We have a web service that we will be hosting on a public web server and it will be contacted by web services hosted on web servers within the walls of a hospital. We have writ
You probably want to use something like OAuth:
http://oauth.net/
You can then use it with WCF to provide an endpoint.
From there, you would want to map the claims to an internal id for the customers (you would have to determine what this mapping is).
This way, you don't have to rely on issuing anything to anyone, all you have to do is create the mapping based on the claims sent to you.