Page tree
Skip to end of metadata
Go to start of metadata





  • Comments on Federal Health IT Strategic Plan

  • As announced in our last meeting, NIST had just released the revised working draft of the Privacy Framework which Jeff said me might be able to address during this call.  One of the documents NIST released along with their PF document (Version 1.0 of the NIST Privacy Framework) was a document relating to "Core Changes"  to the Privacy Risk of an Individual vs the Privacy Risk of a Business discussed in the release vs the earlier "preliminary" release.

Meeting called to order at 12:07pm Eastern time.

Discussion items

Comments on Federal Health IT Strategic Plan and Vote to finalize

Comments-discussion ref WG approval of the ONC submittal entitled: Comments on Federal Health IT Strategic Plan.  It will not be submitted until we have approval.  As of this email several WG members have not voted.

Tom requests our WG to include comments on the ONC 5 year plan. This has been inserted, so now we need to vote again to approve after Tom’s changes.

  • Result of vote: Unanimous Yes from all 7 WG members.
  • Bev Corwin submitted her vote by proxy. Email sent giving proxy to Noreen Whysel who voted Yes for both.

35minDistributed Identity Assurance Specification

Background: Within submittal document is a link to an earlier (WG approved) version of the Distributed Identity Assurance Specification that Tom had developed during the initial drafting.  Since that time there have been several side bar technical sessions with Sal, Tom, me and others that Tom may have engaged that enabled some fine tuning the DIA specification that he will share with us.

  • Statement at the top supports patient interoperability and access rules of the 21st Century Cures Act. The rest of the document addresses the Federal Health IT Strategic Plan.

    Tom noted additions to the Patient Choice document:
    1. Without some other trust mark on the app, it is very difficult for the patient to determine if the app is covered by HIPAA. "If you see the term 'we are HIPAA-compliant', the basic rule of thumb is the program does not fall under HIPAA" from Pam Dixon, executive director of the World Privacy Forum as quoted by Thorin Klosowski in "Consider the Consequences of Trading Your Health Data. (2020-02-03) New York Times p. B7.
    2. Eliminated PCP from definition of terms, replace throughout with EHR
    3. Added Kantara as source of definitions
    4. Created a doi and QR code to the FIRE demonstration site, which also demonstrates how to 

Vote to remove "DRAFT" from the Distributed Attribute Assurance Specification

  • Result: Passed with all present voting Yes. Bev Corwin absent. Next step is to forward to Kantara leadership, released as a FIRE WG document to the website. Sal will let the leadership council know we expect one more release before requesting approval from Kantara.
10minNIST Privacy Framework NIST Privacy Framework events (

Agenda for next call will be 15-20 minutes to go over the framework at a high level.

They set up a series of discussions at upcoming meetings. We should be aware of them. Jeff will send the event  information to FIRE WG. Will be at RSA Conference in later Feb standards/use cases and at HIMS’s in March 10 in Orlando to talk about relationship between v1 and Health in general as well as cybersecurity risk.

Jim will contact Naomi about our pilot.

Meeting Adjourned at 1:00pm Eastern time.

We are currently on a biweekly schedule. Next meeting is February 18 at Noon Eastern time.

Action items

  • Salvatore D'Agostino will let the leadership council know we expect one more release before requesting approval from Kantara.
  • Jim Kragh will contact Naomi about our pilot.