[WG-HealthIDAssurance] Draft agenda for tomorrow, Thursday, April 4, 2019 2 PM ET

Tom (Thomas) Sullivan tsullivan at drfirst.com
Thu Apr 4 00:51:59 UTC 2019

​Here is the draft agenda for the call tomorrow:  Please suggest other topics ASAP if you want them up for tomorrow.
Healthcare - HIA WG and IDEF sub WG Created by: kantarainitiative at gmail.com
Time     2pm‎ - ‎3pm‎‎ (Eastern Time - New York)
Date      Thursday, April 4, 2019
Where   GoToMeeting (GTM2)
Description: Occurs every other Thursday of the month at 2:00 PM US Eastern Time --- zone converter: www.thetimenow.com/timezone-converter.php<http://www.thetimenow.com/timezone-converter.php>

 Please join our meeting from your computer, tablet or smartphone. https://global.gotomeeting.com/join/485071053

You can also dial in using your phone. United States: +1 (224) 501-3316

Access Code: 485-071-053

First GoToMeeting? Let's do a quick system check: https://link.gotomeeting.com/system-check

1.  Roll Call: Tom Sullivan and Jim Kragh.
2. Recent emails, meetings and discussions: Anyone?
                a.) See attached final submission to HIMSS from 3/21/19 on interoperability with one new sentence on Patient privacy and confidentiality.
                    (See page 2 with Large, 20 point font, highlighted).

 3.   Review briefly recent "unfinished" topics:
                a.) Final resolution ??? of our spreadsheet integrating our Healthcare Identifier design compatibility with the original NSTIC principles.
                     There are only 2 out of 56 cells where we have some   disagreement.  See the attached spreadsheet with the two cells highlighted to resolve in during the call.

                  b.) What might be the possible workflow steps toward federating an online Identity in healthcare? (Repeat)
Here is an example/use case for discussion/edits:

1)    a "proofed" and authenticated credential holder (the "bearer") wants to federate his/her identity
2)   a Relying Party wants to receive the identity with at least an IAL2/AAL2 assurance level
3)   a Trust framework has certified that both entities are current members and have undergone the appropriate requirements to be part of the trusted community
4)   a software "platform" or entity (also a member of the trust framework agreement) implements the protocol to carry out an e-commerce transaction(s), satisfying the Relying party's need for a high level of confidence in the online identity.  Consensus   “Approved” though items 3 and 4 may be overlapping???? 1/11/19
Related questions:  1.  Does the Healthcare Industry need additional steps?  2. Where does double and triple blinding fit in this scenario?

4. Our current principles:
This represents a “general consensus”, but there was no formal vote taken. Excerpted from September 2016 and later from the IDESG Healthcare committee calls:
Examples of the IDESG Healthcare committee requirements for the IDEF Identity Solutions include:

This represents a “general consensus”, but there was no formal vote taken. Excerpted from September 2016 and later from the IDESG Healthcare committee calls:
Examples of the IDESG Healthcare committee requirements for the IDEF Identity Solutions include:

 Core Principles in Healthcare Identity (/Identifier ? ) Design (Current status)  Accepted 3/7/19 but need confirmation of the highlighted edits from everyone for 4/4/19

1.    100% accuracy in identity management/matching
2.    "Break the Glass" in emergencies despite violating privacy rights. Notices or receipts should be sent to the patient and healthcare proxy whenever BTG is invoked.
3.    The need for relative anonymity and the use of pseudonyms to manage privacy issues in selected circumstances and where desired by the patient. "You must first be known in order to become anonymous"
4.    The need for robust audit trails including precise time stamping when changes are made.
5.     The importance of patient safety and also of liability surrounding inaccurate or conflicting/duplicate identities
6.     The need to easily delegate or designate a "proxy" with a strong identity (identifier set ?) and credentials to access records online with significant "ease of use" i.e. IAL2 and AAL2 for patients
7.    The need to promote “strong” multi- factor authentication as a requirement to enhance security
8.    Recognition of “Known to the Practice” as a common description of selected methods of real-world identity proofing of patients in clinical settings – There is no agreed up on consensus around details. "Known to the Practice" will remain a meaningless and useless term unless there is widespread agreement and adoption of a minimal standard for IDP and authentication, ideally incorporating the recommendations of NIST SP 800-63-3 or later versions as modified for Healthcare.
9.     Resilience, namely the ability “to recover and adapt to drastic and abrupt change” .Proposed addition -"You can't steal a person's identity, but identifier theft is very common"
10.  Legal, statutory redress must be available in the event of intentional online identity fraud and abuse of agreed upon core principles of HC Identity Design ​

5.   New business

6.   Next Meeting/Conference call schedule: We will invite guest speakers where appropriate.

                               a.) Regularly scheduled Conference calls, every other Thursday at 2 PM ET: April 18 and May 2, 2019


Thomas E Sullivan, MD
Chief Strategic Officer
Chief Privacy Officer
[Description: Description: DrFirst_OneLiner_OneLiner_Main]
 DrFirst.com, Inc.
(978) 729-5075 (M)
tsullivan at drfirst.com<mailto:tsullivan at drfirst.com>
sullivan at massmed.org<mailto:sullivan at massmed.org>

Notice of Confidentiality: The information included and/or attached in this electronic mail transmission may contain confidential or privileged information and is intended for the addressee. Any unauthorized disclosure, reproduction, distribution or the taking of action in reliance on the contents of the information is prohibited. If you believe that you have received the message in error, please notify the sender by reply transmission and delete the message without copying or disclosing it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/wg-healthidassurance/attachments/20190404/d51768ec/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: HIMSSinteroperabilityredefinitioneditsV36_032119 Sent.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 96881 bytes
Desc: HIMSSinteroperabilityredefinitioneditsV36_032119 Sent.docx
URL: <http://kantarainitiative.org/pipermail/wg-healthidassurance/attachments/20190404/d51768ec/attachment-0001.docx>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: NSTIC and Healthcare ID design 040219 TES.xlsx
Type: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Size: 19837 bytes
Desc: NSTIC and Healthcare ID design 040219 TES.xlsx
URL: <http://kantarainitiative.org/pipermail/wg-healthidassurance/attachments/20190404/d51768ec/attachment-0001.xlsx>

More information about the WG-HealthIDAssurance mailing list