Accessing Patient Electronic Health Record Portals Safely Using Social Credentials: Demonstration Pilot Study

BACKGROUND: Patient portals allow communication with clinicians, access to test results, appointments, etc, and generally requires another set of log-ins and passwords, which can become cumbersome, as patients often have records at multiple institutions. Social credentials (eg, Google and Facebook)...

Descripción completa

Detalles Bibliográficos
Autores principales: SooHoo, Spencer, Keller, Michelle S, Moyse, Harold, Robbins, Benjamin, McLaughlin, Matthew, Arora, Ajay, Burger, Abigail, Huang, Lilith, Huang, Shao-Chi, Goud, Anil, Truong, Lyna, Rodriguez, Donaldo, Roberts, Pamela
Formato: Online Artículo Texto
Lenguaje:English
Publicado: JMIR Publications 2022
Materias:
Original Paper
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8832271/
https://www.ncbi.nlm.nih.gov/pubmed/34762594
http://dx.doi.org/10.2196/29647
_version_ 1784648684442484736
author SooHoo, Spencer
Keller, Michelle S
Moyse, Harold
Robbins, Benjamin
McLaughlin, Matthew
Arora, Ajay
Burger, Abigail
Huang, Lilith
Huang, Shao-Chi
Goud, Anil
Truong, Lyna
Rodriguez, Donaldo
Roberts, Pamela
author_facet SooHoo, Spencer
Keller, Michelle S
Moyse, Harold
Robbins, Benjamin
McLaughlin, Matthew
Arora, Ajay
Burger, Abigail
Huang, Lilith
Huang, Shao-Chi
Goud, Anil
Truong, Lyna
Rodriguez, Donaldo
Roberts, Pamela
author_sort SooHoo, Spencer
collection PubMed
description BACKGROUND: Patient portals allow communication with clinicians, access to test results, appointments, etc, and generally requires another set of log-ins and passwords, which can become cumbersome, as patients often have records at multiple institutions. Social credentials (eg, Google and Facebook) are increasingly used as a federated identity to allow access and reduce the password burden. Single Federated Identity Log-in for Electronic health records (Single-FILE) is a real-world test of the feasibility and acceptability of federated social credentials for patients to access their electronic health records (EHRs) at multiple organizations with a single sign-on (SSO). OBJECTIVE: This study aims to deploy a federated identity system for health care in a real-world environment so patients can safely use a social identity to access their EHR data at multiple organizations. This will help identify barriers and inform guidance for the deployment of such systems. METHODS: Single-FILE allowed patients to pick a social identity (such as Google or Facebook) as a federated identity for multisite EHR patient portal access with an SSO. Binding the identity to the patient’s EHR records was performed by confirming that the patient had a valid portal log-in and sending a one-time passcode to a telephone (SMS text message or voice) number retrieved from the EHR. This reduced the risk of stolen EHR portal credentials. For a real-world test, we recruited 8 patients and (or) their caregivers who had EHR data at 2 independent health care facilities, enrolled them into Single-FILE, and allowed them to use their social identity credentials to access their patient records. We used a short qualitative interview to assess their interest and use of a federated identity for SSO. Single-FILE was implemented as a web-based patient portal, although the concept can be readily implemented on a variety of mobile platforms. RESULTS: We interviewed the patients and their caregivers to assess their comfort levels with using a social identity for access. Patients noted that they appreciated only having to remember 1 log-in as part of Single-FILE and being able to sign up through Facebook. CONCLUSIONS: Our results indicate that from a technical perspective, a social identity can be used as a federated identity that is bound to a patient’s EHR data. The one-time passcode sent to the patient’s EHR phone number provided assurance that the binding is valid. The patients indicated that they were comfortable with using their social credentials instead of having to remember the log-in credentials for their EHR portal. Our experience will help inform the implementation of federated identity systems in health care in the United States.
format Online
Article
Text
id pubmed-8832271
institution National Center for Biotechnology Information
language English
publishDate 2022
publisher JMIR Publications
record_format MEDLINE/PubMed
spelling pubmed-88322712022-03-07 Accessing Patient Electronic Health Record Portals Safely Using Social Credentials: Demonstration Pilot Study SooHoo, Spencer Keller, Michelle S Moyse, Harold Robbins, Benjamin McLaughlin, Matthew Arora, Ajay Burger, Abigail Huang, Lilith Huang, Shao-Chi Goud, Anil Truong, Lyna Rodriguez, Donaldo Roberts, Pamela JMIR Form Res Original Paper BACKGROUND: Patient portals allow communication with clinicians, access to test results, appointments, etc, and generally requires another set of log-ins and passwords, which can become cumbersome, as patients often have records at multiple institutions. Social credentials (eg, Google and Facebook) are increasingly used as a federated identity to allow access and reduce the password burden. Single Federated Identity Log-in for Electronic health records (Single-FILE) is a real-world test of the feasibility and acceptability of federated social credentials for patients to access their electronic health records (EHRs) at multiple organizations with a single sign-on (SSO). OBJECTIVE: This study aims to deploy a federated identity system for health care in a real-world environment so patients can safely use a social identity to access their EHR data at multiple organizations. This will help identify barriers and inform guidance for the deployment of such systems. METHODS: Single-FILE allowed patients to pick a social identity (such as Google or Facebook) as a federated identity for multisite EHR patient portal access with an SSO. Binding the identity to the patient’s EHR records was performed by confirming that the patient had a valid portal log-in and sending a one-time passcode to a telephone (SMS text message or voice) number retrieved from the EHR. This reduced the risk of stolen EHR portal credentials. For a real-world test, we recruited 8 patients and (or) their caregivers who had EHR data at 2 independent health care facilities, enrolled them into Single-FILE, and allowed them to use their social identity credentials to access their patient records. We used a short qualitative interview to assess their interest and use of a federated identity for SSO. Single-FILE was implemented as a web-based patient portal, although the concept can be readily implemented on a variety of mobile platforms. RESULTS: We interviewed the patients and their caregivers to assess their comfort levels with using a social identity for access. Patients noted that they appreciated only having to remember 1 log-in as part of Single-FILE and being able to sign up through Facebook. CONCLUSIONS: Our results indicate that from a technical perspective, a social identity can be used as a federated identity that is bound to a patient’s EHR data. The one-time passcode sent to the patient’s EHR phone number provided assurance that the binding is valid. The patients indicated that they were comfortable with using their social credentials instead of having to remember the log-in credentials for their EHR portal. Our experience will help inform the implementation of federated identity systems in health care in the United States. JMIR Publications 2022-01-27 /pmc/articles/PMC8832271/ /pubmed/34762594 http://dx.doi.org/10.2196/29647 Text en ©Spencer SooHoo, Michelle S Keller, Harold Moyse, Benjamin Robbins, Matthew McLaughlin, Ajay Arora, Abigail Burger, Lilith Huang, Shao-Chi Huang, Anil Goud, Lyna Truong, Donaldo Rodriguez, Pamela Roberts. Originally published in JMIR Formative Research (https://formative.jmir.org), 27.01.2022. https://creativecommons.org/licenses/by/4.0/This is an open-access article distributed under the terms of the Creative Commons Attribution License (https://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work, first published in JMIR Formative Research, is properly cited. The complete bibliographic information, a link to the original publication on https://formative.jmir.org, as well as this copyright and license information must be included.
spellingShingle Original Paper
SooHoo, Spencer
Keller, Michelle S
Moyse, Harold
Robbins, Benjamin
McLaughlin, Matthew
Arora, Ajay
Burger, Abigail
Huang, Lilith
Huang, Shao-Chi
Goud, Anil
Truong, Lyna
Rodriguez, Donaldo
Roberts, Pamela
Accessing Patient Electronic Health Record Portals Safely Using Social Credentials: Demonstration Pilot Study
title Accessing Patient Electronic Health Record Portals Safely Using Social Credentials: Demonstration Pilot Study
title_full Accessing Patient Electronic Health Record Portals Safely Using Social Credentials: Demonstration Pilot Study
title_fullStr Accessing Patient Electronic Health Record Portals Safely Using Social Credentials: Demonstration Pilot Study
title_full_unstemmed Accessing Patient Electronic Health Record Portals Safely Using Social Credentials: Demonstration Pilot Study
title_short Accessing Patient Electronic Health Record Portals Safely Using Social Credentials: Demonstration Pilot Study
title_sort accessing patient electronic health record portals safely using social credentials: demonstration pilot study
topic Original Paper
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8832271/
https://www.ncbi.nlm.nih.gov/pubmed/34762594
http://dx.doi.org/10.2196/29647
work_keys_str_mv AT soohoospencer accessingpatientelectronichealthrecordportalssafelyusingsocialcredentialsdemonstrationpilotstudy
AT kellermichelles accessingpatientelectronichealthrecordportalssafelyusingsocialcredentialsdemonstrationpilotstudy
AT moyseharold accessingpatientelectronichealthrecordportalssafelyusingsocialcredentialsdemonstrationpilotstudy
AT robbinsbenjamin accessingpatientelectronichealthrecordportalssafelyusingsocialcredentialsdemonstrationpilotstudy
AT mclaughlinmatthew accessingpatientelectronichealthrecordportalssafelyusingsocialcredentialsdemonstrationpilotstudy
AT aroraajay accessingpatientelectronichealthrecordportalssafelyusingsocialcredentialsdemonstrationpilotstudy
AT burgerabigail accessingpatientelectronichealthrecordportalssafelyusingsocialcredentialsdemonstrationpilotstudy
AT huanglilith accessingpatientelectronichealthrecordportalssafelyusingsocialcredentialsdemonstrationpilotstudy
AT huangshaochi accessingpatientelectronichealthrecordportalssafelyusingsocialcredentialsdemonstrationpilotstudy
AT goudanil accessingpatientelectronichealthrecordportalssafelyusingsocialcredentialsdemonstrationpilotstudy
AT truonglyna accessingpatientelectronichealthrecordportalssafelyusingsocialcredentialsdemonstrationpilotstudy
AT rodriguezdonaldo accessingpatientelectronichealthrecordportalssafelyusingsocialcredentialsdemonstrationpilotstudy
AT robertspamela accessingpatientelectronichealthrecordportalssafelyusingsocialcredentialsdemonstrationpilotstudy

Ejemplares similares