1 / 7

Implementing Knowledge Based Authentication at Kaiser Permanente's Online Health Portal

In 2008, Kaiser Permanente (KP.org) adopted Knowledge Based Authentication (KBA) to enhance security for new online account creations on its consumer health portal, which serves millions. KBA streamlined the process, allowing users to establish accounts quickly while securely accessing medical records, lab results, and more. The implementation, spanning 18 months, involved defining the problem, proposing solutions, completing purchases, and refining the user experience. This multi-step approach ensured ongoing success and adaptation to user needs, fostering a safe online environment for health management.

triage
Télécharger la présentation

Implementing Knowledge Based Authentication at Kaiser Permanente's Online Health Portal

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. What Kaiser Permanente Did • In 2008, KP.org began using Knowledge Based Authentication (KBA) as the main security control for the online establishment of new accounts on KP.org, a transactional consumer health portal with over 3 M accounts, which adds 60K to 80K new accounts each month. On the portal, users can view parts of their medical records and lab test results, securely email physicians, refill prescriptions and complete other sensitive transactions. Using KBA, accounts can be established and used within one Web session. The process, from exploration to full implementation, took approximately 18 months.

  2. Step 1: Define a Problem • What is the problem? • Who thinks this is a problem? • Who has money to solve the problem? • What constraints are there to solving the problem? • What new problems will be created by solving this problem?

  3. Step 2: Propose a Solution • So what do you know? • So who do you know? • So how can you know? • So what will it cost? • So who has to weigh in? • So can you get approval?

  4. Step 3: Complete a Purchase • Invite • Select • Negotiate • Interrogate • Agree • Comply • Buy

  5. Step 4: Make it Work • Create requirements: happy and unhappy paths • Technical • User interface • Run proof of concept: happy and unhappy paths • Technical • User interface • Build/Test/Refine • Prep the System: totality of workflow • Launch • Soft • Progressive • Full

  6. Step 5: Keep it Working • Watch • Talk • Tweak • (repeat)

More Related