HIA WG Concall 2010-09-30 Minutes
HIA WG Concall 2010-09-30 Minutes
Date and Time
- Date: Thursday, September 29, 2010
- Time: 10am PST | 1pm EST | 5pm UTC | 7pm CEST (Time Chart)
- Dial-In: Skype: +9900827044630912 - North American Dial-In: +1-201-793-9022
- Code: 4630912
Attendees
- Laurie Tull (voting)
- Bob Pinheiro (voting)
- Barry Hieb (voting)
- Myisha Frazier-McElveen (voting)
- John Fraser (voting)
- Dan Combs (voting)
- Siddharth Bajaj (non-voting)
- Lara Zimberoff (non-voting)
- Mickey Tevelow (non-voting)
- Timothy Reiniger (non-voting)
- David Minch (non-voting)
- Dazza Greenwood (non-voting)
- Daniel Bennett (non-voting)
Apologies
Apologies - None.
We had 6 voting members on the call where we did/did not reach reach quorum.
Agenda
1. Roll
2. Approve Minutes
3. Patient ID Pilot update/ architectural components
a. Funding
b. Project Status
c. Timeline, documents to expect
d. IAWG discussion
e. UMA WG
4. Other business
5. MITRE trusthub discussion
a. Diagram of eCitizen Patient identity pilot - https://docs.google.com/fileview?id=0Bx6P0fy7aGmLNGIzZmY0ZTgtNDQ4YS00YmY0LWEwNzAtNTAyMzJhMjNmZmE2&hl=en
b. Trusthub on SourceForge - http://sourceforge.net/projects/trusthub/
Minutes
1. Roll Call and quorum and welcome new attendees
Roll call as above.
Minute taker: Lara Zimberoff.
2. Approve Minutes from previous meeting
John Fraser motioned to approve minutes, minutes approved with no objection
3. Patient ID Pilot Update/ architectural components
Dan Combs: Earlier this week, Nat Nakamura was in town and we had a dinner, spoke for 2-3 hours about how to move forward with the project. Kantara has sent an agreement to the OpenID of Japan Organization and that information is being reviewed by their legal counsel. At this point, we are waiting for a response as to whether that document will be acceptable. That’s about the final issue before the agreement to fund the project is complete. Hopefully the funding will come in soon so we can have an official start. I would like to reiterate that the project has not officially started. It is our intention to continue to talk about, socialize, and otherwise prepare for the project. Over the next little while, you will see an update to the project description document and you will get a better updated version of the timeline. You will likely see those in the next week or so, I would guess. Those will still be pre-project and not finalized documents. The first effort will be to finalize those documents to ensure they meet people’s expectations for participation in the project.
John Fraser: Requested Dan Combs introduce himself and his team. Dan is CEO of eCitizen. Dazza Greenwood is Executive Director. Chief Technology Officer is Chief Technology Officer.
John Fraser: We’re very excited to have eCitizen join our team. Kantara will lean on eCitizen to do the requirements gathering and. I would like to metion that ONC is interested in funding projects that foster the NHIN architecture. Dan and Dazza, we should discuss this opportunity further. I think we could put in a strong application, so let’s put our heads together and see how we might go after that funding.
Dan: It’s never too early to start thinking about funding for phase 2.
Barry: Remind me, how long do you think phase 1 will last?
Dan: We’re expecting it to be somewhere in the neighborhood of 12 weeks.
Barry: That reinforces the need to get phase 2 funding.
John: I think we should put together a proposal for ONC and then we can use that proposal for other funding groups.
Dan: I think that’s a good idea since that process can take a significant amount of time.
John: If anybody within the group has potential funding sources, please contact someone on the steering committee, because we do need to get that started now.
Dan: I assume that if you’re on the HIA WG, that you have some knowledge or interest in healthcare and are aware of the effort and funding going into 3 major national efforts. Health benefit/insurance exchanges, HIEs, and the funding to EMRs. This particular project could have a huge impact and could be of tremendous value as all of these efforts move forward.
John: I would like to remind people that Kantara came together with OpenID and Liberty Alliance to come up with standards that are shareable between organizations so people can get identities that work across multiple applications. Together, I think we have a good shot at designing something that will be valuable for this emerging national effort in healthcare.
Rich: Does OpenID have a prominent role in all of this, or is it just one of many possibilities?
Dan: None of that is decided, but I think since they’re funding the design phase, it’s safe to assume they will have a seat at the table. I don’t think it should be assumed that it will be the only solution for the particular functions it provides. There are lots of credential providers out there and we need to allow for the possibility of all of those providers participating. You can be somewhat assured that OpenID will be part of it, but not the only part of it.
Dazza: Authentication and validation approaches will relate to OpenID but will not rely on it.
Dan: OpenID would have to address to issue of how to respond to requirements.
Rich: Nat doesn’t work for OpenID, he works for a research foundation, correct?
Dan: Yes
Dazza: The funding vehicle is the OpenID foundation as opposed to the for-profit corporation.
Rich: I know Trust Hub is phase 2. Is the idea that the patient portal will be a modification of Trust Hub, or is Trust Hub just a piece of the bigger idea?
Dan: Trust Hub is certainly bigger than what we anticipate we will need for this particular project.There are pieces of it that seem to potentially provide the functional requirements for the portal. There’s the possibility that something within Trust Hub should be considered.
Daniel Bennett: We have to thank MITRE for making that engineer time available to take a look at the use case and preliminary diagram.
John: Let’s discuss the IAWG
Dan: IAWG is Identity Assurance Workgroup. I participated in the precursor group under Liberty.
Myisha: IAWG is looking at identity assurance and is working to develop identity assurance framework leveraged by other groups. The trust framework that the IAWG developer is being approved by GSA.
John: Can you describe the IA frameowork?
Myisha: It talks through the requirements associated with a warm body at various assurance levels. The Identity Assurance Framework is aimed to be technology agnostics but works through what credential providers need to be approved.
Rich: Does the identity assurance framework fit within the needs of the project?
Myisha: the concept of the framework is to create a floor, so to speak, regarding those specific areas. There may be communities of interest where the credential service isn’t sufficient. This will be a great way to exercise the IAF. I don’t think it will necessarily apply to everyone, which is why this effort will be helpful to determine where more specificity is required.
Dan: Some of the Kantara leadership thought it would be a good idea for different WGs to collaborate. We were able to speak on last week’s IAWG conference call. The question for us is, what does it mean to design a project that incorporates the IAF? We asked the group to provide that input.
John: I know that some of my co-chairs are very interested in at least analyzing the IAF and that we’re clear about how we look at it. It’s work to be done, there are no decisions made at this point.
Dazza: It’s in the project plan to investigate the IAF
4. MITRE Trusthub Discussion
John: MITRE/Trust Hub discussion. MITRE was on an earlier call and this is a follow-up discussion.
Dazza: Thanks to MITRE for joining us on the last call and preparing documentation for us to look at. We would like to learn more, what the components are, and how we could potentially leverage the Trust Hub framework. This is not a conclusive conversation, but because we do have the resource available at this point, we would like to get the information.
Cleo: there are 2 components. First is trust hub physician onthology (?) based on Higgins onthology, and adding attributes from HL7. One of the questions is how it could be leveraged. We were focused on physicians, but it can be changed to apply to a patient record. The second component is the connector that retrieves information, extracts physician records, and then maps the attributes into our physician onthology. The results are sent to the Trust Hub and that’s how it gets into the database.
Dazza: This all relates to a code base called Trust Hub, funded by the Dept of Homeland Security. This has been publically released by MITRE under an Apache2.0 license. What does everyone think?
John: One of the issues we identified in the last call is that Kantara is about sharing identities. One thing we haven’t seen the Trust Hub is the ability to share identities.
Jaia: What trust hub implies is a delegation packet. I have to be honest and say that I don’t know much about OpenID.
Dan Bennett: Trust Hub associates identity tokens. There’s a placeholder to associate a database of attributes. One possibility is that if there are identity tokens, then that could be included within the trust hub that has already been set up to include HL7 information and perhaps allow a way to connect the physician trust hub with the patient trust hub.
Jaia: We do not use a URL like OpenID users.
DB: It might be able to hold something additional as it has connectors to other databases and could perhaps take in other identifiers.
Jaia: Yes it can. It can also extend the Higgins attributes to add whatever you need it to add.
Cleo: Higgins is an onthology based schema. You can add more attributes into it and extend it fairly easily.
John: Another issue we’re going to run into is federation. Is the idea to use multiple trust hubs?
DB: That’s definitely a question that we brought up with Jaia and others at MITRE. They indicated that they’re looking at is as a trust hub. The idea is that it could be adaptable for federation or more open architecture.
Rich: Which part of the diagram is trust hub?
DB: We’re just looking at a technology and seeing where it has relevance. If you look at the yellow section, that’s the identity portion of it.
Dazza: the purpose the chart was to give us an idea of what would be necessary to translate and modify it so it can be used for a patient identity portal. We may need one of more reference architectures.
Jaia: the problem we’re trying to solve is connecting the disparate systems. We were trying to streamline as much as possible and I think it can be extended to patient identity.
Barry: One of the things I need better clarity on is the analysis of how a traditional CMPI functions overlap with the Trust Hub set up functions.
Dave Minch: The patient identity services you’re talking about in a community CMPI are oriented to finding common elements in transactions. I see this as being separate in that the patient is essentially self-identifying when they are creating a credential. The edge is the ability to connect the patient to their actual set of records.
Barry: In my mind, those two both involve finding out for sure who the person is who is requesting activities. Then once the identity is established, the services they’re entitled to do are established.
John: if we truly are building a national infrastructure, it’s probably not practical to think there will only be one set of systems authenticating the patient, physician, or both. Dazza and company, I believe you should start talking to MITRE about the idea of federation. I will say that the Shibboleth model gives us the idea of that. Shibboleth and Trust Hub may need to married together.
5. Other Business
n/a
Next Meeting
- Date: Thursday, October 28, 2010
- Time: 10am PST | 1pm EST | 5pm UTC | 7pm CEST (_[Time Chart|http://timeanddate.com/worldclock/fixedtime.html?month=6&day=3&year=2009&hour=15&min=0&sec=0&p1=0&sort=2]_)
- Dial-In: Skype: +9900827044630912 - North American Dial-In: +1-201-793-9022
- Code: 463091