Healthcare Information Security

Cybersecurity News

NIST Group to Fund Healthcare ID, EHR Security Pilot Project

NIST and ONC will fund a project that implements a trusted identity credential program to improve EHR security.

By Jacqueline Belliveau

- The National Strategy for Trusted Identities in Cyberspace (NSTIC) National Program Office has announced a new funding opportunity for innovations in federating identity credentials across the healthcare industry and promoting EHR security, according to a recent blog post.

NIST seeking EHR security projects

In collaboration with the Office of the National Coordinator for Health Information Technology, NSTIC will review and support pilot projects that consolidate the number of accounts healthcare providers and patients use to access EHR information online from disparate health organizations.

NSTIC is a White House initiative that works to improve security, privacy, and accessibility of online transactions. The National Program Office of NSTIC was established at the National Institute of Standards and Technology (NIST) to implement NSTIC programs.

The funding proposal emphasizes the challenges that patients and physicians face when using different accounts to access health information.

For example, every time a patient visits a healthcare provider, he or she is likely to receive a new account and password to access that physician’s specific EHR system. The number of accounts increases as an individual visits different healthcare providers, such as a primary care physician, dentist, and specialist.

Healthcare providers may also need to use a variety of identity credentials to access different EHR systems for the same patient’s health information. Over the course of time, a physician could see a patient at a regular office visit, in an emergency at a hospital, and at various follow-up appointments. Using several accounts and EHR systems could compromise patient safety and take up significant time.

NSTIC asks researchers to develop a system that requires one trusted credential and is interoperable across multiple EHR systems.

Additionally, each pilot program must uphold NSTIC guiding principles, which state that solutions are privacy enhancing, secure and resilient, interoperable, cost-effective, and easy to use.

“We are pleased to collaborate with NIST on this important federated identity pilot project,” said lead IT security specialist at ONC Rose-Marie Nsahlai. “Reducing the number of siloed identity solutions using federated credentials aligns with the calls to action in ONC’s Shared Nationwide Interoperability Roadmap.”

NSTIC expects to fund one award ranging from $750,000 to $1 million for 18 months.

NISTC and ONC are searching for projects that:

• Pilot a federated credential solution in which at least two hospitals or regional healthcare systems accept a federated, verified identity that leverages multi-factor authentication and an effective identity proofing process.

• Enable online access to at least two organizationally separate healthcare organizations.

• Demonstrate that the federated credential solution aligns with the Identity Ecosystem Framework Requirements.

• Allow for interoperability with other identity federations in the healthcare sector and, where possible, other sectors.

• Include collecting metrics and other information about the implementation of the federated credential solution that can contribute to a best practices guidance document.

To ensure that the pilot projects are interoperable, applicants must be a for-profit, non-profit, or governmental hospital or hospital network that partners with at least one other local healthcare organization.

Partnered healthcare organizations should use different EHR systems and expect overlap of patients, physicians, or other clinical staff.

Each pilot project should implement a federated identity credential in each hospital and healthcare organization involved in the project. Researchers will collect data on how the program was executed and its performance.

NSTIC aims to publish a document on interoperable identity credentials as a guide for other healthcare systems. The projects will provide best practices on interoperability and healthcare data security.

“The ease of use and convenience provided by a federated identity solution will help to accelerate clinician adoption of new digital health solutions,” said Nsahlai. “We look forward to seeing new ideas and solutions unfold and increased adoption of quality identity solutions in healthcare.”


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks