BACKGROUND
Patient portals for electronic health records are becoming increasingly prevalent and important, allowing users to communicate with clinicians, access labs and test results, schedule vaccination appointments, and track health conditions. Their use requires another set of logins and passwords, which can become increasingly unwieldy as patients have records at multiple institutions. Social credentials (e.g. Google, Facebook) are often used in the private sector to allow users to log into websites and can reduce password burden.
OBJECTIVE
The objective of the Single-FILE (Single Federated Identity Login for EHR) project was to test the feasibility and acceptability of implementing social credentials into a portal for patients with records at two institutions, Cedars-Sinai Medical Center (CSMC) and the California Rehabilitation Institute (CalRehab).
METHODS
We provided a portal that allowed patients to use a federated identity to access to multiple EHR patient portals with a single sign-on. The federated identity could be either a social identity (Google or Facebook) or one created and managed within Single-FILE. Binding the federated identity to the patient’s EHR identities was performed by confirming the patient had a valid EHR portal login and sending a one-time passcode to a telephone (SMS text or voice) that was stored in the EHR. This step reduced the risk that the binding was being performed with stolen EHR portal credentials since the one-time passcode was being sent a device that was already registered in the EHR. After the binding, the patient could use their federated identity to access their EHR portals at both CSMC and CalRehab.
To evaluate the feasibility and acceptability, we recruited patients and/or their caregivers from CalRehab who were (1) 18 years and older, (2) had patient records at both CSMC and CalRehab. Next, we signed up patients onto the Single-FILE portal and connected their patient records. A short qualitative interview was conducted to assess interest and use of the patient portal. Thirty days after sign-up, we called the patients and reviewed use logs to measure use of the Single-FILE portal.
RESULTS
We enrolled 8 patients and/or their caregivers (spouses or siblings) into the study. Eight patients and/or their caregivers were interviewed at CalRehab, Patients enrolled were predominantly White (88%) and non-Hispanic (62%). Patients noted that they appreciated only having to remember one login as part of Single-FILE and being able to sign up through Facebook. However, we did not see use of Single-FILE by patients after they signed up.
CONCLUSIONS
The implementation of Single-FILE demonstrated that it is possible to safely bind a social identity to an EHR identity. The use of the one-time passcode sent to the patient’s EHR phone number provides a high degree of confidence that the binding is valid. However, we did not see use by patients of the Single-FILE portal after signup. We hypothesize that patients typically use the patient portal when they receive an email/text from the site that an appointment is upcoming, lab results are available, etc., which then takes them directly to the portal and not to Single-FILE. In other words, use of the patient portal is typically reactive rather than proactive, which limited the use of Single-FILE. Despite this limitation, we found that Single-FILE demonstrated a patient can use an identity they are comfortable with (i.e. social identity and associated credentials) to safely ease the friction associated with access to EHR data.