Conmergence

“One of the biggest obstacles to progress in developing an interoperable national health information network remains reaching agreement on how to correctly match medical information to patients while guarding their privacy,” says Scott Wallace, the Alliance’s president and CEO. “It is time to come to consensus on this issue so we can move forward on a system that will help transform healthcare in America.”

Led by its Technology Leadership and Policy Committees, the Alliance has concluded that the current statistical process for matching patients to their records based on such attributes as name, address and birth date is too unreliable. The Alliance has been focusing on the issue of patient identification for three years, including holding forums, reviewing research and gathering input from a range of experts, including some of its members.

“Outside of carefully controlled pilots, accuracy for the current process is roughly 90 percent, based on our collective experience and industry estimates,” says Tom Doyle, Vice President and Chief Architect for HCA and a member of the Alliance’s Technology Leadership Committee. “That margin of error will only widen as it is applied to ever-larger populations.”

A system of unique identifiers would not only make medical information much more complete and accurate but more private and secure. An identifier’s single-use status, protected in a closed loop among participating providers and patients, reveals nothing about the person—it has no street value. That is in stark contrast to the existing process-of-elimination formula, which becomes more accurate as more types of information about a person are added but simultaneously increases the risk of identity theft.

Voluntary unique identifiers also put control in the hands of the patients. “We believe it is in the best interests of consumers to be able to collect, track and manage their personal information,” says Michael Kappel, Senior Vice President, Government Strategy and Relations for McKesson Provider Technologies, and Chair of the Alliance’s Policy Committee. “Unique identifiers can help make this effort more comprehensive and reliable while allowing people to decide who else has access to their health records without worrying about incomplete information or identification mix-ups.”

As part of the consensus-building process, the Alliance is soliciting input and comments on unique patient identifiers on its web site at www.nahit.org .

About the Alliance
The National Alliance for Health Information Technology is a diverse partnership of senior executives from all healthcare sectors working to advance the adoption of clinical information technology systems to achieve measurable improvements in patient safety, quality of care and operating performance. The Alliance collaborates with healthcare and government leaders to influence healthcare decision-makers to act effectively in creating an efficient, safe, unified, and inclusive health system possible. Since its founding in 2002, the Chicago-based Alliance has helped forge consensus and accelerate progress on such important initiatives as developing an industry-endorsed interoperability definition, creating a public directory of health IT standards and authoring Rules of Engagement: A proven path for instilling, and then installing a CPOE approach that works. The Alliance is a co-founder of the Certification Commission for Health Information Technology (CCHIT) and its CEO chaired the Commission on Systemic Interoperability (CSI). More information about the Alliance is available at www.nahit.org .

Contact:
Lois Padovani
Padovani Communications
630-241-1430
l.padovani@comcast.net

August 12, 2007 By KEITH BRADSHER, nytimes.com

...Starting this month in a port neighborhood and then spreading across Shenzhen, a city of 12.4 million people, residency cards fitted with powerful computer chips programmed by the same company will be issued to most citizens.

Data on the chip will include not just the citizen’s name and address but also work history, educational background, religion, ethnicity, police record, medical insurance status and landlord’s phone number. Even personal reproductive history will be included, for enforcement of China’s controversial “one child” policy. Plans are being studied to add credit histories, subway travel payments and small purchases charged to the card.

...The Chinese government has ordered all large cities to apply technology to police work and to issue high-tech residency cards to 150 million people who have moved to a city but not yet acquired permanent residency.

...“If they do not get the permanent card, they cannot live here, they cannot get government benefits, and that is a way for the government to control the population in the future,” said Michael Lin, the vice president for investor relations at China Public Security Technology, the company providing the technology.

here. Christian Scholz posted the following:

Simon Willison gave this year’s first keynote at the EuroPython 2007 in Vilnius, Lithuania. He did not talk that much about Python this time but instead about OpenID and how it might change how we use the web in the future. He was also encouraging esp. framework developers to include OpenID support in their frameworks (as a sidenote, Plone 3 will ship with OpenID support and just got the bounty from the OpenID foundation).

Jun 1, 2007 By David Jastrow, speechtechmag.onlineinc.com

Prevailing security methods used to protect against identity theft are losing ground to fraudsters. In fact, the total cost of identity fraud in the United States in 2006 reached $56.6 billion, up 6.4 percent from $53.2 billion three years earlier, according to the 2006 Identity Fraud Survey Report from Javelin Strategy and the Better Business Bureau. What’s more, mean resolution time for these cases has risen to 40 hours and costs $6,383 per person, up from 33 hours and $5,249 per person three years ago, according to the same report.
 
The overwhelming damage to organizations forced the government to step in. New laws designed to protect people from identify theft, such as the Bank Secrecy Act, are requiring higher levels of user authentication for financial transactions.

Justen Stepka, The ServerSide.com

What is OpenID?
OpenID is an open, decentralized, open-source framework for user-centric digital identity.

Think about all the accounts you have online: blogs, wikis, to-do lists, photo galleries. The list is endless. Even simple tasks such as leaving comments on someone else's blog may require you to register an account with that particular blogging system. This leaves you, as an end user, to set up and manage numerous accounts on each of these sites. With OpenID, rather than managing all these disparate accounts individually, users can manage their identity in one place via an authentication server.

SMi's Contactless Cards Conference will bring together leading industry players to discuss the latest opportunities and challenges within the market focusing on advanced transport systems, operator networks, payment applications, passports and IDs.

After the two-day event Consult Hyperion will also be holding a half-day interactive workshop - ?1+1 = 3? Contactless + Mobile = Something Special which will look at the question: Is the hype around NFC and mobile phones justified? The workshop will attempt to answer this question based on practical experiences developing NFC applications for clients in the finance, transport, telecommunications and technology sectors, while simultaneously acting as a mobile/NFC boot camp. For more information and to download the full conference programme visit:
www.smi-online.co.uk/2007contactlesscards11.asp

Companies already attending include:

Advanta National Bank USA, Alliance & Leicester, Bankalararasi Kart Merkezi, Bayern Card Services, DnB NOR, EDS, Elavon Merchant Services, ESP Systex, Euromonitor International, GMPTE, Komercní banka, MasterCard Worldwide, Tatra Banka AS, Thales Telecom Services, Trans Link Systems B.V... and many more

here. And it's sister war here. Meanwhile, in the UK [2].

The Smart Card Alliance Passport Card Final Response

Dec 26, 2006 By Theo Francis, WSJ.com

After her fiancé died suddenly, Patricia Galvin left New York for San Francisco in 1996 and took a job as a tax lawyer for a large law firm. A few years later, she began confiding to a psychologist at Stanford Hospital & Clinics about her relationships with family, friends and co-workers.

Then, in 2001, she was rear-ended at a red light. When she later sought disability benefits for chronic back pain, her insurer turned her down, citing information contained in her psychologist's notes. The notes, her insurer maintained, showed she wasn't too injured to work.

Ms. Galvin, 51 years old, was appalled. It wasn't just that she believed her insurer misinterpreted the notes. Her therapist, she says, had assured her the records from her sessions would remain confidential.

As the health-care industry embraces electronic record-keeping, millions of pages of old documents are being scanned into computers across the country. The goal is to make patient records more complete and readily available for diagnosis, treatment and claims-payment purposes. But the move has kindled patient concern about who might gain access to sensitive medical files -- data that now can be transmitted with the click of a computer mouse.

The U.S. Department of Health and Human Services implemented standards in 2003 for guarding patient privacy, supplementing a patchwork of state laws. The federal standards, which grew out of the 1996 Health Insurance Portability and Accountability Act, single out psychotherapy notes for extra protection.

Critics claim that loopholes in the rules have left patient privacy under threat. Ms. Galvin, for example, discovered that when psychotherapy notes are mixed in with general medical records, the federal rules afford them no special protection. That is precisely what happened with her records at Stanford, she says.

"Oracle Launches Open Identity Protection Project," CIO India

Oracle Corp., working with other technology vendors, has launched an open-framework initiative to develop software to protect identity-related employee, customer and partner information, the company said Wednesday. Oracle is inviting technology vendors and customers to review plans for the Identity Governance Framework (IGF) and contribute to key draft specifications, the company said in a news release.

Five technology vendors, including CA Inc., Sun Microsystems Inc. and Novell Inc., have already reviewed a draft of the framework and plan to work with Oracle to develop full specifications, Oracle said.

The project, based on XML (Extensible Markup Language), comes as security vendors look for ways to help businesses and government agencies avoid adding to a rash of security breaches during the past two years. Oracle rolled out a piece of its own identity management software suite, called Oracle Identity Manager 10g R3, in May.

IGF will be designed to protect identity information as it flows across several applications, the company said. Identity-related information is often embedded in numerous applications across organizations, placing the information at risk and creating potential privacy violations, Oracle said.

The goal of IGF will be to establish a standard way of defining organization-wide policies to share sensitive personal information securely between applications, Oracle said.

Monya's "Federal Workgroup Releases Guidelines for Verifying Patient Identities" here. Health Management Technology reports in "AHIC Forms Group to Consider Standards for Incorporating Genetic Data in EMRs" that at "the behest of HHS Secretary Mike Leavitt, the American Health Information Community formed a work group to consider standards by which genomic data could be included in EMRs. "

Presentations available online here.

NIST Administration Building, Gaithersburg, MD

Keynote Address:

Michael O. Leavitt (confirmed)
Secretary, U.S. Department of Health and Human Services

Carlos M. Gutierrez (invited)
Secretary, U.S. Department of Commerce

Craig R. Barrett (confirmed)
Chairman of the Board, Intel Corporation

Just Announced...

Keynote Address (Day Two):
Mike Magee, MD, Director, Pfizer Medical Humanities Initiative and Vice President, Science and Medical Advocacy, Pfizer Inc. (confirmed)

This is a unique opportunity where government and industry will come together to chart a path toward a far-reaching vision for connected, home-based health technologies through public-private partnerships.

Five session topics will cover today's interoperability issues, such as:

• Market Drivers and Societal Issues
• Technology Gaps and Barriers Networked, Interoperable Solutions
• Device Standardization and Interoperability of Equipment
• EHR and PHR Standards as a Foundation for Future Digital Healthcare Systems

Register Today!
Register online now. The registration fee is $195 and includes meals, summit materials, and transportation to and from the NIST facilities to the Gaithersburg Holiday Inn.

Hotel and Travel
Reserve a hotel room at the Gaithersburg Holiday Inn. A limited number of rooms are available for the rate of $104 per night. Book online or call (301) 948-8900 to make your reservation . Please refer to the "NIST/Moving Toward Interoperability Workshop" room block. The group booking code is MTI.

Posters and Case Studies
Interact with researchers at universities, companies and government on technologies to support our aging population during our poster networking session.

Questions?
Contact Rebecca Scritchfield
E-mail: rscritchfield@agingtech.org
Tel: (202) 508-9416
Official Event Web site: http://www.itl.nist.gov/Healthcare%20Summit/intro.htm

Who Should Attend
Technology Researchers and Developers
Healthcare and Aging Services Providers
Government Agency Representatives
Healthcare Product Vendors
Company Executives
Standards Development Organizations
Associations
Consumer Organizations

Companies, government, and consumers are developing partnerships to address the challenges of the coming "age wave". Through the application of consumer-directed technologies, opportunities exist to empower individuals to take charge of their own health care and maintain independence.

To achieve this vision, our country must advance the development of new technologies and ensure the interoperability of these devices. To help explore the best way to enable the vision of connected home-based health delivery, Center for Aging Services Technologies, the Department of Commerce's Technology Administration and National Institute of Standards and Technology have come together as partners to host a National Summit to identify issues around the needs and challenges to make interoperability a reality. Recommendations from the Summit will drive needed public and private sector action.

Co-Sponsored by:
Center for Aging Services Technologies (CAST)
U.S. Department of Commerce's National Institute of Standards and Technology (NIST)
U.S. Department of Commerce's Technology Administration (TA)

For more information about this Summit, visit the official website at http://www.itl.nist.gov/Healthcare%20Summit/intro.htm

10/19/2006, "Proposed Passport Card with RFID Technology Bad News for Privacy and Security, Says Smart Card Alliance"

Using the long read range radio frequency identification (RFID) technology the Department of Homeland Security (DHS) and State Department are proposing for passport cards will do little to increase the security of the nation's borders, and opens up possibilities that U.S. citizens could be tracked, the Smart Card Alliance said today. The Alliance contends that a more privacy sensitive and secure passport card solution using the same contactless smart card technology found in the new electronic passports (ePassports) can improve border security without causing delays at crossings.

“Using long range RFID technology is a major step backwards for government-issued identity credentials,” said Randy Vanderhoof, executive director of the Smart Card Alliance. “These RFID tags simply don’t have the security features necessary to protect the border and also maintain citizen privacy.

“The stated goal of the passport card program is to help secure the border without compromising citizen privacy or efficiency at the border crossing. The only proven technology that meets all of these objectives is the contactless smart card technology that is used in the ePassport. This would achieve the objective of a faster, more secure means for tens of millions of citizens to cross back into our borders from land and sea, while still protecting the security and privacy of individuals,” concluded Vanderhoof.

Part of the Western Hemisphere Travel Initiative (WHTI), the proposed passport card is an option that can be used instead of a regular passport book when U.S. citizens are re-entering the United States from Mexico, Canada and the Caribbean at land and sea entry points. Today, only about 25 percent of U.S. citizens carry passports. The Department of State has announced that the proposed passport card will use long range RFID technology that conforms to ISO/IEC 18000-6, Type C, "Radio frequency identification for item management -- Part 6.” This standard, published by ISO in July 2006, is based on the EPC Gen 2 Class 1 UHF standard developed by EPCglobal. EPCglobal is the organization working to develop standards for the Electronic Product Code™ (EPCs) to support the use of RFID in the supply chain environment. According to the State Department Federal Register notice, machines at border crossings would read information on the RFID tag and link the passport card to a secure U.S. government database containing biographical data and a photograph. While the RFID tag in the card itself would not hold any personal information, each card will transmit a unique reference number that can be read from up to 20 feet away.

Monday, August 28, 2006, By Griff Witte, "Unlocking Fingerprints", Washington Post

Plan for Enhanced Federal IDs Could Open Door to a Biometrics Boom

The technology has been the stuff of movies for years: A secret agent runs his fingertip and an encrypted ID card over a pair of sensors. There's a match, and the door swings open.

In the coming months, a wave of government initiatives could start making such high-tech methods of identification commonplace -- beginning with the replacement this fall of federal employee IDs. Similar cards are planned for transportation workers, first responders and visitors to the United States.

Packed with biometric data such as fingerprints and containing a computer chip with room to expand the amount of information stored, the new IDs represent a potential boon to technology companies eyeing an estimated $8 billion in identity-related contracts. Firms such as BearingPoint Inc. and Lockheed Martin Corp. have set up showcase identity labs, pulling technology from different companies into turnkey operations. Hundreds of smaller companies, down to manufacturers of plastic cards, are vying for part of the market.

The biggest business opportunity still looms: Driver's licenses, which are due for a retooling under new federal laws.

"When you're talking about credentialing the federal workforce and contractors, you're talking about maybe 10 million people. When you're talking first responders, you're at 20, 30 or 40 million people," said Thomas Greco, a vice president at Herndon-based Cybertrust Inc. "But when you're talking credentialing all registered drivers in the United States, you're up to hundreds of millions of people. Nobody is losing sight of that."

# # # #

Meanwhile...

Monday 28th August 2006, "Oz ID card database racked by identity fraud claims", By OUT-LAW.COM

Australia's identity card system was routinely searched for personal reasons by government agency employees, some of whom have been sacked.

Police are now investigating allegations of identity fraud resulting from the security breaches.

There were 790 security breaches at government agency Centrepoint involving 600 staff. Staff were found to have inappropriately accessed databases containing citizens' information. The databases are part of a massive federal Government smart card project which will link medical, welfare, tax and other personal data on Australia's 17m citizens.

In total, 19 Centrepoint employees have been sacked and 92 others have resigned. Police are conducting investigations into five employees, they said.

The "old" form factor  (Australia), the new, a parallel traveling development and a healthcare version. And another healthcare approach.

CHICAGO, Ill. and ANN ARBOR, Mich. - August 1, 2006 – The Healthcare Information and Management Systems Society (HIMSS) and Internet2 announced today that the two organizations have created a partnership to explore the development of a secure, reliable and advanced networking solution for the transmission of medical information, messages and images throughout the broad healthcare industry.

The two organizations are exploring a new network designed to offer the health sciences and healthcare sectors a private and secure medium for exchanging health information. A next-generation architecture built to meet federal regulatory requirements, this new network may also have value to offer in the work of the Nationwide Health Information Network (NHIN).

This ground-breaking collaboration is a natural extension for both not-for-profit organizations. Through a membership of 20,000 individuals, 45 chapters, and more than 300 corporations representing millions of employees, the HIMSS mission focuses on the betterment of healthcare through the most effective use of information technology and management systems. Internet2, the U.S. ’s advanced networking consortium led by 208 U.S. university members in partnership with over 100 industry and government members, works to develop and deploy advanced networks, applications and resources.

“HIMSS and our members look forward to this collaboration with Internet2,” said H. Stephen Lieber, HIMSS president/CEO. “The synergies between HIMSS and Internet2 brought our organizations together to consider and evaluate the feasibility of establishing a network that would meet the evolving needs of the biomedical and healthcare delivery community.”

Since 1999, Internet2 has operated an advanced nationwide network that supports leading-edge Internet technology development for the research and academic community. Internet2 recently announced a major upgrade to this network to provide members 10 times the capacity and speed of its current infrastructure. In addition, the Internet2 community has successfully developed important middleware technologies to address critical issues in authentication and authorization in order to enable active privacy management. Through this partnership, HIMSS and the Internet2 community will work closely together to leverage these leading-edge technologies to explore development of brand new capabilities that meet the specific security and privacy needs of the healthcare industry.

“The research and education community has long understood the potential for leveraging advanced Internet technology to enhance the healthcare industry’s ability to serve the public’s needs, to improve the flow of information for research, to streamline care processes and to enable cost savings,” said Douglas Van Houweling, Internet2 president and CEO. “Our partnership with the HIMSS community is a major step forward in realizing this vision. Together we will work to create a new state-of-the-art platform for biomedical research, education and clinical practice on a national scale.”

Through the partnership, four working groups have been established to explore the requirements and capabilities needed to create an advanced medical network during the next year. HIMSS and Internet2 will join each other’s organizations. Members of both organizations will also join each of the four working groups, which include:

Identity Management that will allow the identification and authentication of individuals regardless of their physical location.

Privacy & Security that will focus on the tools and techniques that will assure the privacy and security of the information that travels on the network.

Biomedical (Health Sciences and Healthcare) Education that will focus on meeting the unique needs and accessing the resources required for biomedical education.

Telehealth that will focus on the implications for clinical practice when a reliable advanced network is available.

In addition, members of both organizations will work for the development and implementation of the network with other partnerships and collaborations, including Integrating the Healthcare Enterprise (IHE).

"We have consistently said that public trust in a network that uses personally-identifiable information can only be achieved if government-wide guidelines for information sharing and privacy protection are established after open public debate," said Zoe Baird, co-chair of the Task Force and President of the Markle Foundation.

... To help implement a trusted information sharing environment, the Task Force recommends the adoption of:

• An "authorized use" standard to determine who should have access to information the government has lawfully collected based on the use to which they will put the information rather than its place of collection. "The borderless nature of the threat has rendered unworkable some of the old rules on sharing lawfully collected information. Under the authorized use approach we propose, each agency can get the information it needs to pursue a clearly articulated mission, subject to auditing to ensure accountability and protect privacy," says Jim Dempsey of the Center for Democracy and Technology and a member of the Task Force. The rules for the authorized use standard should be developed through open public debate. The current outdated standards for sharing and accessing information based on nationality and place of collection have caused confusion and in some cases produced a rigidity that impedes desirable information sharing without protecting civil liberties. The Task Force recommends an "authorized use" standard based on well-defined missions for participants in the information sharing environment.


• A "risk management" approach to classification that better balances the risks of inappropriate disclosure with the risks of failing to share information. Current classification procedures are frequently a barrier to effective information sharing because they overemphasize the risks of inadvertent disclosure over those of failure to share information. To avoid this situation, the Task force recommends a new risk management approach to classification that gives adequate weight to the risks of not sharing information.


• Clear guidelines for sharing information while protecting civil liberties. "Government-wide policies, processes and guidelines that facilitate information sharing and provide trust by empowering and constraining users should be developed as well as the technology solution we have suggested," says Bill Crowell of the Task Force. "The guidelines should clarify agency missions and address the requisite security, civil liberties and privacy protections." Every government agency and department should know and understand the rules of information sharing - not only to improve our anti-terror efforts but also to provide a standard to measure success and ensure accountability.


• Technology that facilitates sharing while protecting security and privacy. The Task Force calls for the continued development and use of technology to connect people in ways that improve trust among government officials and the public. Technology exists that can improve data sharing, enhance security, as well as facilitate privacy and accountability.


• An effective dispute resolution process. Even with clear and consistent guidelines for information sharing, disputes will inevitably arise over decisions not to share information. The Task Force recommends the creation of a systematic, workable, efficient process to resolve these disputes. The recommendations address disputes about dissemination and retention, accuracy and correction, as well as broader disagreements about access to and use of databases and categories of information.


• A new Information Sharing Institute. The Institute could make operational and professional expertise available beyond that of individuals working in any particular government agency, department, or contractor. This Institute would provide a mechanism to identify and distribute best practices, and to apply technologies available in other sectors. It should have the full and active participation of organizations from federal, state, and local governments as well as the private sector.

Members of the OASISinternational standards consortium are developing a standard for invoking biometrics-based identity assurance using Web services and service oriented architectures (SOA). The new OASIS Biometric Identity Assurance Services (BIAS ) Integration Technical Committee will complement the efforts of the InterNational Committee for Information Technology Standards (INCITS), a standards development organization accredited by the American National Standards Institute (ANSI). Where INCITS is working to define the taxonomy of functions that form a framework for deploying identity assurance in the biometrics and security industries, OASIS will define the methods and bindings by which that framework can be used within XML-based transactional services. The two companion standards are expected to reference one another.

"We expect that the INCITS and OASIS initiatives will inform and improve on one another," noted Karen Higgenbottom, chair of the INCITS executive board, which also serves as ANSI's Technical Advisory Group for ISO/IEC Joint Technical Committee 1. "BIAS should significantly increase the opportunities for implementing biometric functions in XML-based systems. Likewise, current SOA methods for exchanging information and transactions data may provide useful parameters and patterns for the broader application of BIAS data in the security industry."

"Biometric systems are becoming more complex as they are integrated into larger identity management and credentialing systems," observed Catherine Tilton of Daon, chair of the OASIS BIAS Integration Technical Committee. "At the same time, there is a growing need for data sharing and reuse of resources and services within and across organizations. Today, custom built, proprietary solutions are the only option. The availability of a standard biometric services interface will allow systems to be implemented on an open architecture and provide users with greater choice in products and services."

"This project represents complementary development efforts between OASIS and INCITS, and we hope it will serve as a model for future collaboration," stated James Bryce Clark, director of standards development at OASIS. "It offers a compelling opportunity for existing SOA and XML security technologies to more broadly consume biometric technologies."

The new committee members foresee their work leveraging a variety of security, Web services, and SOA standards developed at OASIS, including WS-Security. In addition, vertical industry efforts that require secure identification and authentication may make use of the BIAS effort. It may also influence work produced by other standards bodies, biometrics research groups, SOA architects, vendors and users.

By Richard D. Walton, richard.walton@indystar.com, Indystar.com

If you're planning to vote in the May 2 primary, you'll have to show a state or federally issued photo ID.

On Friday, U.S. District Judge Sarah Evans Barker upheld Indiana's stringent voter-identification law. Barker said plaintiffs, including the Indiana Democratic Party, failed to back up their contention that the ID law is unduly burdensome and would keep many people from casting ballots.

Barker wrote in her 126-page opinion that the opponents' arguments would require "the invalidation" not only of the photo ID statute, "but of significant portions of Indiana's election code which have previously passed Constitutional muster."
A number of states require photo identification for voters, but Indiana's law is considered among the most stringent because it offers few exceptions to the requirement.

The Democratic Party and the American Civil Liberties Union of Indiana, a co-plaintiff, had argued that the law -- passed by the Republican-led legislature in 2005 to prevent voter fraud -- would particularly affect the elderly, minorities and people with disabilities.

They would bear the cost of obtaining the documentation needed to get state-issued ID cards, plaintiffs said, arguing that having to spend money to vote was the modern-day equivalent of the "poll tax" -- the Jim Crow-era method of keeping black people from voting.

But Barker wrote: "Despite apocalyptic assertions of wholesale voter disenfranchisement, plaintiffs have produced not a single piece of evidence of any identifiable registered voter who would be prevented from voting" because of the statute.
The judge had particular scorn for a report prepared by an expert hired by the Democrats that said 989,000 registered voters in Indiana do not possess a BMV-issued driver's license or photo ID.
Barker said she did not consider the report in her determination because she viewed the analysis and conclusions as "utterly incredible and unreliable."

April 10, 2006 by Rob Roberts, Staff Writer, Kansas City Business Journal

U.S. Sen. Sam Brownback, R-Kansas, said Tuesday that he will propose legislation to allow Americans to carry their electronic health records with them "in debit-card fashion."

Brownback detailed his proposal for "an independent health care record banking system" during an appearance at the North Kansas City headquarters of health care technology vendor Cerner Corp.

Cerner President Trace Devanny said that the system will rely on the success of federal efforts to establish standards for the exchange of health care information. Once that occurs, he said, Cerner (Nasdaq: CERN) will "absolutely" participate as a provider of the service.

April 10, 2006 by Lauren Wilbert, Staff Writer, Minneapolis/St. Paul Business Journal

Digital Angel Corp. said Monday that the U.S. Patent and Trademark Office awarded the medical technology company with a patent for Bio-Thermo implantable microchips, which can monitor temperatures in animals.

... Patents covering the same bio-thermo technology are pending in several other countries. Digital Angel is selling the microchips in South Africa and is in discussions to offer it in Japan as well.

April 7, 2006 PRNewswire

The Liberty Alliance Project, the global consortium developing open standards for federated identity, interoperable strong authentication and identity-enabled Web services, today announced its first eHealth workshop to take place from 1:00 to 5:00 PM on April 26th in Washington DC. This free event will be held at the Sheraton Premiere at Tysons Corner and is open to all individuals interested in discussing issues and potential solutions to the technology and policy challenges surrounding identity management in the healthcare sector.

The workshop will be a lively discussion in developing strategies and solutions regarding collaboration and public/private partnerships to foster adoption of open standards, authentication, and the Federal Health Architecture for the National Health Information Network (NHIN) and regional health information networks. Confirmed speakers include Kelly Cronin (ONCHIT), David Temoshok and Marc Wine (GSA), Tom Leary and Pete Palmer(HIMSS Advocacy and RHIO Federation). Anyone interested in attending the workshop can register and get more information by visiting https://www.projectliberty.org/scripts/workshop_ehealth_apr26.asp

Liberty formed its eHealth group last year to advance interoperable and privacy-respecting standards for federated identity management and identity-enabled Web services in the healthcare sector. Members work collectively to address the technology, privacy and policy issues surrounding identity management in healthcare applications. Over 100 members from the global healthcare community currently participate in Liberty's eHealth group.

Feb. 15, 2006 By Maria Woehr, Insurance & Technology

If architecture interoperability and trust concerns are ironed out, federated identity management (FIM) could provide security and productivity improvements for the insurance industry, according to an expert panel at the LOMA Emerging Technology Conference at the Gaylord Texan Resort & Convention Center in Dallas. FIM allows agents to use a single user name and password to sign on to the networks of more than one enterprise in order to conduct transactions. And it requires partners within an identity management federation doing business with the same individuals to trust each other's verification of those individuals' user status.

The panel consisting of Mark T. Chamberlain, systems officer information security from Nationwide Financial (Columbus, Ohio; $157 Billion in total assets), Doug Simmons, principal consultant from the Burton Group (Midvale, Utah), and Scott Lowry, president and CEO of Digital Signature Trust (Salt Lake City), argued that federated identity management is not a bleeding edge security solution but rather a reality insurers will have to pursue even though many are still leery of giving up old authentication processes. "Many insurers are still getting their feet wet or waiting for a clear business case, but now is the time to start looking at this as a serious solution," Burton Group's Simmons explains.

Security concerns require that every carrier have an authentication log-on process that an agent must use to gain access to its system. Keeping track of those passwords can be a problem for agents who deal with several carriers. To address that problem, many agents keep a sheet of paper with all their carrier pass codes written down at their desk, creating a security vulnerability, explained Nationwide's Chamberlain. "You are only as strong as your weakest link," he said. "There are also other issues such as the poor ease-of-use, customer frustration and redundant sign-ons."

Feb. 13, 2006 By Richard Waters, Financial Times

An Ohio company has embedded silicon chips in two of its employees - the first known case in which US workers have been "tagged" electronically as a way of identifying them.

CityWatcher.com, a private video surveillance company, said that it was testing the technology as a way of controlling access to a room where it holds security video footage for government agencies and the police.

BARCELONA, Spain, Feb. 13 /PRNewswire-FirstCall/ -- 3GSM -- VeriSign, Inc. (NASDAQ: VRSN) , the leading provider of intelligent infrastructure services for the Internet and telecommunications networks, today announced it has successfully integrated its IP peering solution between Voice over IP (VoIP) service providers and the Austrian Public Electronic Numbering (ENUM) root. This is one of the first examples of integration between public and private ENUM services and can serve as a template for interconnecting public and private directories to facilitate the growth of Internet Protocol (IP) applications.

ENUM assigns an Internet address to an individual as a single point of communications and allows landline, mobile calls, e-mail and instant messages to be exchanged using one IP number. Public ENUM trials are taking place globally, facilitating commercial convergence between the public switched telephone and VoIP networks.

The public-private integration, which completed compatibility testing last year, gives VeriSign Carrier IP Connect customers access to Austria's Public ENUM data and eliminates the need to query network databases multiple times to obtain individual contact information.

See also "VeriSign's VIP Protects Sign-On IDs", February 13, 2006,  By Sean Michael Kerner, Internetnews.com

VeriSign Identity Protection (VIP), announced today, will offer users the promise of a single security device that will enable authentication on VIP-enabled Web sites. So far the list of future VIP-enabled sites includes industry heavyweights PayPal, eBay and Yahoo.

February 3, 2006 By Stacy Lawrence, Ziff Davis Internet

In October, the government will start issuing Personal Identity Verification cards to all federal employees and contractors. This week, the National Institute of Standards and Technology issued the final guidelines defining how biometrics should be stored on these identity cards.

In August 2004, the President issued Homeland Security Presidential Directive 12 calling for a mandatory, governmentwide personal identification card that all federal departments and agencies will issue to their employees and any contractors requiring access to federal facilities and systems.

The NIST publication, available here as a PDF, contains specifications for acquiring, formatting and storing fingerprint images and templates; for collecting and formatting facial images; and for the biometric devices used to collect and read fingerprint images.

See also the tangentially related RFID News: Cisco, Venture Development Corp., RFID Passports An Easy Hack, ThingMagic

Cellphone Tracking Cases (USA v. Pen Register), Health and Human Services Department Personal Identification verification smart cards, Sun's National Provider ID, Yahoo's "content aggregation ID"

Citizens Against Government Waste (CAGW) Vice President for Policy David Williams presented a seminar of the National Conference of State Legislatures (NCSL)

Global standard for avian vaccines needed - expert

Dec 8, 2005 By Patricia Reaney

LONDON (Reuters) - International standards should be set for avian vaccines to combat the spread of the deadly H5N1 bird flu in chickens, a leading virologist said on Thursday.

Unlike influenza vaccines for humans which must contain a minimum amount of antigen to stimulate an immune response, no figure had been stipulated for avian vaccines, said Dr Robert Webster of St Jude's Children's Hospital in Memphis, Tennessee.

"We should at least establish a minimal level," he told a briefing during a meeting on emerging diseases in London.

"There are no international standards. There should be."

Nov. 29, 2005 By Emily Berry, Chattanooga Times Free Press

Orange Grove Center will not coordinate an effort to implant its developmentally disabled clients with identifying microchips, despite discussion last month about cooperating with the chip’s manufacturer to provide them to as many as 100 clients, Executive Director Kyle Hauth said Monday.

"We’ve pretty much fulfilled our obligations in terms of notifying people we serve and their families that this is a technology that exists," Mr. Hauth said. "That pretty well ends our involvement."

Designer VeriChip Corp. is promoting the idea of using the implants, each about the size of a grain of rice, to identify people in medical emergencies. The chip holds a number that in turn can be used to find medical records online. The chips were approved by the Food and Drug Administration for use in a medical setting in December 2004.

News of the idea of implanting Orange Grove clients with microchips brought criticism from medical ethicists and scorn from disability rights organizations from as far away as Pennsylvania.

Palo Alto, Calif. — November 7, 2005 — In the wake of increasing security concerns, the incorporation of secure identity management systems is assuming top priority for enterprises and governments worldwide. However, tight deadlines, lack of consensus and security loopholes has created considerable confusion in crucial programs such as the e-passport project.

Smart card organizations and governments need to work together in developing global standards for ID applications. Further, open platforms, which are expected to play a key role in this segment due to their scalability and security features, will have to evolve as strong foundations for the credible execution of such vital applications.

New analysis from Frost & Sullivan (www.smartcards.frost.com), World Battle of Platforms, reveals that unit shipments for open platform cards totaled 400 million in 2004 and projects to reach to 1.15 billion by 2011.

Oct. 6, 2005 -- Frontline Solutions

VeriChip Corp., an identification and security technology provider that calls itself "The First RFID Company for People," announced that during the month of September, 49 hospitals agreed to adopt the VeriMed System for patient identification. This brings to 58 the number of hospitals that have agreed to adopt the system in their emergency departments since the FDA approved it in October 2004.

Patients who arrive at an emergency room unconscious or unable to communicate due to medical conditions are susceptible to treatment delays and medical errors, according to the company. In an emergency, VeriMed provides the patient's name and a link to personal medical information.

The RFID device is implanted in the patient using a reversible insertion process. The microchip contains a secure and unique 16-digit number, which acts as a portal to patient information accessible through the medical facility's electronic medical record system or through VeriChip's Web site. The device is read by healthcare professionals using a hand-held reader.

Most of the hospitals entering into VeriMed agreements in September did so as a result of a VeriChip demonstration at the American College of Emergency Physicians' (ACEP) Scientific Assembly, which took place Sept. 26-29, 2005, in Washington, D.C.

by Joanne Silberner, Health & Science, NPR

Morning Edition, August 15, 2005 · Many people wear metal necklaces or bracelets to alert emergency caregivers to special medical conditions. Technology may make it easier to get doctors this information. More than 1,000 people have tiny I.D. chips implanted beneath their skin that give emergency room personnel instant access to that person's medical information.

July 11, 2005 by Nancy Ferris, govhealthit.com

Some health information technology planners have waited for years for the federal government to issue every American a unique personal health identification code, similar to a Social Security number that would distinguish each of the 16,000 William Smiths in America from one another.

But it’s increasingly unlikely that will happen, despite its seemingly obvious appeal for the architects of the national health information network.

And now many of the leaders in the drive to modernize and interconnect the nation’s health information systems say they wouldn’t rely on a single health identifier if one were to be issued.

Instead, they are endorsing two basic strategies:

* Record locator services, which would maintain indexes of patients and where to obtain their health records.

* Probabilistic matching, which is a relatively new technology used in search engines.

Jun. 27, 2005 By Michael Arnone

International travelers who need visas to enter the United States will soon have radio frequency identification (RFID) tags installed in their visa forms, the Homeland Security Department announced...

June 8, 2005 By Roy Mark

Congress is not going to ignore the spate of data breaches plaguing private enterprise and will pass new data protection laws, a Gartner analyst predicted.

Speaking at a Gartner IT security conference less than 24 hours after CitiFinancial admitted it had lost almost 4 million records with personally identifiable information, John Pescatore told a packed room that Congress is bound to respond with new laws.

"What will be the next Sarbanes-Oxley? It's going to be some type of identity theft or data security legislation," said John Pescatore, a vice president and analyst at Gartner. "That's such a politician-friendly issue, it's the next big one coming."

May 27, 2005 By Lisa Vaas, eWeek.com

Hewlett-Packard Co. and Microsoft Corp. on Friday rolled out a platform to help governments establish national identity systems. The HP National Identity System is based on Microsoft's .Net platform. According to a release from the companies, it goes beyond simple secure identification and authentication, giving government ID systems the ability to be used to access e-government services and to conduct secure transactions on behalf of citizens.

It's not surprising that big vendors are rushing to address governments' hunger for beefed-up tracking of citizens and travelers. According to recent figures from Morgan Keegan, as quoted in the companies' statement, the identity management market is now worth about $4.8 billion and is estimated to increase to about $10.7 billion by 2007.

The HP NIS tool provides citizens with improved secure and intelligent identity documents, according to the companies' statement. For example, the tool can check traveler and citizen credentials across entire countries or regions, which should ensure fulfillment of requirements to check IDs at borders.

May 11, 2005 By Dibya Sarkar, FCW.com

The Senate unanimously passed an $82 billion supplemental spending measure May 10 that includes controversial driver's license reforms that would mandate minimum federal security standards for identity cards meant to improve homeland security.

The House approved last week the measure to authorize supplemental funding for the Defense Department by a 368 to 58 vote. In a written statement, Bush said he looked forward to signing the bill into law.

Many state government officials opposed inclusion of the Real ID Act in the supplemental appropriations conference report. They argue that the driver's license measures would put financially burdens on state motor vehicle offices and overload them with additional work. Civil liberties groups say the bill is anti-immigration and sets a precedent for creating a national identification database.

Germany is poised to introduce its next generation e-health card in 2006. The new version, set to replace the existing insurance card - holding only the patient’s name, address and insurance number - will be the latest example of smart card technology to hit the market in Europe. It will be able to store prescription information and might even be used as the standard card for a digital signature - the key to modern eGovernment applications.

Germany’s Fraunhofer-Gesellschaft unveiled the technology solutions behind the country’s much-discussed project to introduce next-generation electronic medical passes. Coinciding with the recent international CeBIT technology fair, scientists close to the project stressed the special data security features in the new smart cards.

Germans already carry slightly ‘dumb’ smart cards that hold key health insurance information, such as their name, address and insurance number. Now the government plans to introduce a new e-health card which, in addition to holding personal data, could also store emergency data, including the holder’s blood group, known allergies to drugs and so on.

To cut red tape and streamline the health system, the Germans decided to include prescriptions on the card, which can store several A4 pages of typed text. No final decision has been taken whether the e-health card, which will have all the security features of today’s smart card technology, could also carry a digital signature – a fundament of modern eGovernment applications, including filing tax declarations electronically.

Smart cards are not new to Germany, or Europe for that matter. Mobile telephony introduced the use of ‘smart security’ systems – personal identification numbers (PIN) that safeguard the owner’s account details – to the masses. Credit card companies are also putting smart technology in their cards to cut out the huge problem of fraud.

Earlier this year, the US House of Representatives passed the REAL ID Act, bringing us a giant step closer to a "national ID." The REAL ID Act would establish a vast national database of ID holders, where even a small percentage of errors would cause major social disruption. The ID would essentially be an internal passport that would be shown before accessing planes, trains, national parks, and court houses - an irresistible target for forgers and identity thieves. It would also divert resources from security measures that could actually work. And in calling for the use of "common machine-readable technology," the REAL ID Act paves the way for the federal government to force every state to put radio-frequency identification (RFID) chips into their ID cards. The Senate needs to be reminded that such proposals have always been rejected for good reason: our privacy and civil liberties are at the core of what it means to be an American citzen, and they shouldn't be traded for what amounts to security theater. Tell your senators to reject the REAL ID Act. Make your voice heard with the EFF Action Center: http://action.eff.org/site/Advocacy?id=119

March 14, 2005 - Mobilehealthdata.com

Hackensack (N.J.) University Medical Center will become the second provider organization that can read radio frequency identification chips embedded in patients. The 683-bed, not-for-profit provider plans to test the VeriChip system--from Delray Beach, Fla.-based Applied Digital--in its emergency department. The technology can read the vendor's RFID chips that have been implanted underneath a patient's skin, between the elbow and shoulder. Each VeriChip contains a 16-digit identification number assigned by Applied Digital. Hackensack will map patients' VeriChip numbers to their medical records number. The provider then will be able to access patient data from their electronic medical records system, which is in development, by scanning them with the vendor's reader to find their chip number. The chip numbers will be mapped to patients' electronic records ID numbers.

March 14, 2005 Reuters

Customers of a German supermarket chain will soon be able to pay for their shopping by placing their finger on a scanner at the check-out, saving the time spent scrabbling for coins or cards.

An Edeka store in the southwest German town of Ruelzheim has piloted the technology since November and now the company plans to equip its stores across the region.

"All customers need do is register once with their identity card and bank details, then they can shop straight away," said store manager Roland Fitterer.

March 1, 2005 Electronic Frontier Foundation

New Bill Will Protect Californians' Privacy Rights

NOTE: This is a press release from the ACLU of Northern California. EFF is recirculating it for your information.

San Francisco, CA - The ACLU, the Electronic Frontier Foundation, and the Privacy Rights Clearinghouse support legislation introduced by Senator Joe Simitian that would prohibit identity documents issued by the state, including driver's licenses and library cards, from containing a contactless integrated circuit or other device that can broadcast personal information or enable that information to be scanned remotely.

"This is all about individual privacy, personal safety and financial security," said Senator Joe Simitian. "SB 682 ensures that state and local government will be part of the solution, not part of the problem."

The legislation was introduced days after a company in Sutter, California withdrew its pilot program from an elementary school amidst parents outcry who did not want their children tagged like "inventory." The school district introduced the mandatory use of Radio Frequency Identification tags (RFIDs) to track the students' movements. The students were required to wear the ID badges that included the device along with the student's name, photo, grade, school name, class year and the four-digit school ID number.

Jeffrey and Michele Tatro, parents of a Sutter elementary student who had to wear the mandatory RFID said: "We fully support this legislation that will protect families throughout California from having to go through what we did – seeing our children tagged like inventory or cattle."

Mar 01, 2005 By News Staff govtech.net

The W. Va. Department of Motor Vehicles selected Viisage for the design and implementation of the state's new drivers' license. The new state license will include finger image and face recognition biometrics as well as the latest credentialing security features. The end-to-end security built into the state's process is designed to provide citizens with protection from identity theft and fraud, and is expected to allow the state to contribute to heightened homeland security efforts. The one-year contract award includes the option for four one-year renewals. The W. Va. DMV, in collaboration with Viisage, will begin producing a new drivers' license that provides citizens with high levels of security from the upfront proofing of identity to the issuance of licenses embedded with advanced security features. W.Va's process will begin with the use of finger image technology to record operator login, allowing for continuous tracking of drivers' licenses from the point of initial application. Additional built-in security measures are available to prevent unauthorized production of drivers' licenses.

March 2, 2005 By Laurie Sullivan, InformationWeek

Addressing thousands of execs at RFID World, Wal-Mart CIO Linda Dillman said the debate about whether RFID will happen is over.

Linda Dillman, CIO of the world's largest retailer with revenue in excess of $250 billion a year, is one happy executive. Wal-Mart Stores Inc., which took little-known radio-frequency identification and made it the hottest supply-chain technology around, is on track to have RFID in 600 stores and 12 distribution centers by year's end.

"The best thing about being here today is we are now past January 2005, and I don't have to stand up here and debate whether it will happen, because it did," Dillman told thousands of executives attending this week's RFID World Conference & Exhibition in Dallas. Since revealing two years ago that it wanted its top suppliers to begin shipping RFID-tagged cases and pallets of goods in January, Wal-Mart has installed 14,000 pieces of hardware, has run 230 miles of cable, and is live with more than 100 suppliers. RFID is installed in 104 Wal-Mart stores, 36 Sam's Clubs, and three distribution centers.

Wal-Mart and other retailers say RFID will help them track goods throughout the supply chain and ultimately will help them get the right products in the right stores at the right time. It'll also help locate specific products anywhere in the supply chain, which should make recalls easier to manage. "Getting merchandise to the shelf is important to us," Dillman said. "Tracking recalls is one of the next projects Wal-Mart is working on."

Feb. 28, 2005 By Roy Mark, Internetnews.com

U.S. Commerce Secretary Carlos M. Gutierrez issued new standards Friday for government-issued smart cards specifying the technical and operational requirements to meet President Bush's mandate for standard federal ID credentials.

The standards call for all federal agencies and their contractors to be issued a credit card sized ID that contains a PIN number, digital photograph and two digitally stored fingerprints.

Gutierrez also announced all federal agencies have until October to meet the first part of the Personal Identity Verification (PIV) standard, which sets the minimum requirements needed to meet the presidential directive.

Feb. 22, 2005 The Associated Press published in the Asbury Park Press
 
ATLANTA -- ChoicePoint Inc., under fire for being duped into letting criminals access its massive database of personal information, said Monday that consumers throughout the country and in three U.S. territories may have been affected by the breach of the company's credentialing process.

The data warehouser also announced plans to rescreen 17,000 business customers to make sure they are legitimate.

The Alpharetta-based company said it has hired a retired Secret Service agent to help revamp its verification process. It also has paid for a one-year subscription to a credit-monitoring service for each of the 144,778 people who may have been affected by the breach.

Feb. 16, 2005 By Joseph Menn, Times Staff Writer (From the Los Angeles Times)

Identity thieves use a scam to get thousands of files.
Only Californians are being notified.

A fraud ring infiltrated one of the nation's largest collectors of consumer information and obtained credit reports, Social Security numbers and other information about tens of thousands of people in a massive case of identity theft.

ChoicePoint Inc. said Tuesday that it had begun sending letters to about 35,000 California residents to tell them that their personal information may have been compromised. The Georgia company urged them to check their credit reports for new accounts or suspicious activity.

The scope of the scam is likely to widen because California is the only state that requires companies to notify people when the security of their personal information is jeopardized.

A ChoicePoint spokesman said the number of victims nationwide could total 100,000, but the company could not be sure of the extent of the fraud and had no plans to contact people outside California.

Feb. 15, 2005 BUSINESS WIRE

Digital Evolution(TM), a leading provider of SOA and Web services management and security software; today announced the release of the industry's first business-to-business Web services security solution for .NET Web services. Digital Evolution's XML VPN version 4.2 is now shipping and is in production at several large retail and financial service organizations. The XML VPN is the ideal platform for offering .NET services to partners. It can secure any XML Web service and provides specific extensions for discovery and automated provisioning of .NET services, making Web services communication and consumption between partners easy and secure. </