Later this summer the Niagara Health regional authority will launch a mobile medical app which will eventually let area residents access their health records online.
Called Niagara Health Navigator, the launch version will have modest functionality: The ability to get current emergency room wait times, news and social media feeds from the Southern Ontario region’s 12 hospitals and clinics, and the ability to leave a thank-you to a health care worker.
But eventually, after the authority finalizes a privacy/identity/consent infrastructure and governance policies, patients could use Navigator to book medical appointments, have a private chat with a health care provider and access their health records kept by doctor and area hospitals.
The app, created by a Toronto identity management firm called Identos and nCipher Security, is one of five that came out of an Ontario government digital challenge program, several of which were demonstrated this week in Toronto at the annual IdentityNorth conference identity and access management professionals.
Navigator is also a reflection of the work done by the Digital ID and Authentication Council of Canada (DIACC), which is drafting a Pan-Canadian Trust Framework for public and private sector organizations to safely authorize access to and exchange sensitive data with each other and citizens.
This week DIACC released a proposed version 1.0 of a model for how the framework will be built. When finalized it will be used by developers of digital identity solutions.
Experts say solving problems of digital identity of users is key to taking advantage of the digital economy in ways only the imagination will limit.
One vendor at the conference showed how a mobile app could be used to buy cannabis online (after all, age has to be verified), while another showed how an app could be used to quickly rent a car.
It’s expected that many private sector solutions may need the participation of governments because they have identification documents — like drivers’ licences — for verifying things like age, or who you are.
So, for example, several of the solutions demonstrated require users to take a photo of their drivers’ licence (front and back, where there is digitally-encoded information), plus a selfie,
It’s not just Canadians who will want to access data from organizations here. They may want to open a business or get a loan online in any nation. So in addition to DIAC, other countries and standards bodies are also looking at issues of digital identity and interoperability.
To some degree organizations — particularly governments, as repositories of some of the most sensitive data — are waiting for the DIACC Framework to be finalized before initiating projects. Others, like Niagara Health and application developers, are already pushing ahead to explore the possibilities and using early drafts of the framework and best practices published by DIACC to guide their efforts.
One Canadian bank official interviewed on the sidelines of the IndentityNorth conference, said not having the framework finalized yet isn’t slowing his institution’s data exchange projects. But he admitted there’s a risk one province may decide on an approach different enough that the bank may have to tweak its apps or strategy.
In an interview during the conference, DIACCC president Joni Brennan said the model released this week capitalizes on almost a dozen documents on Framework components released so far.
“The model identifies different types of participants in identity transactions and sets interoperability guidance in terms of what kinds of technologies to use depending on the risks of the transaction, what kinds of consent and notice and things like that are needed from a privacy perspective,” she said.
“It’s a high-level architecture, and how it is implemented will depend on the context. If you’re in the financial sector, for example, you may have to comply with your regulatory rules.”
The Framework also points to where authentication standards like FIDO or OpenID Connect would be appropriate for certain transactions.
Ultimately, the Framework will become more important when governments issue digital versions of identity we use today like drivers’ licences and health cards. These digital IDs, perhaps stored in digital wallets in smart phones, will be used across a wide range of networks and applications.
DIACC hopes to put drafts of the entire Framework by the end of this year with a final first version 12 months from now.
DIACC is a partnership between Ottawa, provincial governments and the private sector. Among those on its board are officials from Telus, SecureKey, Interac, Desjardins Cards Services, CIBC, TD Bank, Bank of Montreal, ForgeRock and PwC.
The solution Identos created was one of the five finalist apps that came out of a 2017 Ontario challenge competition for small firms to create digital identity solutions that interact with government services that could be commercialized. In addition to Identos, two other finalists presented solutions at IdentityNorth.
—2Keys Corp., another Ottawa firm, demonstrated its proof of concept digital wallet that could be used, for example, to prove a person is of age when buying cannabis or liquor. In its vision, a store would have a QR code a user’s mobile device would scan to open an app for age verification. The user approves showing a screen that verifies the device owner is who they say they are, and they are above the legal age for purchasing product.
The other finalists were Simeio Solutions Canada Inc. and Nuco Inc.
One of the requirements of the contest was that solutions had to take into consideration the proposed principles of the DIAC Pan Canadian Trust Framework.
According to Identos president Mike Cook, his company used the digital wallet it built for the competition to create Navigator after Niagara Health put out a request for proposals in 2018 for an app.
In an interview Niagara Health CIO Sime Pavlovi said the heart of Navigator is creating a federated privacy exchange with Identos. He’s looking forward to the final approved version of the framework.
“As the DIACC community keeps evolving their processes, those are best practices we’ll leverage in our solution. As other organizations also align to these standards integration [with them] becomes so much easier, and you get true interoperability in a secure and trusted model.”
As for Navigator, he’s eagerly looking forward to the upcoming launch. “We’re a hospital system in a peninsula. We refer very little outside of our five hospitals. Patients are trying to navigate the systems themselves — whether primary care, long-term care, acute. And it isn’t as seamless as they want it to be. I strongly feel that Navigator will help our community navigate not only Niagara Health but also all our partners in the region.”