Abstract: The present teaching relates to generating an identifier for a person. In one example, an actual name of the person is received. The identity of the person that is associated with the actual name of the person is proved at a pre-determined level of assurance (LOA) required by an identity management system. When the identity of the person has been proved, a peripheral name is solicited from the person. An identifier that includes the actual name and the peripheral name of the person is created. Whether the identifier is unique is determined. The steps of soliciting, creating, and determining are repeated until the identifier is unique. The peripheral name is associated with the person. The identifier is associated with the person.

Abstract: Implementations provide self-consistent, temporary, secure storage of information. An example system includes fast, short-term memory storing a plurality of key records and a cache storing a plurality of data records. The key records and data records are locatable using participant identifiers. Each key record includes a nonce and each data record includes an encrypted portion. The key records are deleted periodically. The system also includes memory storing instructions that cause the system to receive query parameters that include first participant identifiers and to obtain a first nonce. The first nonce is associated with the first participant identifiers in the fast, short-term memory. The instructions also cause the system to obtain data records associated with the first participant identifiers in the cache, to build an encryption key using the nonce and the first participant identifiers, and to decrypt the encrypted portion of the obtained data records using the encryption key.

Abstract: The present teaching relates to generating an identifier for a person. In one example, an actual name of the person is received. The identity of the person that is associated with the actual name of the person is proved at a pre-determined level of assurance (LOA) required by an identity management system. When the identity of the person has been proved, a peripheral name is solicited from the person. An identifier that includes the actual name and the peripheral name of the person is created. Whether the identifier is unique is determined. The steps of soliciting, creating, and determining are repeated until the identifier is unique. The peripheral name is associated with the person. The identifier is associated with the person.

Abstract: Method, system, and programs for interoperable identity and interoperable credentials. In one example, an authentication request is received that originated from an online user in connection with an application having a first LOA. The authentication request includes an identity assertion and a digital identity is searched to identify a GUID associated with the digital identity matching the identity assertion. One or more credentials that are bound to the GUID at the first LOA or a higher LOA are provided. A selection of at least one credential is received. Information of the selected credential that includes a credential verification service capable of verifying the selected credential is received. Verification of the selected credential of the online user based on the GUID is requested. A verification response is received. The online user is authenticated at the first LOA when the verification response indicates that the selected credential is successfully verified.

Abstract: The present teaching relates to generating an identifier for a person. In one example, an actual name of the person is received. The identity of the person that is associated with the actual name of the person is proved at a pre-determined level of assurance (LOA) required by an identity management system. When the identity of the person has been proved, a peripheral name is solicited from the person. An identifier that includes the actual name and the peripheral name of the person is created. Whether the identifier is unique is determined. The steps of soliciting, creating, and determining are repeated until the identifier is unique. The peripheral name is associated with the person. The identifier is associated with the person.

Abstract: The present teaching relates to generating an identifier for a person. In one example, an actual name of the person is received. The identity of the person that is associated with the actual name of the person is proved at a pre-determined level of assurance (LOA) required by an identity management system. When the identity of the person has been proved, a peripheral name is solicited from the person. An identifier that includes the actual name and the peripheral name of the person is created. Whether the identifier is unique is determined. The steps of soliciting, creating, and determining are repeated until the identifier is unique. The peripheral name is associated with the person. The identifier is associated with the person.

Abstract: Methods, systems, and programs provide a patient prescription portal that streamlines and improves the process of filling prescriptions. An example method includes determining, responsive to receiving an electronic prescription, that information in the electronic prescription matches a parameter, transmitting, responsive to determining that the information in the electronic prescription matches, a notification to a phone number provided by a patient identified in the electronic prescription, the notification requesting input for managing patient medications, the notification including an opt-in option, and accessing, subsequent to the patient selecting the opt-in option, medication records for the patient.

Abstract: A health information exchange (HIE) system and related methods for sharing patient medical data among a plurality of users. In one embodiment, the HIE system includes a processor executing a software application and one or more databases. Medical data may be downloaded by a first user to the system in a source file format. The system converts and stores the medical data in a data record such as an object having a different type of data structure. Upon receiving a request from a second user for the medical data in a specified destination file format, the system retrieves and converts the object containing the medical data into the specified destination file format, and sends the destination file to the second user. The source and destination file formats may be the same or different. In one embodiment, users may access and communicate with the HIE system via the Internet.

Abstract: The present teaching relates to managing identity information of a person at an identity center. In one example, the person is associated with a first set of identity attributes that are verified to be associated with the person. Upon the person being associated with the first set of identity attributes, the person is linked with a first user account at a source entity. A consent is received from the person to share one or more attributes of the first user account at the source entity with a receiving entity. The sharing of the one or more attributes of the first user account from the source entity to the receiving entity is facilitated in accordance with the received consent.

Abstract: Method, system, and programs for interoperable identity and interoperable credentials. In one example, an authentication request is received. The authentication request originated from an online user in connection with an application having a first LOA. The authentication request includes the online user's input. A digital identity is searched based on the online user's input. A GUID associated with the digital identity is obtained when the digital identity is found. One or more credentials that are bound to the GUID at the first LOA or a higher LOA are provided. A selection of at least one credential is received. Information of the selected credential that includes a credential verification service capable of verifying the selected credential is received. Verification of the selected credential of the online user based on the GUID is requested. A verification response is received.

Abstract: The present teaching relates to identity management. In one example, a trusted connector is instantiated in the enterprise system behind a security. The trusted connector is configured to communicate with the private resource via a communication protocol. Upon being triggered by the external system, a secure communication channel is established between the external system and the trusted connector. A request is received from the external source at the trusted connector through the secure communication channel. The request is interpreted for communicating with the private resource. The interpreted request is sent to the private resource. A response is received from the private resource. The response from the private resource is interpreted for communicating with the external system. The interpreted response is sent to the external system through the secure communication channel.

Abstract: The present teaching relates to generating an identifier for a person. In one example, an actual name of the person is received. The identity of the person that is associated with the actual name of the person is proved at a pre-determined level of assurance (LOA) required by an identity management system. When the identity of the person has been proved, a peripheral name is solicited from the person. An identifier that includes the actual name and the peripheral name of the person is created. Whether the identifier is unique is determined. The steps of soliciting, creating, and determining are repeated until the identifier is unique. The peripheral name is associated with the person. The identifier is associated with the person.

Abstract: The present teaching relates to a Healthcare Event Response and Communication Center. In one example, a healthcare message is received. The healthcare message is processed to automatically identify one or more healthcare events. For each identified healthcare event, one or more responsive entities that are configured to be responsive to the healthcare event are identified. Each responsive entity is associated with one or more healthcare workflows that are configured to receive the healthcare event. Each identified healthcare event is provided in real-time to each of the one or more responsive healthcare workflows with respect to each responsive entity.

Abstract: A health information exchange (HIE) system and related methods for sharing patient medical data among a plurality of users. In one embodiment, the HIE system includes a processor executing a software application and one or more databases. Medical data may be downloaded by a first user to the system in a source file format. The system converts and stores the medical data in a data record such as an object having a different type of data structure. Upon receiving a request from a second user for the medical data in a specified destination file format, the system retrieves and converts the object containing the medical data into the specified destination file format, and sends the destination file to the second user. The source and destination file formats may be the same or different. In one embodiment, users may access and communicate with the HIE system via the Internet.

Abstract: The present invention relates to a method for electronically prescribing controlled substances on a wide area network that includes a health care provider system (HCP system), an electronic prescription system (EP system), a third party identification validation system (third party IDV system), and a pharmacy system, and includes: a) the EP system receiving from the HCP system an electronic prescription entered by a provider for a controlled substance, a first identification factor, and a second identification factor; b) the EP system authenticating the first identification factor and transmitting the second identification factor to the third party IDV system for authentication; and c) upon the first identification factor being approved by the EP system and the EP system receiving approval of the second identification factor from the third party IDV system, the electronic prescription being certified for transmission to the pharmacy system as a certified electronic prescription for the controlled substance.

Abstract: The present invention relates to a method for electronically prescribing controlled substances on a wide area network that includes a health care provider system (HCP system), an electronic prescription system (EP system), a third party identification validation system (third party IDV system), and a pharmacy system, and includes: a) the EP system receiving from the HCP system an electronic prescription entered by a provider for a controlled substance, a first identification factor, and a second identification factor; b) the EP system authenticating the first identification factor and transmitting the second identification factor to the third party IDV system for authentication; and c) upon the first identification factor being approved by the EP system and the EP system receiving approval of the second identification factor from the third party IDV system, the electronic prescription being certified for transmission to the pharmacy system as a certified electronic prescription for the controlled substance.

Abstract: The present invention relates to a method for electronically prescribing controlled substances on a wide area network that includes a health care provider system (MCP system), an electronic prescription system (EP system), a third party identification validation system (third party IDV system), and a pharmacy system, and includes: a) the EP system receiving from the HCP system an electronic prescription entered by a provider for a controlled substance, a first identification factor, and a second identification factor; b) the EP system authenticating the first identification factor and transmitting the second identification factor to the third party IDV system for authentication; and c) upon the first identification factor being approved by the EP system and the EP system receiving approval of the second identification factor from the third party IDV system, the electronic prescription being certified for transmission to the pharmacy system as a certified electronic prescription for the controlled substance.

Abstract: A virtual private network for communicating between a server and clients over an open network uses an applications level encryption and mutual authentication program and at least one shim positioned above either the socket, transport driver interface, or network interface layers of a client computer to intercept function calls, requests for service, or data packets in order to communicate with the server and authenticate the parties to a communication and enable the parties to the communication to establish a common session key. Where the parties to the communication are peer-to-peer applications, the intercepted function calls, requests for service, or data packets include the destination address of the peer application, which is supplied to the server so that the server can authenticate the peer and enable the peer to decrypt further direct peer-to-peer communications.

Abstract: A virtual private network for communicating between a server and clients over an open network uses an applications level encryption and mutual authentication program and at least one shim positioned above either the socket, transport driver interface, or network interface layers of a client computer to intercept function calls, requests for service, or data packets in order to communicate with the server and authenticate the parties to a communication and enable the parties to the communication to establish a common session key. Where the parties to the communication are peer-to-peer applications, the intercepted function calls, requests for service, or data packets include the destination address of the peer application, which is supplied to the server so that the server can authenticate the peer and enable the peer to decrypt further direct peer-to-peer communications.

Abstract: A shared secret key distribution system which enables secure on-line registration for services provided by an application server through an application level security system or firewall utilizes an authentication token containing a server public key. The server public key is used to encrypt a client-generated portion of the shared secret key, and the encrypted client-generated key is sent to the server where it is recovered using a private key held by the server and combined with a server generated portion of the shared secret key to form the shared secret key. The server generated portion of the shared secret key is then encrypted by the client-generated portion of the shared secret key and transmitted to the client for recovery and combination with the client-generated portion of the shared secret key, at which time both the client and server are in possession of the shared secret key, which can then be used for mutual authentication and development of session keys to secure subsequent communications.