HIA WG Concall 2011-07-07 Minutes

Kantara HIAWG Teleconference

Date and Time

  • Date: Thursday, July 7, 2011
  • Time: 10am PST | 1pm EST | 5pm UTC | 7pm CEST (Time Chart)

Attendees

  • Tony Goulding
  • Daniel Bennett
  • Laurie Tull
  • Dan Combs
  • John Fraser
  • Bill Braithwaite
  • Dazza Greenwood
  • Bob Pinheiro
  • Pete Palmer
  • Rick Moore
  • David Kibbe
  • Anna Ticktin
  • Lara Zimberoff

Apologies

  • Kay Bross

Agenda

  1. Intro
    1. Roll Call (5 minutes)
    2. Approval of Minutes (5 minutes)
      1. 3/31
      2. 5/12
      3. 5/26
      4. 6/23
  2. Recap of Boston/MIT Meetings (15 minutes)
    1. NSTIC Workshops Recap; Privacy and Usability
      1. Presentations: http://nist.gov/nstic/privacy-workshop-presentations.html
    2. PIDS Face to Face, MIT Media Lab
      1. Relevant links for further background
        1. Video of David Temoshok, Director, Federal Identity Management, GSA Office of Governmentwide Policy, at eCitizen PIDS Event
        2. Video of Jeremy, Senior Executive Advisor for Identity Management, NIST for NSTIC at the eCitizen PIDS Even
  3. PIDS Document (partial draft) https://join.me/citizencontac (25 minutes)
    1. Review and Discussion
  4. Other Business (10 minutes)
  5. Adjourn

Minutes

1. Intro

- Roll Call: see above

- Approval of minutes: No corrections, no objections
3/31, 5/12, 5/26, and 6/23 minutes approved unanimously

2. Recap of Boston / MIT Meetings

Dazza: Intro, Executive Director of eCitizen Foundation. eCitizen has been working in partnership with the Kantara Initiative thanks to funding from OpenID in Japan to stand up a patient identity service. We started this in July of 2010. We’re just now finishing the design phase of the project. The next phase, phase 2, will include identifying funders and participants in a pilot. We will then be working with various partners to meet meaningful use. A critical moment of the project was just last weeks at the PIDS Face to Face at MIT which coincided with the NSTIC Workshops. A number of key players were present. This was an important milestone and provided a lot of validation for the project.

Daniel Bennett: We’re looking at the NSTIC Workshop recap. See the link distributed in the agenda. Dazza moderated one of the panels. It was great to be at the MIT Media Lab to discuss these issues about identity and privacy. Dan, any other followups on the NSTIC event?

Dan Combs: There were 150+ people who participated. The facility was beautiful. There was a large variety of privacy advocates and industry participants, vendors, relying parties, etc. I think it was all in all a pretty successful event.

PIDS Face to Face

Daniel: Almost a continuation of the NSTIC events. Major players in the administration were present. See the video links distributed by Dazza from the event, featuring Jeremy Grant and Dave Temoshok.

Dazza: The PIDS event was titled Identity in Healthcare. Ray Campbell presented and went through the general trends, specifically accountable care organizations and their context and anchor points for identity. Our next speaker was Jeremy Grant. He ran the NSTIC meetings the day before and provided a great keynote focusing on identity in healthcare, and related our project as a clutch effort. After him, there was a very colorful presentation by Peter Alterman. He provided great examples of larger applications for ONC. David Temoshok was the next speaker. He related what’s happening with PIDS to other pilots in the past and extrapolated how these kinds of projects are essential. Tom Spenahoff (sp?) then spoke about the need for contract and statutes and how they are important in the business context, and will impact legal rights for implementation of PIDS. Then there was the overview of the PIDS project itself relating it to meaningful use and NwHIN. We started by demoing higher assurance level credentials with our partners, who will hopefully be participating in later phases of the project.  The first was the HID Active Identity demo. Next, Rich Furr gave a demo of the SAFE BioPharma credential, which has a well defined set of operating and legal rules. Lexus Nexus was the next demo. They showed how their knowledge based identification can be used as a service. Next came Q&A, and it became apparent that the feedback is generally very positive.

John Fraser: Any questions?

No questions.

Rick Moore: I want to congratulate you on the presentations that were made and the whole program that was put together. I was able to patch in occasionally and thought it was well done. It appeared to me that there is a lot of energy moving in our favor.

Pete: That lineup is about as solid of representation of all the different industries that you’re going to get. Congratulations on putting this together.

Daniel Bennett: Thanks to everyone. It was quite an event.

Dan Combs: We really appreciate the notice of the event and the work we did. We are going to try to replicate what’s already been done. We’d like to talk in the future about following up this event with one or two more to continue moving the project forward.

John Fraser: You guys did a great job, and I want to encourage that we keep the ball rolling. I know our group is stretched in terms of time resources

3. PIDS Document

Dazza: Requirements and constraints: results of the many interviews that eCitizen conducted with members of this workgroup and other industry leaders, patient advocates, etc. We also have the results of the field survey conducted by Daniel Bennett. We’re synthesizing that information now – this section is where you will see the results of that reports. Conceptual design: functionally (sequences and flows), actors and elements, technical procedures. From the patient perspective, they create a PIDS account, or potentially, they combine an existing open id with their account. Once they have a PIDS account, the next major lifecycle event is to enter a system with their id, ie a hospital, PHR, insurance company, etc. Basically anywhere a patient can id, we’re hoping those users can download an open source code making it very easy to access these systems. They may be challenged to authenticate with a higher level of assurance. I’m currently working with Peter Alterman on Oasis to come up with standards for step up authentication. Patient generates report: patients control and audit records. Combining PIDS identifier with higher assurance level credentials. There’s also a soft requirement that PIDS should be capable of being  discoverable.

Dazza: upcoming discussions should include feedback on the design, revisions to the design, funding, resources, etc. We will be distributing a letter of intent for various roles for participation in phase 2.

Question: Is this document available on the HIA site?

Dazza: It’s only available on joinme. The next version will be in a readable form, and we’ll be sending that to the workgroup. The existing version is just a bit too rough.

John Fraser: Can you clarify when it will be up on the listserve?

Dazza: We need to get some more feedback. We certainly want to have a final version out and published within a month. We will incorporate feedback and email next draft to group shortly.

Daniel Bennett: If you want a private walk through, contact anyone at eCitizen (Dazza Greenwood: dazza@civics.com; Daniel Bennett: daniel@citizencontact.com; Dan Combs: dancombs1@gmail.com), or feel free to submit your comments as early as possible.

John Fraser: I encourage everyone to reach out for a private session and I look forward to having you guys email it out asap.

4. Other Business

No other business discussed.

5. Adjourn

Next Meeting

  • Date: Thursday, July 21, 2011
  • Time: 10 am PDT | 1 pm EDT | 5 pm UTC | 7 pm CEST
  • Dial-In: +1-201-793-9022
  • Code: 4630912