Concept of Operations: Relating to the introduction of a Personally Controlled Electronic Health Record System
6.5.1 Proof of Record Ownership Service (POROS)
PurposeThe purpose of the Proof Of Record Ownership Service (POROS) is to verify that individuals have supplied sufficient information to correctly identify themselves for the purposes of creating a PCEHR. The POROS can also be used to verify an individual’s relationship with another individual (e.g. parent / child relationships) for the purpose of creating a PCEHR on behalf of another individual.
The PCEHR System will permit individuals to have a choice of verification services. The first verification services will be built by leveraging existing infrastructure within the Department of Human Services, and will include the following:
- Fast Track, which has been developed for assisted registration processes, where an authorized registration agent can view an approved piece of photo identification and supply sufficient information to locate the individual’s IHI. The individual will be issued with an Identity Verification Code (IVC), which can then be used to create a PCEHR.
- Online Proof of Record Ownership (Online PORO), which has been developed for both assisted registration and self-service registration processes. This service will rely on information held by the Department of Human Services to provide a series of questions the individual must answer to prove they own the record. Each question has a point value and an individual must achieve a threshold to validate their identity. In circumstances where the individual uses an assisted registration process, the individual will be provided with an IVC, which can then be used to create a PCEHR.
POROS will also provide a range of options around establishing relationships between individuals. Initially, it is proposed that Medicare Card Grouping information, where the age of the individual is over 18 and the dependent is under 18, will be used to assert this relationship.
In time, other options for asserting this relationship may be made available.
FunctionalityKey functions of the POROS include:
- Verify identity based on identifying information, features include:
- Fast Track
- Online PORO
- Verify relationship between individuals
Additional RequirementsAccess controls over which authentication methods are available via different channels will be required and will depend upon the assisted registration agents permissions.
Related Standards and Specifications
- XACML 2.0 [XACML] (recommended)
- Security Assertion Markup Language 2.0 (SAML 2.0) [SAML] (recommended)