Identity Management Reference Library

The Identity Management field has received extensive coverage from a variety of sources and standards bodies.  While by no means exhaustive, the following is a representative list of important standards, white papers, and blog posts that contribute to the overall body of knowledge surrounding identity management:


  • NIST 800-63-2

  • Kantara Trust Framework

  • SAFE-BioPharma Trust Framework

  • FIDO Alliance

  • OpenID


  • EPCS

  • esMD



Healthcare Adoption of NIST SP 800-63-2

As the need for collaboration in healthcare grows and patients become increasingly engaged in their care process, organizations are  being challenged to deliver information to their stakeholders electronically. This process engenders the need for strong privacy and security controls, particularly as it relates to Personal Health Information (PHI) as defined and regulated by HIPAA.

Within this context, major healthcare trade associations have recommended the adoption of NIST SP 800-63-2 as the benchmark e-authentication standard for their members. Examples of these recommendations appear below.

  • HIMSS Recommendation re: Patient Identification

  • AHIP Recommendation re: Patient Identification



NIST Electronic Authentication Standard 800-63-2

Electronic authentication (e-authentication) is the process of establishing confidence in user identities electronically presented to an information system. E-authentication presents a technical challenge when this process involves the remote authentication of individual people (or devices) over an open network, for the purpose of electronic communications, collaboration, and commerce. NIST SP 800-63-2 defines a technical and policy framework for creating digital credentials suitable for these purposes.

HealthIDx issues Level of Assurance (LoA) 1 through 3 e-authentication credentials as specified by the NIST standard.  


Download Full document – NIST SP 800-63-2.