSPF).
Part of the tender requirements were that the chosen solution provider would adopt an open source-first policy, where proven open source software can reduce costs.
“As far as possible we prefer to adopt open source first if it is viable to create as much leverage as we can out of taxpayers' dollars,” Healthdirect Australia CIO Anton Donker said.
“We also prefer to engage with specialist service providers like First Point Global, rather than very large scale commercial vendors.”
The access management system for the health portal platform is focused on authentication and identity federation services. End users are given the option to authenticate using social sign-on, or via username and password to the Healthdirect Australia identity store.
A security gateway that enforces access management policy for Healthdirect's APIs, including the NHSD, is also part of the solution, as is secure management of encryption keys for sensitive information.
Posted in Australian eHealth