2020-04-14 Meeting notes

Date

 

Attendees

Regrets:

Agenda

  • Roll call
  • ONC Submission
  • Grant Proposal (Discussion postponed)
  • Comments ref NIST national call last Wednesday ref 800-53 rev 5
  • Resource Server

Discussion items

TimeItemWhoNotes

Roll Call

Roll Call




ONC Submission

2) Tom: To discuss recommended changes; WG vote to advance as a Kantara document......Tom sent the ONC Submission icon/link late yesterday afternoon for your review; please do before meeting so we can have an interactive discussion. The goal, if there is WG acceptance, is to share this later in the week ONC

Tom Sulllivan noted the Fedswant to eliminate the doctor and have the patient be able to look up copays and service costs. Requires record of patient identity and matching to record.

Tom S will get CARIN alliance goals and will connect with Puja Barbara Point of Care Partners, on board of NCPDP, Ariizona

Updates to our draft document (Email attachment: ONC submission-draft2-200412.docx):

Getting user consent

  • Accesses specifically authorized by patient and not specifically authorized (Break-the-Glass situations: emergency/ambulance)
  • Edit “health data repository” (data controller in GDPR; not necessarily the originator)
  • Edit “physician” to “physician, patient and other providers”

Grant Proposal

Mary to discuss itemized budget for the grant writer that will aide us in compiling an estimated sand box demo budget for $1-1.5 mil

Mary is at IEEE so can’t update. Needs to be done before our next meeting since the next board meeting is sooner.


Comments ref NIST national call last Wednesday ref 800-53 rev 5

4) Jeff) Comments ref NIST national call last Wednesday ref 800-53 rev 5

    https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/draft

Jeff assessment:

  • Next generation of security, privacy controls. Comprehensive set of controls. Does not specify an industry. Addresses identity at a high level (access control)
  • Not directly impactful to our project, but we should pay attention to it.
  • Revision 5 ties privacy and cybersecurity under a single document.
    • More outcome based controls
    • Integrating more in the document itself
  • Jim notes that 16 critical infrastructure each creating their own guidelines. We’ve targeted healthcare initially but not exclusively.
  • Comment period is extended due to coronavirus (sec-cert@nist.gov). Jeff will watch the comments, doesn’t have any to make

Jim spoke to Chrissy @ NIST. When they get out with federated section C, we will want to review.

Covers medical/scientific research and healthcare practice

Most funding for medical research now comes from the private sector. NIST has authority to make recommendations to NIH on security for ecommerce.



Resource Server

Tom, Resource Server discussion ( a non-gov process similar to item 2)

https://wiki.idesg.org/wiki/index.php/Resource_Server

International Engineering Task Force (IETF)

  • Recasting our work in IETF language and updated Transfer of PHI graphic.
    • Identity Proofing, green entities
    • Authentication, blue entities
  • Transactional Authorization and Delegation (TXauth): https://datatracker.ietf.org/wg/txauth/about/
  • Working on OAuth 3.0. Tom J is asking them to consider our work when they update the OAuth spec.

ID.me: credential provider (identity proofing), but not authentication/identity token provider.

Action items

  •