2020-03-17 Meeting notes

Kantara Educational Foundation  Board

• Sal summarized update to education board meeting

• Positive feedback, wiki is Helpful, timing is very good

• Have a month to craft to propose to the Keefe board ($12,000 in bank account.) suggested deadline for draft proposal March 31.

• Informal FIRE WG call next week

• Jim suggests starting with a portion of the 12K and get a match from another org. Mary agrees

• Sal will present proposal at next board meeting

Strategy per Mary

• Current grant proposal draft: https://docs.google.com/document/d/1G7TQLLCOAF6agfBRZbmhSIeuT_qBKXWWT8Iw7OoeZVw/edit

• Our request is $15000. Could start with $5K plus matching, with limited scope, tighten focus to coronavirus response.

• Crash could be a problem as foundations likely lost a lot in market this week.

• Actions: Mary will send document to team with comments Wed, agreement by Thursday. Sal will work on it with her. Then Sal can present to board.

NIST 800.53

Look through at document Jeff essential to email group regarding privacy framework.p in section 3.7

• https://csrc.nist.gov/CSRC/media/Publications/sp/800-53/rev-5/draft/documents/sp800-53r5-draft-fpd-summary-of-significant-changes.pdf

• Significantly different. Will need to dissect line by line.

• Our team should review section 3.7.

• Comments due on May 15. (extended due to coronavirus)

Healthcare OpenID

High assurance ID Token

• https://wiki.idesg.org/wiki/index.php/Healthcare_OpenID#Problems

• Coordinate with HEART working group at OpenID Foundation, so we don’t compete.

• Two focus activities/solutions

  • In particular look at the information that is created in a High Assurance ID Token that would address the needs of both the TEFCA requirement for high-assurance as well as the needs for self-sovereign identifiers.

  • In particular focus on how the patient can know that any given web site can be trusted with their protected health information (PHI). A good approach might be to enable the Entity Statement of the OpenID federation specification.

  • From the user perspective dynamic registration of HIPAA compliant web sites should not be allowed as a web site either has a current certificate or it does not,

•  

  • Adopt a paradigm shift to documents that are problem oriented rather than solution oriented. For example the FAPI specifications of the OpenID foundation is oriented to solutions for financial payments from users.

  • Focus only on new specifications that feature the goals of the Cares Act, such as giving the Patient Choice in how their information is accessed,

• Third task is more housekeeping

•  

  • Bring up a GitHub repository and deprecate the bitbucket repository.

• Proposes a liaison between the two committees.

•  

  • Vote to allow Tom to serve as liaison to HEART. Unanimously passed.

  • Their next meeting is March 23. Jim will attend as well.

  • Tom will share our working document.

  • Tom suggests also bringing up the grant proposal.

• https://github.com/KantaraInitiative/DistributedAssurance/issues

Other Business

Information Sharing Interoperability (ISI WG) (Mark)

• Taxonomy for medical research information

•  

  • Patient information

  • Clinical information, filter EHR with patient permission.

  • European, US, Canadian

Liaison to board (KenDagg)

• Leadership council blog on Confluence.

• Jeff posted his recent update with Noreen’s comments to the blog 

• Need to be able to edit the wiki to contribute. 

• https://kantarainitiative.org/confluence/pages/viewrecentblogposts.action?key=LC

• https://kantarainitiative.org/confluence/pages/viewpage.action?pageId=125469251