E N D
What Kaiser Permanente Did • In 2008, KP.org began using Knowledge Based Authentication (KBA) as the main security control for the online establishment of new accounts on KP.org, a transactional consumer health portal with over 3 M accounts, which adds 60K to 80K new accounts each month. On the portal, users can view parts of their medical records and lab test results, securely email physicians, refill prescriptions and complete other sensitive transactions. Using KBA, accounts can be established and used within one Web session. The process, from exploration to full implementation, took approximately 18 months.
Step 1: Define a Problem • What is the problem? • Who thinks this is a problem? • Who has money to solve the problem? • What constraints are there to solving the problem? • What new problems will be created by solving this problem?
Step 2: Propose a Solution • So what do you know? • So who do you know? • So how can you know? • So what will it cost? • So who has to weigh in? • So can you get approval?
Step 3: Complete a Purchase • Invite • Select • Negotiate • Interrogate • Agree • Comply • Buy
Step 4: Make it Work • Create requirements: happy and unhappy paths • Technical • User interface • Run proof of concept: happy and unhappy paths • Technical • User interface • Build/Test/Refine • Prep the System: totality of workflow • Launch • Soft • Progressive • Full
Step 5: Keep it Working • Watch • Talk • Tweak • (repeat)