Versions Compared

Old Version 34

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Martin Smith

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • WG NAME: Healthcare Identity Assurance

...

  • Work Group (

...

  • HIAWG)


  • PURPOSE:


The Healthcare Identity Assurance Work Group shall design, implement and test reference applications for secure access to health information. Two use cases are proposed that would be developed and supported as part of the work group. One is for consumers to be able to access their health records with a standardized login system, and secondly, a way for healthcare workers to access secure health information.

The goal of this activity is to engage the broadest community participation to facilitate the adoption of the reference implementations and specifications by the healthcare industry, worldwide.Specific goals of this group are to:

2.1 Develop a reference implementation for consumer access, using open source solutions.

2.2 Develop a reference implementation for healthcare workers access to critical health information using open source solutions.

2.3 Review and endorse an identity assurance framework to support secure information sharing between authenticated individuals and systems to support HIEs and NHIN.

2.4 Recommend all or parts of these systems to be integrated with the emerging US Nationwide Health Information Network (NHIN) being developed by the US Department of Health and Human Services and the Offices of the National Coordinator.

2.5 Educate the community on how the system should operate and how such a system should function.

2.6 Work with the vendor community to ensure interoperability between systems.

(3) SCOPE:

The Healthcare Identity Assurance WG is chartered to:

3.1 Work with US and international groups including but not limited to: NHS-UK, National Healthcare Systems (Potentially within the following countries: Sweden, Denmark, Japan and South Korea), Health Information Exchanges (HIEs) and similar US groups to recruit them into these discussions to provide the broadest possible input. Also coordinate with US federal agencies involved with health care exchanges for example Veterans Administration, Indian Health Service, Department of Defense, Centers for Disease Control, Centers for Medicare and Medicaid and Social Security Administration.

3.2 Provide input to US federal health information standards, for example HITSP and CCHIT, to ensure alignment with emerging federal standards.

3.3 Consumer health records access:

3.3.1 Reach out to other appropriate groups to invite participation, including organizations that already "vet" large groups of consumers, like banks, insurance companies, AAA, etc.

3.3.2 Discuss and identify the many different ways consumers are likely to access health information, including Personal Health Record systems, web-based, cell phone, Instant Messaging and social networking services.

3.3.3 Discuss and recommend how healthcare enterprises will deliver this functionality while meeting all regulatory obligations as set by various bodies worldwide, including the issues of patient privacy, security and patient consent issues.

3.3.4 Educate the healthcare community on the principles of consumer identity management.

3.3.5 Coordinate with Identity Assurance and Accreditation Work Group (IAA WG).

3.3.6 Discuss and identify feasible, reliable and economic methods for consumer authentication and identification.

3.3.7 Review appropriate ASTM and similar standards surrounding patient identification and incorporate patient identification services in the discussions.

3.4 Healthcare worker health records access:

3.4.1 Develop standardized use cases for healthcare worker access to health information

3.4.2 Develop standardized use cases for healthcare worker access to healthcare information during emergencies and for natural disaster

3.4.3 Develop standards for this exchange for countries beyond the US.

3.4.4 Discuss, identify and/or develop a set of "Trust Roles" that can be exchanged between systems.

3.5 General Goals:

3.5.1 To act as an information gathering body within Kantara Initiative that tracks significant trends in regulation affecting Healthcare IT worldwide and to feed this information back to the appropriate groups within Kantara Initiative, and where appropriate, with recommended actions (e.g. to respond to the US Government Request for Information)

3.5.2 To provide Kantara Initiative with spokespersons on healthcare identity assurance related topics.

3.5.3 Provide Kantara Initiative with subject matter expertise regarding the unique identity management and regulatory challenges facing the healthcare industry.

3.5.4 To provide inputs for external communications, such as collateral materials and contributed articles.

3.5.5 Where appropriate, take part in the identification and planning of healthcare industry events.

(4) DRAFT TECHNICAL SPECIFICATIONS:
No technical specifications will be developed in this WG.

(5) OTHER DRAFT RECOMMENDATIONS:
Develop appropriate White Papers and Technical Reports.

5.1 Develop Implementation Guidelines with specific focus toward coverage of the Venn of Identity protocol including: ID-WSF, SAML 2.0, Infocard and OpenID. For each of these protocols, this WG will develop a mapping and accompanying guidelines to serve as a reference to Healthcare industry workers and consumer users explaining which protocol is appropriate in each Assurance Level context (where Assurance Levels are defined in the Liberty Identity Assurance Framework).

5.2 The WG will work to deliver these recommendations, reports and papers by the close of Q2 2010. This projected schedule may be amended from time to time as and needed and the work develops.

(6) LEADERSHIP:
John Fraser, MEDNETWorld.com, co-equal co-chair
Pete Palmer, SureScripts, co-equal co-chair
Rick Moore, eHealth Ohio, co-equal co-chair

(7) AUDIENCE:
The audience for this work group include:

7.1 Developers and users of protocols including but not limited to: ID-WSF, SAML 2.0, InfoCard, OpenID, and open-source developers and industry vendors and similar groups.

7.2 Healthcare standards groups including: NHIN Committees, Health Information Exchanges (HIEs), HL7, HITSP

7.3 End users including consumers patients healthcare providers and public health groups

(8) DURATION:

8.1 The Kantara Initiative Leadership Council charters the Healthcare Identity Assurance Work Group which is intended to be a standing WG to address work that is expected to be ongoing. This charter may be amended from time to time, with changes approved by the Leadership Council.

(9) IPR POLICY:
9.1 Kantara IPR Policy - Creative Commons Share Alike Option

(10) RELATED WORK AND LIAISONS:

10.1 Other national health care systems

10.1.1 Recommendations for a Unique Health Identifier for Individuals for Ireland
See: http://www.hiqa.ie/media/pdfs/Unique_Health_Identifier_Report.pdf

10.2 Liaisons with these Kantara Initiative Work Groups:

10.2.1 Identity Assurance WG - Liaise with Identity Assurance WG to be sure that deployment guidelines, papers and other deliverables of each WG are aligned with the needs of the Healthcare industry with particular attention to the Levels of Assurance and the various contexts that would requre Assurance needs.

10.2.2 Consumer Identity WG - Liaise with Consumer Identity WG to share a Healthcare Identity Assurance view and feedback where it would apply to the consumer.

10.2.3 Privacy and Public Policy WG - Liaise with P3WG to share a Healthcare Identity Assurance view and feedback where it would apply to business and government policy development.

10.3 Healthcare standards and projects

10.3.1 Nationwide Health Information Network (NHIN) - provide connectivity to the groups developing this system through the US Department of Health and Human Services.

10.3.2 HITSP General Information from June 27, 2008 Teleconference

10.3.3 HITSP 08 N 325 - 2008 06 09 AHIC-UC 2009 APPROVED Use Case Extensions and Gaps v3.0 from June 27, 2008 Teleconference

10.3.4 IDENTITY CRISIS - An Examination of the Costs and Benefits of a Unique Patient Identifier for the U.S. Health Care System - a new RAND Study

10.3.5 Patient Card Numbering Proposal Q&A from March 7, 2008 Teleconference

10.3.6 New SPI-TC Constructs and Updates to Existing Specifications with Authors from June 27, 2008 Teleconference

10.3.7 Identity Assurance Framework Presentation from July 11, 2008 Teleconference
SPI-TC Work Item Matrix from July 11, 2008 Teleconference

10.3.8 HITSP Security, Privacy and Infrastructure (SPI) definitions for Identity Assurance under the Technical Note 900 (TN900), individual Interoperability Specifications/Service Collaboration for C19 - Entity Identity Assertion, TP20 - Access Control, T17 - Secured Communication Channel and SC108 - Access Control (Revision 1.3, July 8, 2009) http://wiki.hitsp.org/docs/TN900/TN900-1.html

10.3.9 NIST SP 800-60 Rev. 1 Vol 1 & 2 - Guide for Mapping Types of Information and Information Systems to Security Categories August 2008

10.3.10 NIST IR 7497 Draft Security Architecture Design Process for Health Information Exchanges (HIEs) January 2009

10.3.11 NIST SP 800-122 DRAFT Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) January 13,2009

(11) CONTRIBUTIONS (optional):

(12) PROPOSERS:
John Fraser, MEDNETWorld.com
Pete Palmer, SureScripts
Richard Moore, eHealth Ohiopurpose of the Work Group is to support the healthcare industry in providing identity and access-management (IAM) solutions that respect privacy, promote efficiency, limit redundancy, reduce barriers to use/adoption, increase interoperability, improve security, enhance safety and trust, support resiliency, and achieve patient empowerment across the entire industry.

The HIAWG will identify, coordinate, and harmonize with ongoing and emerging healthcare identity initiatives, standards, and technologies, and communicate our findings to all stakeholders in the healthcare industry and particularly patients both in the US and selectively, around the world.  We will embrace efforts to influence policy makers, thought leaders, government agencies, and private sector entities through education and advocacy.

The ultimate goal of the WG is to provide the coordination, leadership, and technical support necessary to ensure widespread adoption of the Identity Ecosystem Framework (IDEF) across the entire healthcare community.


  • SCOPE:

The WG's primary focus is to adapt the IDEF framework to the specific requirements and use-cases of the healthcare sector, and to encourage adoption of this profile of the IDEF throughout the healthcare community. Activities supporting this focus will include:

  • Working with the Federation Identity Resilient Ecosystem (FIRE) and Identity Assurance WGs to develop a healthcare profile of the IDEF, and associated criteria for assessing conformance with the profile.
  • Providing input to the FIRE WG on new, revised or clarified features and scope needed for IDEF to fully support the use-cases and constraints of healthcare operations.
  • Making recommendations to and responding to proposals of the US and other national  healthcare industry associations, advocacy organizations or government agencies. The WG will address the identity technology and policy requirements of the healthcare community, and promote cross sector discussion of risk, liability, operation, policy, security and regulation.
  • Promoting wide healthcare-sector awareness and adoption of identity architectures and practices that are consistent with IDEF principles (i.e., with a healthcare profile of the IDEF.)
  • The WG will encourage healthcare service providers to use Kantara Initiative’s (KI) IDEF Registry to self-assess their conformance with relevant IDEF Requirements, pending availability of a KI-managed assessment scheme for third-party assessment of a healthcare profile of the IDEF.
  • Within the Kantara Initiative, seeking to leverage and integrate the work of other WGs as building blocks for a healthcare profile of the IDEF
  • Providing Software is currently out of scope


  • DRAFT TECHNICAL SPECIFICATIONS:

The following technical specifications may be developed in 2019-20:

  1. Jointly with FIRE WG, a draft Healthcare Profile of IDEF 1.0.
  2. In coordination with IAWG and FIRE WG, draft criteria for assessment of conformance with the Healthcare Profile of IDEF.


  • OTHER DRAFT RECOMMENDATIONS:

The following draft recommendations and reports may be developed in 2019-20:

  1. A draft Report including a high-level statement of identity infrastructure requirements for the healthcare sector and a mapping between IDESG Principles and these requirements.
  2. With the recent renewed and growing interest in unique patient identifiers, we will explore that issue and offer recommendations 2019-20.


  • LEADERSHIP:

As of August 2019, the Working Group is operating with interim leadership transitioned from the IDESG Healthcare Committee:

  1. Chair –  Thomas Sullivan, MD
  2. Vice-Chair – Jim Kragh

The Working Group is soliciting indications of interest in filling the following permanent leadership roles, and will conduct elections shortly:

  1. Chair
  2. Vice-Chair
  3. Editor

The Working Group also anticipates that the permanent Chair will appoint a Secretary. Duties of the persons occupying these roles are as defined here.


  • AUDIENCE:

The immediate target audience for the work of the WG is providers of identity related products and Internet services to the healthcare sector (primarily in the United States), as well as the relying-party healthcare and related information service providers that require interoperable IAM products and/or services to support secure transactions and compliance with security, privacy or other regulations.

The WG’s specifications and recommendations will be of interest also to healthcare and privacy policy-advocacy groups, and governmental authorities responsible for regulating healthcare who develop regulations to meet their security, privacy, etc. goals. HIAWG recommendations will assist them in specifying regulations and guidance that are both practical and effective.

The most important beneficiaries of the HIAWG’s work will be the healthcare consumers (patients and their families) and healthcare professionals who interact with or whose personal information is protected by identity systems. However, these individuals are not expected to use HIAWG artifacts except indirectly as trust-marks provide evidence of healthcare providers’ implementation of best practices for protection and reliability of identity data.  


  • DURATION:

The HIAWG's program of promoting the implementation of and identity architecture in the healthcare sector that is consistent with the principles of the IDEF is anticipated to be on-going. 

This Charter covers the period through December 31, 2020


  • IPR POLICY:

The Work Group will operate under the Kantara Initiative IPR Policy, with the following option as defined in Appendix D of that policy:  Copyright: Creative Commons Attribution-Share Alike (CC A-SA)

 

  • RELATED WORK AND LIAISONS:

Evolution of the IDEF Framework as managed by the FIRE WG is directly relevant to the HIAWG, which may also provide input to the FIRE WG regarding enhancements to the Framework to address healthcare-specific use cases.

The HIAWG also anticipates developing a healthcare profile of IDEF in coordination with the FIRE WG. In connection with this project the HIAWG anticipates working closely with the Identity Assurance WG (IAWG) and the FIRE WG to develop criteria for assessing conformance with a “Healthcare Profile of IDEF” which might be used by the IAWG and IAB to offer certification to healthcare providers (as relying parties) and IAM product and services vendors.

Because patient privacy is a priority concern of the healthcare industry, the HIAWG also expects to maintain active liaison to the User Managed Access (UMA) WG and other privacy related Kantara initiatives.

Informal external liaison will be maintained with major healthcare identity initiatives (e.g., the CARIN Alliance) and with principal policy authorities like the US Office of the National Coordinator for Health Information Technology (HHS/ONC), via HIAWG members’ participation in committees, task forces and events sponsored by those organizations.

  • CONTRIBUTIONS:

The WG will build on the IDEF framework artifacts in Kantara Initiative Educational Foundation  Inc. (KIEF)—Functional Model, Requirements and Supplemental Guidance, and Glossary—plus an IDEF-KI Mapping and the work of the IDESG Healthcare and other Committees' work-in-progress toward revision of IDEF.


  • PROPOSERS:

Tom Sullivan, MD   -- sullivan@massmed.org  –  Individual Member

Barry R. Hieb, M.D.   –    bhieb@vuhid.org   –  Individual Member

Jim Kragh   --    kragh65@gmail.com  –  Individual Member

Catherine Schulten   –     catherineschulten@yahoo.com   –  Individual Member

Martin Smith    –     martin.smith@acm.org   –  Individual member

Peter Palmer -  petep2302@yahoo.com   –  Individual Member

Thomas Jones – thomasclinganjones@gmail.com  –  Individual Member

Les Chosen –    les.chasen@valididy.com   –  Corporate Member

 

Approved HIAWG 9/26/19

-------------

Downloadable version (PDF):

View file
nameHIAWG Charter--Approved LC 2019-11-14.pdf
height250


History

Date

Note

August 19th, 2009

The Leadership Council ratifies this charter for operation.

November 7, 2019Leadership Council approves HIAWG re-charter (v.36)