HIA WG Concall 2010-06-24 Minutes
HIA WG Concall 2010-06-24 Minutes
Date and Time
- Date: Thursday, June 24, 2010
- Time: 10am PST | 1pm EST | 5pm UTC | 7pm CEST (Time Chart)
- Dial-In: Skype: +9900827044630912 - North American Dial-In: +1-201-793-9022
- Code: 4630912
Attendees
- John Fraser (voting)
- Dan Combs (voting)
- Barry Hieb (voting)
- Lara Zimberoff (non-voting)
- Dervla O'Reilly (non-voting
- Mickey Tevelow (non-voting)
- Bob Pinheiro, Pinheiro Consulting (voting)
- Myisha Frazier-McElveen (voting)
- MIke O'Neill NASPO (guest)
- Graham Whitehead, NAPSO (guest)
- Rick Moore (voting)
- Jason Seto (non-voting)
- Siddarth Bajaj (voting)
- Joni Brennan (non-voting)
- Dervla O'Reilly (non-voting)
- Dazza Greenwood (non-voting)
- Rich Furr (voting)
Apologies
No apologies
We had 7 voting members on the call where we did (or did not) reach quorum on this call.
John Fraser made motion, Rich Furr seconded.
Agenda
1. Roll call for quorum, approve previous minutes, and welcome any new attendees
2. Follow up Q & A on the “Voluntary, Universal Health ID” from GPII and Dr. Barry Hieb, presented June 10
3. NASPO Idenitty Verification Effort
4. Patient Portal project with eCitizen
a. Steering Group update on contract with Kantara+eCitizen and fundraising
b. Update from eCitizen
c. Next steps
5. Other business
Minutes
1. Roll Call and quorum, approve previous minutes, and welcome new attendees
Roll call as above. John Fraser motioned to approve 6/10/10 minutes - Rich Furr seconded. Minutes approved without objection.
2.Follow up Q&A on VUHID from GPII and Dr. Barry Hieb presented June 10
Q: How is an individual identified?
A: First, each organization must determine how much authentication is required. Various categories of high level identifiers will be established moving forward. Various privacy classes can be established. Relying on industry to define what levels are necessary. GPii does not establish this policy – it allows organizations that use IDers to determine policy they wish to define. Gpii is policy-agnostic.
Q: Can an individual use one identifier at multiple provider locations, ie two hospitals in different states?
A: The individual determines the identifiers use. Patient is at liberty to establish new identifiers in various locations. It is the patient's decisions whether his or her providers can cross-link your identifiers. If patient is comfortable using pre-existing id from one location in another, that’s his choice. If patient wishes to change identifier, that’s possible as well.
Q: Who controls access to data files for patients?
A: That is a policy decision that will need to be established by the state HIE holding the information.
Q: The only person in the whole system who knows that an individual user has multiple identifiers is the user?
A: Yes
Q: Is there a way to federate or cross-certify more than one vendor, or does this system require single-vendor posts?
A: Identifiers must all come from one source to ensure uniqueness.
Q & A was wrapped up by Barry Hieb's statement that GPii offers a sufficiently flexible platform that supports multiple concurrent policies.
3.Minute taker
Lara Zimberoff
4. NASPO Identity Verification Effort
Representing NASPO on the call was Mike O'Neill and Graham Whitehead. Mike provideed a brief introduction of NASPO, stating NASP) is a nonprofit organization created to certify security products organizations through the identification of best practices in the security field, then introduced Graham Whitehead. Graham spoke about NASPO's kickoff effort taking place the second weekend of July in Kansas City, and encouraged Kantara participants to attend. The effort is aimed at establishing standards in the US by which identity can be managed. A bried Q & A session followed introductions:
Q: Do you have sufficient funding?
A: We take on additional costs when we take on projects. We have been unable to find federal funding so we have set up a "pay-to-play" process.
Q: Is "pay-to-play" literal at this point?
A: We have to find funding to move forward, so currently there is a minimum cost for participation.
Q: How do you envision this standard will be used? Will it be adopted for the front end of national identity? By employers for employment verification? What are your thoughts?
A: If you can solve the high level problem, you stand a good chance of managinging identity correctly in lower level agencies. We are taking a high level approach at the enrollment level for drivers licencses, passports, social security cards, etc.
Final comments by Graham Whitehead: The Amercian National Standard Process requires that once a draft of a process has been created, that process then becomes open for the public's review and comments. That is a way for individuals or groups who do not have the necessary funds can participate in this effort.
5.Other business
Barry Hieb invited Mike O'Neill and Graham Whitehead to participate on the next call.
John Fraser provided an update on the eCitizen project, stating Kantara is finalizing the contract with eCitizen. Joni Brennan confirmed that the agreement is being finalized. Dazza Greenwood informed the group that the Steering Committee met recently to take stock of fundraising efforts.
John Fraser asked for final questions and comments, then concluded the call.
Next Meeting
- Date: Thursday, July 8, 2010
- Time: 10am PST | 1pm EST | 5pm UTC | 7pm CEST (Time Chart)
- Dial-In: Skype: +9900827044630912 - North American Dial-In: +1-201-793-9022
- Code: 4630912