Resources
- Identity Use Cases & Scenarios.
- FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- D4.1: Structured account of approaches on interoperability.
- D4.2: Set of requirements for interoperability of Identity Management Systems.
- D4.4: Survey on Citizen's trust in ID systems and authorities.
- D4.5: A Survey on Citizen’s trust in ID systems and authorities.
- D4.6: Draft best practice guidelines.
- D4.7: Review and classification for a FIDIS identity management model.
- D4.8: Creating the method to incorporate FIDIS research for generic application.
- D4.9: An application of the management method to interoperability within e-Health.
- D4.10: Specification of a portal for interoperability of identity management systems.
- D4.11: eHealth identity management in several types of welfare states in Europe.
- Profiling.
- Forensic Implications.
- HighTechID.
- Privacy and legal-social content.
- Mobility and Identity.
- Other.
- IDIS Journal.
- FIDIS Interactive.
- Press & Events.
- In-House Journal.
- Booklets
- Identity in a Networked World.
- Identity R/Evolution.
E-health sector
When applying the method within the e-health sector it is recommended that best practice processes be developed for two areas of interest:
Managing the stakeholder model
A recommendation is that the stakeholder model is managed and maintained by a government department or a dedicated body, representing the sector being managed. It is acknowledged that this is an enormous and difficult task, which may take a very long time to achieve. However, making identity management “completely effective” may require this approach. There are many issues to take into account, such as security, privacy, data protection, inter-relationships and interoperability between the many institutions that need to be involved. It is envisaged that the FIDIS Best Practice Method will assist in this task.
Best practice within individual institutions
Within different institutions best practice processes will be similar. Such institutions include hospitals, medical councils and health authorities. These are broadly shown within the stakeholder model in Figure 8.
Figure 8
The actions which need to be addressed, when managing the stakeholder model, and by the individual institutions are listed below.
Requirements Domain
Identity management activities:
Develop a stakeholder model
Specify interoperability activities, which should include:
What information is required
Where the information is to be delivered
When is the information to be delivered
Information resources, their origin and interoperability uses
Legal issues to be addressed
Roles and responsibilities of personnel
Incentives
Processes and procedures to be adopted
Technologies to be applied
Audit and control methods required
Quality levels to be adopted
Standards to be applied
Change management
Management activities:
Develop a strategy for managing and maintaining interoperability activities
Specify risk assessments to be performed
Decisions to be made on such topics as:
Security
Processes for performing analyses
Processes for delivering information
Management tools, techniques and procedures to be employed
Specify information, roles and responsibilities, processes and technologies to manage the resources
Business modelling domain
Develop models, similar to that shown in Figure 9, to represent the interoperability processes:
Activities within and between institutions
Application of technologies
Information resources and flows
Trigger events and their impact on interoperability
Document interoperability processes including:
Work procedures and tasks
Roles and responsibilities of personnel
Audit and control points
Figure 9
Information management principles domain
Information:
Information to be collected, analysed, distributed, stored and maintained includes:
Identity parameters
Personal details
Laws
Regulations
Intelligence reports
Behaviour profiles
Duty of Care:
All personnel should be aware of their legal obligations
Procedures should be documented to assist staff in their work
Perform training for staff
Understand laws and regulations
Specify liaison between stakeholders
Specify the roles and responsibilities of staff
Processes and procedures:
Specify and document all interoperability processes and procedures including:
Introducing the changes (evangelisation, training, overcoming the resistances, etc.)
Creating and monitoring rules and regulations
Identity procedures
Investigation procedures
Recovery and correction procedures
Enabling technologies:
Identify, assess and apply appropriate technologies to support and enable interoperability processes and procedures
Establishes procedures to monitor and control potential exposure to risks arising from the misuse or failure of its computer systems
Develop electronic versions of policies, processes, procedures and reference material on the institution’s computer network to allow access by relevant staff, at the appropriate level of security.
Audit:
The positioning of audit points should be specified and agreed
The audit methods at each audit point should be documented
The nature and frequency of audit to ensure compliance should be documented
System Domain
All of the above domains and their components should assist with creating the specification and requirements for any specified computer or manual identity management system in terms of processes, information and personnel requirements.
Mapping best practice procedures
The information may be mapped onto the models as well as onto a matrix. Table 3 shows a typical matrix for developing best practice within the e-health sector as discussed above; one axis being the five principles of information management and the other axis being the stakeholders.
The information may be mapped onto the models as well as onto a matrix. Table 3 shows a typical matrix for developing best practice within the e-health sector as discussed above; one axis being the five principles of information management and the other axis being the stakeholders.
Stakeholder | |||
Identity Management
Security
Websites
Information systems
Databases
Interoperability
End-to-end processing
etc |
Table 3
15 / 16 |