• WG NAME: Healthcare Identity Assurance Work Group (HIAWG)


The purpose of the Work Group is to support the healthcare industry in providing identity and access-management (IAM) solutions that respect privacy, promote efficiency, limit redundancy, reduce barriers to use/adoption, increase interoperability, improve security, enhance safety and trust, support resiliency, and achieve patient empowerment across the entire industry.

The HIAWG will identify, coordinate, and harmonize with ongoing and emerging healthcare identity initiatives, standards, and technologies, and communicate our findings to all stakeholders in the healthcare industry and particularly patients both in the US and selectively, around the world.  We will embrace efforts to influence policy makers, thought leaders, government agencies, and private sector entities through education and advocacy.

The ultimate goal of the WG is to provide the coordination, leadership, and technical support necessary to ensure widespread adoption of the Identity Ecosystem Framework (IDEF) across the entire healthcare community.

  • SCOPE:

The WG's primary focus is to adapt the IDEF framework to the specific requirements and use-cases of the healthcare sector, and to encourage adoption of this profile of the IDEF throughout the healthcare community. Activities supporting this focus will include:

  • Working with the Federation Identity Resilient Ecosystem (FIRE) and Identity Assurance WGs to develop a healthcare profile of the IDEF, and associated criteria for assessing conformance with the profile.
  • Providing input to the FIRE WG on new, revised or clarified features and scope needed for IDEF to fully support the use-cases and constraints of healthcare operations.
  • Making recommendations to and responding to proposals of the US and other national  healthcare industry associations, advocacy organizations or government agencies. The WG will address the identity technology and policy requirements of the healthcare community, and promote cross sector discussion of risk, liability, operation, policy, security and regulation.
  • Promoting wide healthcare-sector awareness and adoption of identity architectures and practices that are consistent with IDEF principles (i.e., with a healthcare profile of the IDEF.)
  • The WG will encourage healthcare service providers to use Kantara Initiative’s (KI) IDEF Registry to self-assess their conformance with relevant IDEF Requirements, pending availability of a KI-managed assessment scheme for third-party assessment of a healthcare profile of the IDEF.
  • Within the Kantara Initiative, seeking to leverage and integrate the work of other WGs as building blocks for a healthcare profile of the IDEF
  • Providing Software is currently out of scope


The following technical specifications may be developed in 2019-20:

  1. Jointly with FIRE WG, a draft Healthcare Profile of IDEF 1.0.
  2. In coordination with IAWG and FIRE WG, draft criteria for assessment of conformance with the Healthcare Profile of IDEF.


The following draft recommendations and reports may be developed in 2019-20:

  1. A draft Report including a high-level statement of identity infrastructure requirements for the healthcare sector and a mapping between IDESG Principles and these requirements.
  2. With the recent renewed and growing interest in unique patient identifiers, we will explore that issue and offer recommendations 2019-20.


As of August 2019, the Working Group is operating with interim leadership transitioned from the IDESG Healthcare Committee:

  1. Chair –  Thomas Sullivan, MD
  2. Vice-Chair – Jim Kragh

The Working Group is soliciting indications of interest in filling the following permanent leadership roles, and will conduct elections shortly:

  1. Chair
  2. Vice-Chair
  3. Editor

The Working Group also anticipates that the permanent Chair will appoint a Secretary. Duties of the persons occupying these roles are as defined here.


The immediate target audience for the work of the WG is providers of identity related products and Internet services to the healthcare sector (primarily in the United States), as well as the relying-party healthcare and related information service providers that require interoperable IAM products and/or services to support secure transactions and compliance with security, privacy or other regulations.

The WG’s specifications and recommendations will be of interest also to healthcare and privacy policy-advocacy groups, and governmental authorities responsible for regulating healthcare who develop regulations to meet their security, privacy, etc. goals. HIAWG recommendations will assist them in specifying regulations and guidance that are both practical and effective.

The most important beneficiaries of the HIAWG’s work will be the healthcare consumers (patients and their families) and healthcare professionals who interact with or whose personal information is protected by identity systems. However, these individuals are not expected to use HIAWG artifacts except indirectly as trust-marks provide evidence of healthcare providers’ implementation of best practices for protection and reliability of identity data.  


The HIAWG's program of promoting the implementation of and identity architecture in the healthcare sector that is consistent with the principles of the IDEF is anticipated to be on-going. 

This Charter covers the period through December 31, 2020


The Work Group will operate under the Kantara Initiative IPR Policy, with the following option as defined in Appendix D of that policy:  Copyright: Creative Commons Attribution-Share Alike (CC A-SA)



Evolution of the IDEF Framework as managed by the FIRE WG is directly relevant to the HIAWG, which may also provide input to the FIRE WG regarding enhancements to the Framework to address healthcare-specific use cases.

The HIAWG also anticipates developing a healthcare profile of IDEF in coordination with the FIRE WG. In connection with this project the HIAWG anticipates working closely with the Identity Assurance WG (IAWG) and the FIRE WG to develop criteria for assessing conformance with a “Healthcare Profile of IDEF” which might be used by the IAWG and IAB to offer certification to healthcare providers (as relying parties) and IAM product and services vendors.

Because patient privacy is a priority concern of the healthcare industry, the HIAWG also expects to maintain active liaison to the User Managed Access (UMA) WG and other privacy related Kantara initiatives.

Informal external liaison will be maintained with major healthcare identity initiatives (e.g., the CARIN Alliance) and with principal policy authorities like the US Office of the National Coordinator for Health Information Technology (HHS/ONC), via HIAWG members’ participation in committees, task forces and events sponsored by those organizations.


The WG will build on the IDEF framework artifacts in Kantara Initiative Educational Foundation  Inc. (KIEF)—Functional Model, Requirements and Supplemental Guidance, and Glossary—plus an IDEF-KI Mapping and the work of the IDESG Healthcare and other Committees' work-in-progress toward revision of IDEF.


Tom Sullivan, MD   --  –  Individual Member

Barry R. Hieb, M.D.   –   –  Individual Member

Jim Kragh   --  –  Individual Member

Catherine Schulten   –   –  Individual Member

Martin Smith    –   –  Individual member

Peter Palmer -   –  Individual Member

Thomas Jones –  –  Individual Member

Les Chosen –   –  Corporate Member


Approved HIAWG 9/26/19


Downloadable version (PDF):




August 19th, 2009

The Leadership Council ratifies this charter for operation.

November 7, 2019Leadership Council approves HIAWG re-charter (v.36)