Identity Proofing Clause Samples
Identity Proofing. Each Participant Member’s security policy shall require that Individual Users with whom it has a Direct Relationship be identity proofed at a minimum of IAL2 prior to issuance of access credentials by the Participant Member. The identity information may be supplemented by Participant Members acting as an authoritative source by using knowledge of the identity of the individuals in accordance with written policies and procedures. Such policies and procedures must be commensurate with the risk of incorrect identity proofing (e.g., procedures for applicants receiving credentials to access their medical information may be less rigorous than procedures used for applicants receiving credentials that can be used to access medical information on multiple patients). For example, IAL2 identity proofing for an applicant receiving credentials to access to his or her own medical information can be accomplished by any two of the following:
a) physical comparison to legal photographic identification cards such as driver’s licenses or passports, or employee or school identification badges;
b) comparison to information from an insurance card that has been validated with the issuer, (e.g., in an eligibility check within two days of the proofing event); and
c) comparison to information from an electronic health record (EHR) containing information entered from prior encounters. All personally identifiable information collected shall be limited to the minimum necessary to resolve a unique identity and the Participant Member shall not copy or retain such personally identifiable information.
Identity Proofing. Each QHIN’s security policy shall include the following identity proofing requirements:
(i) QHINs. Prior to the issuance of access credentials, each QHIN shall identity proof any staff or users at the QHIN who may initiate a QHIN Query or QHIN Message Delivery at a minimum of IAL2.
Identity Proofing. Prior to the issuance of access credentials, an Individual User shall be required to verify his or her identity at a minimum of IAL2 with the QHIN, Participant, or Participant Member to whom the Individual has a Direct Relationship.
Identity Proofing. Each Participant’s security policy shall include the following identity proofing requirements:
Identity Proofing. You certify that you are a duly licensed, registered, and authorized health care provider (or is employed by, or subject to the direction and control of, a duly licensed, registered and authorized health care provider); and that you have been identity-proofed and authenticated in accordance with industry standards to Surescripts’ reasonable satisfaction.
Identity Proofing a. Provider Organizations shall use reasonable and prudent means to validate an Applicant’s identity, and the Trust Agent’s identity, in accordance with applicable laws, policies, rules, and regulations (collectively, the “Rules”), which currently includes obtaining proof of identify for employees or workforce members.
b. Applicants whose identity has been verified by Provider Organization prior to the effective date of this Provider Organization Trust Agent Agreement through an existing identity verification procedure that complies with the requirements above do not require further verification or identity proofing.