OpenID
I’ve had the opportunity to follow the development of OpenID and related technologies from afar for a couple years. Watching the good work of some friends who have developed ClaimID has opened my eyes to what the hurdles are in keeping a unique identity as we move more and more digital.
Here’s the problem: Identity on the web can be nefarious at best. An email address is at its heart temporary and often not the only unique email one person might have. Who hasn’t either contemplated or actually dumped an email address after a particularly bad week of spam? Identities are also defined online by the many services and sites we might have a login for. Yet these are usually different IDs - we can’t be sure of a person’s identity by looking at various accounts.
ClaimID is a great example of a way to combat this by allowing a person to manage their online identity themselves. Further, they are doing so by using the very simple and elegant OpenID protocol. The concept of OpenID being that we have a unique identity which allows us to log in to various services and sites with one single ID by allowing the services to retrieve credentials from a trusted identity provider of the user’s choosing. This last part being key: “of the user’s choosing”.
OpenID is still very much in a phase where, although it is being adopted by some well known services, it is still in roll-out. Although this means we can’t use our OpenIDs in many places yet, the tools for developers to add OpenID support are available and ready for use.
This could be very important for our work here at IntraHealth. This week there have been a couple of different projects plans come up which have made me think about how we could use OpenID. In both cases it comes down to patient records and tracking. The thought of such use in places like Uganda has made me step back and wonder why this type of implementation hasn’t been talked about much in Western medical records and services development. Perhaps it has and I have missed it, nonetheless I do feel like a tool like OpenID could present the beginnings of the type of security which is needed to provide patients and health care givers records online or on handheld devices.
The trick here is creating the trusted identity provider. In the case of the Ugandan projects we could propose that the Ministry of Health become a trusted provider for a Ugandan citizens “Medical ID”. This ID could then be used on the already growing list of servers and applications which have to have unique identifiers for their patients. The same system could also be used to identify health workers as they pass from systems like iHRIS Qualify to a training center’s application - therefore more easily (and automatically) updating either system’s records on what type of training the health worker has completed. The beauty of the OpenID process is that, if implemented correctly, it allows the patient or worker to be in charge of their own identity and who they trust with the creation and storage of that identity. As long as we keep them first in any design, they win.
