2015-02-12 Meeting Notes

Date

Feb 12, 2015

Status

DRAFT Meeting Minutes

Date and Time

Attendees

  • Rich Furr
  • Barry Hieb
  • Bill Braithwaite
  • Minze Chen
  • Remy Lyle
  • John Fraser
  • Ishmal Bartley
  • Greg Keegstra
  • Rick Moore
  • Nathan Faut
  • Pete Palmer

Quorum reached.

Agenda

  1. Administration:
    1. Roll Call
    2. Agenda Confirmation

  2. Discussion -  Expert Advice Request from FICAM - This is how the meeting was framed.

    1. After our recent hiatus, we are reconvening the Kantara Initiative Healthcare Identity Assurance Work Group (HIAWG) tomorrow.

      We have received a request from the Federal Identity, Credential, and Access Management (FICAM) to deliver guidance from healthcare industry stakeholders as to the role that Trust Frameworks can play to ensure universal identity interoperability within healthcare, and between healthcare and other sectors.

      Thursday’s meeting will serve as a kick off session where we will plot out our goals and course of action to satisfy this request.  We will send out an agenda ahead of time.

      Our goal is to provide industry expert recommendations for broad interoperability and adoption of identity services in healthcare.  Specifically, we'll capture clear areas of alignment for interoperability and cross recognition, while identifying areas where unique attention is needed. 

      The discussion will be deeply strategic, with the ability to impact your organizational position in the healthcare identity services landscape. We recommend that your organization make every effort to join us for this kick-off.  

      We look forward to having your participation.  Please forward this to any stakeholder you think will benefit from this effort or be able to make substantive contributions.

    2. Pete reviewed the initial call with FICAM's Anil John and his team and Peter Alterman
    3. Rich Furr stressed the federal government has created confusion in the Healthcare space with their various programs (e.g. DEA, ONC, CMS, VA, and so on) 
    4. Pete described that various (and seemingly overlapping trust framework accreditation programs that we have to consider (e.g. FICAM, FBCA, EHNAC, and HITECH)
    5. Ishmal Bartley brought up HITRUST, a deriviative of ISO 270001 
    6. Barry said its all about ROI, and if we don't that right, we are wasting our time.
    7. Pete expressed the need for more healthcare industry RPs
    8. Group agreed to provide feedback via a paper, based on real life use cases/pain points
    9. Bill Braithwaite describe a parallel effort at HIMSS.  Groups should cross pollinate.
    10. Feedback from Bill Braithwaite and the HIMSS Identity Management Task Force:
    11. All mechanisms or processes that provide electronic access to protected health information (PHI, as defined by HIPAA) must be capable of employing user identity proofing and authentication at a high level of confidence equal to or equivalent (as determined by a documented HIPAA risk analysis) to National Institute of Standards and Technology (NIST) Level Of Assurance (LOA) 3.  All users must pass such high confidence identity proofing before being allowed electronic access to PHI.  All users must pass such high confidence identity authentication (i.e., two factor authentication or TFA) before being given remote access to PHI on more than one individual.  Any individual who requests electronic access to their own PHI through a mechanism or process that bypasses such high confidence identity authentication (as allowed by HIPAA) must be informed about the risks before being given such access.
  3. Overlap Group update (Rich Furr)
  4. Metrics Group update (Bob Sullivan)
  5. AOB
  6. Adjourn

Attendees

Goals

Discussion Items

TimeItemWhoNotes
    

Action Items

  •