Your browser doesn't support javascript.
Accessing Patient Electronic Health Record Portals Safely Using Social Credentials: Demonstration Pilot Study.
SooHoo, Spencer; Keller, Michelle S; Moyse, Harold; Robbins, Benjamin; McLaughlin, Matthew; Arora, Ajay; Burger, Abigail; Huang, Lilith; Huang, Shao-Chi; Goud, Anil; Truong, Lyna; Rodriguez, Donaldo; Roberts, Pamela.
  • SooHoo S; Enterprise Information Systems, Cedars-Sinai Medical Center, Los Angeles, CA, United States.
  • Keller MS; Division of Informatics, Department of Biomedical Sciences, Cedars-Sinai Medical Center, Los Angeles, CA, United States.
  • Moyse H; Enterprise Information Systems, Cedars-Sinai Medical Center, Los Angeles, CA, United States.
  • Robbins B; Division of Informatics, Department of Biomedical Sciences, Cedars-Sinai Medical Center, Los Angeles, CA, United States.
  • McLaughlin M; Division of General Medicine, Depart of Medicine, Cedars-Sinai Medical Center, Los Angeles, CA, United States.
  • Arora A; Enterprise Information Systems, Cedars-Sinai Medical Center, Los Angeles, CA, United States.
  • Burger A; Enterprise Information Systems, Cedars-Sinai Medical Center, Los Angeles, CA, United States.
  • Huang L; Enterprise Information Systems, Cedars-Sinai Medical Center, Los Angeles, CA, United States.
  • Huang SC; Enterprise Information Systems, Cedars-Sinai Medical Center, Los Angeles, CA, United States.
  • Goud A; Select Medical, Mechanicsburg, PA, United States.
  • Truong L; Enterprise Information Systems, Cedars-Sinai Medical Center, Los Angeles, CA, United States.
  • Rodriguez D; Enterprise Information Systems, Cedars-Sinai Medical Center, Los Angeles, CA, United States.
  • Roberts P; Enterprise Information Systems, Cedars-Sinai Medical Center, Los Angeles, CA, United States.
JMIR Form Res ; 6(1): e29647, 2022 Jan 27.
Article in English | MEDLINE | ID: covidwho-1662504
ABSTRACT

BACKGROUND:

Patient portals allow communication with clinicians, access to test results, appointments, etc, and generally requires another set of log-ins and passwords, which can become cumbersome, as patients often have records at multiple institutions. Social credentials (eg, Google and Facebook) are increasingly used as a federated identity to allow access and reduce the password burden. Single Federated Identity Log-in for Electronic health records (Single-FILE) is a real-world test of the feasibility and acceptability of federated social credentials for patients to access their electronic health records (EHRs) at multiple organizations with a single sign-on (SSO).

OBJECTIVE:

This study aims to deploy a federated identity system for health care in a real-world environment so patients can safely use a social identity to access their EHR data at multiple organizations. This will help identify barriers and inform guidance for the deployment of such systems.

METHODS:

Single-FILE allowed patients to pick a social identity (such as Google or Facebook) as a federated identity for multisite EHR patient portal access with an SSO. Binding the identity to the patient's EHR records was performed by confirming that the patient had a valid portal log-in and sending a one-time passcode to a telephone (SMS text message or voice) number retrieved from the EHR. This reduced the risk of stolen EHR portal credentials. For a real-world test, we recruited 8 patients and (or) their caregivers who had EHR data at 2 independent health care facilities, enrolled them into Single-FILE, and allowed them to use their social identity credentials to access their patient records. We used a short qualitative interview to assess their interest and use of a federated identity for SSO. Single-FILE was implemented as a web-based patient portal, although the concept can be readily implemented on a variety of mobile platforms.

RESULTS:

We interviewed the patients and their caregivers to assess their comfort levels with using a social identity for access. Patients noted that they appreciated only having to remember 1 log-in as part of Single-FILE and being able to sign up through Facebook.

CONCLUSIONS:

Our results indicate that from a technical perspective, a social identity can be used as a federated identity that is bound to a patient's EHR data. The one-time passcode sent to the patient's EHR phone number provided assurance that the binding is valid. The patients indicated that they were comfortable with using their social credentials instead of having to remember the log-in credentials for their EHR portal. Our experience will help inform the implementation of federated identity systems in health care in the United States.
Keywords

Full text: Available Collection: International databases Database: MEDLINE Type of study: Prognostic study / Qualitative research Language: English Journal: JMIR Form Res Year: 2022 Document Type: Article Affiliation country: 29647

Similar

MEDLINE

...
LILACS

LIS


Full text: Available Collection: International databases Database: MEDLINE Type of study: Prognostic study / Qualitative research Language: English Journal: JMIR Form Res Year: 2022 Document Type: Article Affiliation country: 29647