Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Time

Item

Who

Notes

5 min
  • Call to order
  • GPA reminder
  • Roll call
  • Agenda bashing
  • Organization updates
Chair



Introductions

All

Welcome!



Discuss the discussion group 

    1. Goals, approach, desired outcomes (Charter material)
    2. Terminology page
    3. Use case template page
Chair





Schedule updates

  • Status
  • Issues
  • Next period plan
Chair

Team Calendars
id308e504f-b7f1-4b7c-90ae-ac5684fb7c65


Contributions updates

  • Status
  • Issues
  • Next period plan

Chair

Use Case Contributions

UC01 New patient registration current.pdf

UC02 New patient registration future.pdf

  • Catherine walked through the current state use case for patient registration (proofing)
    • Note that the preconditions are significant for Healthcare scenarios
    • PII collected at registration is collected to identify and lookup the patient for verification and de-duplication
    • The query step occurs because even if the patient has never visited the org, they might be in the EMR for other reasons - visit related organization, mergers/acquisitions of other orgs, etc
    • Patient Insurance Confirmation - this is included to contrast that this is NOT an identity assurance process - eligibility check
  • Future state process walkthrough
    • There are initiatives moving towards this future state where identity proofing / assurance is mandatory - e.g. NIST 800-63-3 IAL2
    • Note that patient still gets health care even if they do not achieve IAL2
    • Note the increase of machine processing and assistance used to increase assurance
    • Note that there are alternate flows not described for undocumented patients like the very young
  • Q: Does this cover subsequent-visit authentication? A: Correct - these are about NEW patient proofing, not returning patient. There's another set for returning patient.
    • Increasing use of biometric identification/authenticators for returning users - palm vein, fingerprint - used to locate the correct clinical records.
  • Q: Is the mention of IAL2 deliberate? A: Yes - there are incoming regulations that will require it.
  • Q: Which version of 800-63? A: 800-63-3 - will specify that reference in future revisions
  • Q: 63-3 requires verification with issuer - how do you do this? A: Credential document validation can be done by companies like IDEMIA and others. Then do a biometric compare of license to physical person. 
  • Q: Don't see how the non-actor stakeholders interests are met - e.g. if the person failed identity assurance how are their interests met - e.g. if not identified, then insurance payment needs not met - what alternative flows need to be documented to satisfy those stakeholder needs?

Writing teams updates

  • Status
  • Issues
  • Next period plan

Chair


...