From:	kepa.zubeldia@envoy.com
Sent:	Friday, February 12, 1999 10:54 PM
To:	Interop@afehct.org
Subject:	Proposal #2

Here is something else that comes out of the CA conference calls 
and it seems to be acceptable to all the participants as a 
consensus.  It is posted here to get feedback from the entire 
distribution list.

In order to prove one's identity to the level that third parties 
may accept it as proof of identity for a healthcare transaction, 
the registration process to obtain a digital certificate must be 
strict.  It would be preferable that the registration process be 
defensible in court if necessary. 

In certain cases the certificate will need to contain information 
about credentials of the subject (MD,RN,DDS,etc.) or ID numbers 
such as the NPI or PayerID.  In some cases the subject of the 
certificate will be a non-person entity instead of a human being.  
Neither of these cases (credentialed certs, entity certs) are 
considered in this proposal.  This proposal only covers certs for 
individual persons.

The assumption is that the cert is for a unique individual, 
regardless of the role they play or the access privileges they are 
granted. The cert does not grant any specific access privileges, 
but identifies an individual person.

Some individuals will want to list in the cert some non-identity 
information such as their street address or telephone number or 
email address.  Before this non-identity information can be 
included in the cert, they must be able to prove to the CA/RA that 
the information is correct.

To demonstrate an individual identity, the individual must show to 
the CA/RA two pieces of identity, one from list A and another from 
either list A or list B.  So, two pieces from list A would be OK, 
or one from each list.

List A: Passport, Driver's license, State issued picture ID, Alien 
Registration Card (I-551), or US military ID.

List B: Social Security Card, credit card, certified copy of the 
birth certificate, W2, 1099, paystub, or utility bill.

The CA/RA records the piece of identity from list A that was 
presented, including it's ID number, as part of the certificate 
registration process, but does not record the number from the piece 
of identity from list B, only uses it to verify the individual 
identity.  The CA/RA maintains its registration records 
confidential.

The registration function is assisted by a Notary Public that may 
be part of the CA/RA, or may be independent.  The subject 
requesting a certificate lists the identity documents in the 
certificate application and the Notary Public attests to the 
identity of the person listed in the certificate application and 
verifies its true identity.  The notary then notarizes the 
certificate application attesting that the identity has been 
verified.

This notarized certificate application serves as a legal proof that 
the certificate was requested by the person listed in it, and 
should protect the entire process under existing notarial law in 
all 50 states.  Under existing law, it is illegal to show a false 
identity to a Notary Public.

The notarized certificate application is filed by the CA/RA for as 
long as necessary.

In the case of a notary that is part of the RA itself, the notary 
can take the notarized application and use it to complete the 
registration process.  In the case of an independent notary, the 
notarized application is sent, preferably via USPS, to the CA/RA.  
There is also the possibility that this entire process could be 
conducted with digital signatures from the notaries, especially if 
the notary is also the RA, and make the certificate registration in 
one paperless step.  Or, if there is only one RA per state (we hope 
there will be many more) the application could be sent by mail.

There are several advantages in requiring that the certificate 
applications be notarized.  The process can be easily distributed, 
as there are notaries already in most healthcare settings.  It 
provides legal backing to the registration process, with a document 
that can be used in court if there is misrepresentation of 
identity.  It strengthens  the entire registration process. It 
adds very little or no cost in the healthcare market, compared with 
the benefits gained.

In addition, because the notary will be familiar with the 
environment, it is much more difficult to bypass the process.

In summary, the group felt that this solution is easily 
implementable in healthcare, low cost, easy to scale,and will 
provide a very strong registration process that leads to 
interoperability and cross certification.

There are other simpler models, such as the models currently used 
by some of the Internet CAs, but the group felt they do not provide 
a secure identification scheme usable to exchange healthcare 
information with assurance that you know who is the certificate 
holder.

As you can tell, if we agree on these two proposals, we will have 
achieved a significant step towards interoperability of a 
healthcare PKI. We will be working towards defining the 
identification requirements for "credentialed" individuals, and for 
non-person entities next week.  In the meantime, we want feedback 
from the group with improvements/changes that will work for 
everyone.

If you think this will NOT work for you, please state clearly why, 
and offer suggestions to correct the situation.  Thanks.

Kepa Zubeldia
ENVOY Corporation
Kepa.Zubeldia@envoy.com