HIA WG Concall 2011-06-23 Minutes

Kantara HIAWG Teleconference

Date and Time

  • Date: Thursday, June 23, 2011
  • Time: 10am PST | 1pm EST | 5pm UTC | 7pm CEST (Time Chart)

Attendees

  • Tony Goulding
  • Chris Miles
  • John Fraser
  • Laurie Tull
  • Mickie Tevelow
  • Kay Bross
  • Dan Combs
  • Pete Palmer
  • Barry Hieb
  • Bob Pinheiro
  • Anna Ticktin
  • Bill Braithwaite
  • Rich Furr
  • Lara Zimberoff
  • Rick Moore
  • Daniel Bennett
  • Dazza Greenwood

Apologies

  • No Apologies

Agenda

  1. Intro
  2. Roll Call
  3. Approval of Minutes
  4. NSTIC Workshops
    1. Privacy and Usability
      1. http://www.nist.gov/itl/nstic-privacy-workshop.cfmor http://discuss.nstic.us/nstic-privacy-and-usability-workshop
      2. Discussion - http://discuss.nstic.us/privacy
  5. PIDS Face to Face, MIT Media Lab
    1. Registration and information http://pids.eventbrite.com
  6. PIDS Document (partial draft)
    1. Review and discussion - https://join.me/citizencontact
  7. Other Business
  8. Adjourn

Minutes

1. Intro
2. Roll Call

See above.

3. Approval of Minutes

Approval of minutes postponed to 7/7 call.

4. NSTIC Workshops

Dan Combs: The NSTIC Workshop is coming up next week at the MIT Media Labs.  Privacy and Usability workshop is focused on privacy and privacy enhancements. We have been helping to make arrangements for the workshops. Dazza has been on the ground in Cambridge – he had been associated with MIT Media Labs in the past and was asked to facilitate the arrangements. We’ve all been working on logistics for the event. It will start Monday morning and will last until about 2:15 on Tuesday. I believe the agenda has been circulated. Any questions about the NSTIC event?

John: Quick overview of what happened in the first NSTIC workshop?

Dan Combs: First workshop on governance (250-300 people involved) had a lot of interesting discussion, everything from “it’s not needed” to “there should be a law” and everything in between. There were 4 main buckets of questions – governance structure, initiation, international collaboration, and who stakeholders should be.

John Fraser: see first link from agenda for link, click and see lower left for pictures and notes. www.nist.gov/nstic

Pete: Peter Alterman gave a presentation that had one slide stating it’s his assumption that health IT is going to be the lowhanging fruit that gets these credentials in provider and patient hands. As health IT systems roll out, people are going to have to get trusted credentials to have access to PHI, and he was adamant about this.

Daniel Bennett: One of the funny things from the event was the question we got about how stakeholders could avoid being a part of this, which was interesting. There will be ways to participate in the event online if you’re not able to attend in person.

Dan Combs: In terms of what Pete discussed a moment ago, we’ve been making that direct case in the context of the PIDS project to the leadership of the NSTIC group for over a year now. I think the various efforts to get that message across have been pretty successful.

Bob Pinheiro: One of things mentioned at OIX conference is that there’s no real presence of relying parties. With healthcare, I think it’s important that relying parties are actually attending these meetings. Seems like they may need more incentive to participate.

Daniel Bennett: We are reaching out to those stakeholders in PIDS.

Dan Combs: We’ve also been specifically reaching out to patient advocates. We’re working with the whole supply chain for participation.

Pete: If we could go around on the call and see if people are attending in person or remotely

Pete – remotely
Bob – in person
Daniel, Dan, and Dazza – in person

5. PIDS Face to Face

Dan Combs: We’ve been closely with the NSTIC Leadership who will be participating in the PIDS event. The NSTIC event will end at 2:15 on Tuesday, so I’m guessing at 2:45 the face to face will start. We will go through a round of welcomes. Ray Campbell will be speaking. Additional speakers will present on the importance of the two groups working together to solve existing problems, legal issues, business issues, technical issues, implementation, etc. There will be an overview of the project and we will go through a few demonstrations of various components that can work as partial solutions or models that will fit into an open architecture.

Bob Pinheiro: What exactly is a safe credential?

Rich Furr: We are in the process of implementing a non-PKI credential for the application. It consists of two credentials – a 2 factor non-PKI, and a digital identity certificate hosted in the cloud.

Dan Combs: We’ve said this a number of times to NSTIC leadership – if possible, we want to be the first project that NSTIC approves.

Bob Pinheiro: My understanding is that NSTIC is going to put in place an overall set of rules that establishes how trust frameworks interoperate.

John Fraser: In our environment, what will NSTIC require in order to be compliant?

Rich Furr: The constant mantra from the government is that they want NSTIC to be industry-driven. We influence this through industry participation in NSTIC.

Dan Combs: Over the course of this project, we’ve had a number of conversations bringing up the same issues and addressing John’s questions. We anticipated that there are going to be issues when dealing something as broad as the healthcare space. We have to figure out who people are and understand what credentials they have, how to leverage what’s already been issued, and make those interoperable.

John Fraser: I’m a little concerned that given the different groups, such as ONC, NSTIC, that we may have to pick something and get it into the prototyping stage and not wait until the dust is settled.

Dan Combs: That’s exactly the approach we’ve collectively come to. These choices will be made in Phase 2 as a result of participation from various entities. We anticipate that there may well be additional phases in which we address other issues that come up as more details become apparent.

Rich Furr: Direct project nor ONC is currently even considering individual authentication, they are purely focused on organizational authentication. I have been working on a sub-group of the Direct project and we are starting to talk a little bit about individual authentication. I know that the VA is currently looking at authentication through the VA patient portal. I would suggest this group and the PIDS project move ahead smartly, judiciously, and at a reasonable pace, because it could conceivably become the poster child for patient identity in healthcare.

Dan Combs: Let’s circulate the document for agenda item 6 and pick up that discussion on the next call

John Fraser: Vetting of patient identities – Pete and Rich (most connected into NSTIC and IAF) work with eCitizen to come up with a “straw man” solution, ie level 3 patient vetting process?

Pete: Yes

John Fraser: ApeniMED is willing to provide resources for implementation.

6. PIDS Document

Postponed.

7. Other Business

No other business discussed.

8. Adjourn

Next Meeting

  • Date: Thursday, July 7, 2011
  • Time: 10 am PDT | 1 pm EDT | 5 pm UTC | 7 pm CEST
  • Dial-In: +1-201-793-9022
  • Code: 4630912 -->1.      Video of David Temoshok, Director, Federal Identity Management, GSA Office of Governmentwide Policy, at eCitizen PIDS Event