5 min | - Call to order
- GPA reminder
- Roll call
- Agenda bashing
- Organization updates
| Chair |
|
| Introductions | All | Welcome!
|
| Discuss the discussion group - Goals, approach, desired outcomes (Charter material)
- Terminology page
- Use case template page
| Chair |
|
| Schedule updates - Status
- Issues
- Next period plan
| Chair | calendar |
---|
id | 308e504f-b7f1-4b7c-90ae-ac5684fb7c65 |
---|
|
|
| Contributions updates - Status
- Issues
- Next period plan
| Chair | Use Case Contributions UC01 New patient registration current.pdf UC02 New patient registration future.pdf - Catherine walked through the current state use case for patient registration (proofing)
- Note that the preconditions are significant for Healthcare scenarios
- PII collected at registration is collected to identify and lookup the patient for verification and de-duplication
- The query step occurs because even if the patient has never visited the org, they might be in the EMR for other reasons - visit related organization, mergers/acquisitions of other orgs, etc
- Patient Insurance Confirmation - this is included to contrast that this is NOT an identity assurance process - eligibility check
- Future state process walkthrough
- There are initiatives moving towards this future state where identity proofing / assurance is mandatory - e.g. NIST 800-63-3 IAL2
- Note that patient still gets health care even if they do not achieve IAL2
- Note the increase of machine processing and assistance used to increase assurance
- Note that there are alternate flows not described for undocumented patients like the very young
- Q: Does this cover subsequent-visit authentication? A: Correct - these are about NEW patient proofing, not returning patient. There's another set for returning patient.
- Increasing use of biometric identification/authenticators for returning users - palm vein, fingerprint - used to locate the correct clinical records.
- Q: Is the mention of IAL2 deliberate? A: Yes - there are incoming regulations that will require it.
- Q: Which version of 800-63? A: 800-63-3 - will specify that reference in future revisions
- Q: 63-3 requires verification with issuer - how do you do this? A: Credential document validation can be done by companies like IDEMIA and others. Then do a biometric compare of license to physical person.
- Q: Don't see how the non-actor stakeholders interests are met - e.g. if the person failed identity assurance how are their interests met - e.g. if not identified, then insurance payment needs not met - what alternative flows need to be documented to satisfy those stakeholder needs?
|
| Writing teams updates - Status
- Issues
- Next period plan
| Chair |
|