Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.






5 min
  • Call to order
  • GPA reminder
  • Roll call
  • Agenda bashing
  • Organization updates




Discuss the discussion group 

    1. Goals, approach, desired outcomes (Charter material)
    2. Terminology page
    3. Use case template page

Schedule updates

  • Status
  • Issues
  • Next period plan

Team Calendars

Contributions updates

  • Status
  • Issues
  • Next period plan


Use Case Contributions

UC01 New patient registration current.pdf

UC02 New patient registration future.pdf

  • Catherine walked through the current state use case for patient registration (proofing)
    • Note that the preconditions are significant for Healthcare scenarios
    • PII collected at registration is collected to identify and lookup the patient for verification and de-duplication
    • The query step occurs because even if the patient has never visited the org, they might be in the EMR for other reasons - visit related organization, mergers/acquisitions of other orgs, etc
    • Patient Insurance Confirmation - this is included to contrast that this is NOT an identity assurance process - eligibility check
  • Future state process walkthrough
    • There are initiatives moving towards this future state where identity proofing / assurance is mandatory - e.g. NIST 800-63-3 IAL2
    • Note that patient still gets health care even if they do not achieve IAL2
    • Note the increase of machine processing and assistance used to increase assurance
    • Note that there are alternate flows not described for undocumented patients like the very young
  • Q: Does this cover subsequent-visit authentication? A: Correct - these are about NEW patient proofing, not returning patient. There's another set for returning patient.
    • Increasing use of biometric identification/authenticators for returning users - palm vein, fingerprint - used to locate the correct clinical records.
  • Q: Is the mention of IAL2 deliberate? A: Yes - there are incoming regulations that will require it.
  • Q: Which version of 800-63? A: 800-63-3 - will specify that reference in future revisions
  • Q: 63-3 requires verification with issuer - how do you do this? A: Credential document validation can be done by companies like IDEMIA and others. Then do a biometric compare of license to physical person. 
  • Q: Don't see how the non-actor stakeholders interests are met - e.g. if the person failed identity assurance how are their interests met - e.g. if not identified, then insurance payment needs not met - what alternative flows need to be documented to satisfy those stakeholder needs?

Writing teams updates

  • Status
  • Issues
  • Next period plan