Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Healthcare Online User Group

Does Identity Assurance Matter?

Created: 02 Sep 2011 • Updated: 07 Sep 2011
Axel Wirth's picture
+2 2 Votes
Login to vote

Today's healthcare IT environment is complex and reaches beyond the walls of your hospital. Federal regulations are incentivizing clinicians to cooperate across boundaries, but have also brought us stricter privacy rules. Within a few short years we have moved from "data wants to be free" to "data is free".

We have left the traditional model of information sharing and controlled access behind. Clinicians are mobile and we are exchanging data with other stakeholders in the healthcare community - all with the goal to improve quality and availability of information, provide better patient care, and reduce cost. However, at the same time we know that our old approach to compliance and security no longer meets the challenges and demands of today's IT environment and threat landscape.

To illustrate the point, we can look at the example of ePrescription and Health Information Exchanges (HIE). Both have in common that sensitive PHI needs to be exchanged between trusted participants and requires verification of authenticated individuals. State and Federal regulations are setting a high bar for the required authentication process, commonly referred to as two-factor authentication. The challenge for healthcare organizations is to provide this type of strong authentication to its users and implement an effective yet reliable credentialing management system and infrastructure, especially if this is required across systems and platforms as it is typically the case in healthcare.

Symantec and Experian have partnered to provide an elegant, cloud-based solution for two-factor credentialing. Furthermore, this solution was recently certified to meet the electronic authentication guidelines of the National Institute of Standards and Technology (NIST) Special Publication SP 800-63-1 and is the first to achieve Level 3 Assurance.

Meeting this strict Federal standard, this solution enables healthcare organizations to implement strong authentication, minimize the risk of fraud or non-compliance, and take advantage of the cost-effective, yet secure cloud service provided by a trusted partner. More detail about the offering can be found in below press release.

Experian and Symantec's Two-Factor Credentialing Solution First to Achieve NIST Special Publication 800-63-1 Level 3 Assurance

Solution evaluated by the General Services Administration Division of Identity Management

COSTA MESA, Calif., Aug. 31, 2011 /PRNewswire/ -- Experian® today announced that the two-factor credentialing solution jointly developed by Experian and Symantec to comply with electronic authentication guidelines in the National Institute of Standards and Technology (NIST) Special Publication SP 800-63-1 is the first solution to achieve Level 3 Assurance.

The Experian and Symantec two factor credentialing solution was evaluated by the General Services Administration (GSA) Division of Identity Management. Following a review by personnel from NIST and GSA, who determined that the approach implemented by Experian and Symantec was sound and feasible, the GSA confirmed that the solution meets the intent of NIST SP 800-63-1 Level of Assurance 3 or higher.

Formal review of the solution by the GSA was required by the Drug Enforcement Administration's (DEA) Interim Final Rule on Electronic Prescriptions for Controlled Substances. The DEA Interim Final Rule mandates that prescribers obtain two-factor identity credentials from a credential service provider that has been approved by GSA to conduct identity proofing and   meets the requirements of Level 3 Assurance or above as specified in the NIST Special Publication SP 800-63-1.  

The evaluated solution combines Experian's identity proofing capabilities with the strong authentication capabilities of Symantec's VeriSign Identity Protection (VIP) Authentication Service to deliver secure online identity credentials. It enables government agencies and healthcare organizations to minimize the risk of fraud when users conduct personal and sensitive transactions online. Both Experian's identity proofing and the Symantec VIP Authentication Service are cloud-based services that can be accessed through secure web-services APIs.

"We are excited that our solution has been evaluated by the GSA and believe it will add great value in helping government agencies and healthcare organizations grant online access to services while simultaneously safeguarding individual user's identities, and protecting agency and constituent data," said Scott Waldron, president of Experian, Government Services. "Our innovative solution with Symantec has already been delivered to one of the leading e-prescribers, DrFirst, and now is readily available to more government agencies and healthcare organizations."

"We are pleased to have successfully delivered a solution at NIST SP 800-63-1 Level 3 Assurance," said Nick Piazzola, senior director for Symantec Government Authentication Solutions. "The integration of Experian's identity proofing with Symantec's managed PKI and one-time password authentication offerings now enables us to provide a range of assurance levels for customers needing strong authentication for their websites and portals."

About Experian

Experian is the leading global information services company, providing data and analytical tools to clients in more than 80 countries. The company helps businesses to manage credit risk, prevent fraud, target marketing offers and automate decision making. Experian also helps individuals to check their credit report and credit score and protect against identity theft.

Experian plc is listed on the London Stock Exchange (EXPN) and is a constituent of the FTSE 100 index. Total revenue for the year ended 31 March 2011 was $4.2 billion. Experian employs approximately 15,000 people in 41 countries and has its corporate headquarters in Dublin, Ireland, with operational headquarters in Nottingham, UK; California, US; and São Paulo, Brazil.

For more information, visit

Experian and the Experian marks used herein are service marks or registered trademarks of Experian Information Solutions, Inc. Other product and company names mentioned herein are the property of their respective owners.

Michael Troncale
Experian Public Relations
1 714 830 5462

SOURCE Experian