When Data Met Identity

My two favorite worlds – data and identity management – are predictably starting to collide in overt ways. Over the past decade, we’ve seen slow, but mostly steady, progress forward with a variety of identity management initiatives. The data world has moved exponentially faster and more explosively. As we grapple with the growth of personal data across an array of collection devices (including mobile devices) and storage mechanisms (including the cloud), identity management will be seen as the key fundamental enabler that it truly can be.

We live in a world of networked ecosystems. There will be two primary considerations for the maintaining the vibrancy of those ecosystems, and the communities, exchanges, and analytics that are done therein:

• the ability to uniquely establish an identity (for a wide variety of purposes, including ecommerce, health care, analytics, information sharing, banking, etc. etc.) and
• the ability to limit access to personal or sensitive data to only those with a legitimate need to access and use it

The ecosystems by nature have porous, extended boundaries. But many people belong to a variety of ecosystems, and the networked nature of the internet should allow us to glide effortlessly among these different environments. We’re not there yet, but technologies such as master data management and multi-factor authentication (among many) will help networked communities to thrive by creating trust, building interoperability across systems, promoting reliability and integrity, improving processes, and controlling security and privacy.

Beyond technologies however, strong governance processes and trust frameworks must be developed and implemented, to continue to foster the trust, privacy, and reliability of the system of systems.

Medical Apps and Identity Management

Wired.com recently ran an article discussing the impact and challenges of the mobile healthcare app market. Not only are doctors getting new apps to help them do their work, but there are hundreds of consumer medical apps available now.  In fact, just the other night, a friend gave me a very cool demo of a product called Up, from Jawbone (the maker of Jambox) which (directly from their website) “is the combination of a wristband and iPhone® app that tracks your activity and sleep and inspires you to move more, sleep better and eat smarter.”

One can easily envision the day when access to individual electronic medical records and images are available through an app, which is what the Wired.com story was suggesting. I personally, being a fairly frequent business traveler, as well as having moved several times in my adult life, would find this one-stop access to my medical records via a mobile device to be extremely useful.

However, what’s missing from this conversation is the concept of identity management (IdM) and privacy. While it’s fairly easy to envision how a controlled health information network environment can appropriately manage access to medical records, it’s a big leap to open that network up to anyone with a smart phone or iPad. This is where the burgeoning digital identity management ecosystem will make immediate impact.

When I try to access my electronic health records via my iPad, there are a number of assertions, authentications, and authorizations that will need to occur in order for the records to be released AND for the medical provider to be incompliance with HIPAA.  Technologies exist for this in both the master data management (identifying me uniquely and making sure it’s MY information that I receive) and IdM (digitally binding an identity token to me and accepting that token as a relying party for strong authentication and authorization to perform an electronic transaction) areas. The much harder work is on the supporting policy and process swim lanes to ensure the right controls and rules are in place to be enabled by the technology.

Lots of exciting work still to come over the next 5-10 years in this market!