Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

New pilot opportunity: health records + federated identity = a better online experience

Say you’ve just had a procedure done at a hospital. This means new electronic medical records – but it likely also means a new account and yet another password to remember. When your healthcare team includes primary care physicians, dentists, allergists, and more, the number of accounts you have to remember can really add up. The same goes for providers – especially the doctors, nurses, technicians, and therapists who work in multiple healthcare settings. A cardiologist might see a patient on a regular basis in their office, then in a critical situation in the hospital, then again in follow-up office visits. Going back and forth with different credentials to check information can take valuable time and attention away from patient care. What if patients and providers could instead access medical records with one trusted credential? Today I’m thrilled to introduce our second solicitation for pilot funding of 2016, which focuses on streamlining the way that patients and providers access health information from different organizations online. We’re looking for a project that will pilot solutions to access health information that are privacy-enhancing, secure and resilient, interoperable, and cost-effective and easy-to-use. For this funding opportunity, we're looking to solve this problem through deployment of federated identity credentials in healthcare. Using the same credential across multiple healthcare providers can make life easier for users by simplifying and speeding up sign-in processes. For providers, making strides in the efficiency of accessing medical records means time and money saved – and, if done right, better outcomes for security and privacy. We're looking for projects that:
  • Pilot a federated credential solution in which at least two hospitals or regional healthcare systems accept a federated, verified identity that leverages multi-factor authentication and an effective identity proofing process.
  • Enable online access to at least two organizationally separate healthcare organizations.
  • Demonstrate that the federated credential solution aligns with the Identity Ecosystem Framework Requirements.
  • Allow for interoperability with other identity federations in the healthcare sector and, where possible, other sectors.
  • Include collecting metrics and other information about the implementation of the federated credential solution that can contribute to a best practices guidance document.
We are also excited to announce that we'll be collaborating with the Office of the National Coordinator for Health Information Technology at the U.S. Department of Health and Human Services (ONC), which will participate in the review of applications and provide technical support regarding implementation and operation of the pilot. As Rose-Marie Nsahlai, lead IT security specialist at ONC, said, “We are pleased to collaborate with NIST on this important federated identity pilot project. Reducing the number of siloed identity solutions using federated credentials aligns with the calls to action in ONC’s Shared Nationwide Interoperability Roadmap. The ease of use and convenience provided by a federated identity solution will help to accelerate clinician adoption of new digital health solutions. We look forward to seeing new ideas and solutions unfold and increased adoption of quality identity solutions in healthcare.” For this pilot solicitation, NIST anticipates funding one award in the range of $750,000 to $1,000,000 for eighteen months. To be eligible, all applicants must meet all of the following requirements:
  • Applicants must be hospitals or healthcare system consisting of multiple hospitals, ambulatory sites, clinics or similar healthcare facilities.
  • Applicants may be for-profit, not-for-profit or governmental (other than Federal government) entities located in the United States or its territories.
  • Applicants must partner with at least one other healthcare organization in their locality or region. The partner organization should have anticipated overlap with the applicant organization of patients, physicians, and other clinical staff, such as a physician practice group(s), clinic(s) and hospital(s).
  • The partner organization must be organizationally independent of the applicant and maintain a separate health information system from the applicant.
We don't intend this to be a standalone pilot project. The project partners must provide data on how they implemented the solution and how it performed, ultimately contributing to a jointly published document that can serve as a guide for other healthcare systems. We look forward to reviewing applications for this new pilot that strive to improve critical processes for patients and healthcare providers! The deadline to apply is: Wednesday, June 1, 2016, by 11:59 p.m. Eastern Time @NSTICnpo on Twitter


Add new comment

Enter the characters shown in the image.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Please be respectful when posting comments. We will post all comments without editing as long as they are appropriate for a public, family friendly website, are on topic and do not contain profanity, personal attacks, misleading or false information/accusations or promote specific commercial products, services or organizations. Comments that violate our comment policy or include links to non-government organizations/web pages will not be posted.