Individual Users. Each Participant shall require that Individual Users with whom it has a Direct Relationship be identity proofed at a minimum of IAL2 prior to issuance of access credentials by the Participant. The identity information may be supplemented by Participant Members acting as authoritative source by using knowledge of the identity of the individuals in accordance with written policies and procedures. Such policies and procedures must be commensurate with the risk of incorrect identity proofing (e.g., procedures for applicants receiving credentials to access their medical information may be less rigorous than procedures used for applicants receiving credentials that can be used to access medical information on multiple patients). For example, IAL2 identity proofing for an applicant receiving credentials to access to his or her own medical information can be accomplished by any two of the following: (a) physical comparison to legal photographic identification cards such as driver’s licenses or passports, or employee or school identification badges; (b) comparison to information from an insurance card that has been validated with the issuer, (e.g., in an eligibility check within two days of the proofing event); and (c) comparison to information from an electronic health record (EHR) containing information entered from prior encounters. All personally identifiable information collected shall be limited to the minimum necessary to resolve a unique identity and the Participant shall not copy or retain such personally identifiable information.
Appears in 2 contracts
Sources: Trusted Exchange Framework and Common Agreement (Tefca), Common Agreement