[WG-HealthIDAssurance] Kantara HealthID Assurance WG draft agenda tomorrow 4/18/19 at 2 PM ET

Tom (Thomas) Sullivan tsullivan at drfirst.com
Thu Apr 18 01:32:57 UTC 2019

​​Here is the draft agenda for the call tomorrow:  Please suggest other topics ASAP if you want them up for tomorrow.

Healthcare - HIA WG and IDEF sub WG Created by: kantarainitiative at gmail.com
Time     2pm‎ - ‎3pm‎‎ (Eastern Time - New York)
Date      Thursday, April 18, 2019
Where   GoToMeeting (GTM2)
Description: Occurs every other Thursday of the month at 2:00 PM US Eastern Time --- zone converter: www.thetimenow.com/timezone-converter.php<http://www.thetimenow.com/timezone-converter.php>

 Please join our meeting from your computer, tablet or smartphone. https://global.gotomeeting.com/join/485071053

You can also dial in using your phone. United States: +1 (224) 501-3316

Access Code: 485-071-053

First GoToMeeting? Let's do a quick system check: https://link.gotomeeting.com/system-check

1.  Roll Call: Tom Sullivan and Jim Kragh.
2. Recent emails, meetings and discussions: Anyone? ​

 3.   Review briefly recent "unfinished" topics:
                a.) Final resolution ??? of our spreadsheet integrating our Healthcare Identifier design compatibility with the original NSTIC principles.
                      See the attached spreadsheet with "minor edits" under comments in blue font, bolded to resolve in during the call.

                  b.) What might be the possible workflow steps toward federating an online Identity in healthcare? (Repeat)
Here is an example/use case for discussion/edits:

1)    a "proofed" and authenticated credential holder (the "bearer") wants to federate his/her identity
2)   a Relying Party wants to receive the identity with at least an IAL2/AAL2 assurance level
3)   a Trust framework has certified that both entities are current members and have undergone the appropriate requirements to be part of the trusted community
4)   a software "platform" or entity (also a member of the trust framework agreement) implements the protocol to carry out an e-commerce transaction(s), satisfying the Relying party's need for a high level of confidence in the online identity.  Consensus   “Approved” though items 3 and 4 may be overlapping???? 1/11/19
Related questions:  1.  Does the Healthcare Industry need additional steps?  2. Where does double and triple blinding fit in this scenario?

4. Our current principles:
This represents a “general consensus”, but there was no formal vote taken. Excerpted from September 2016 and later from the IDESG Healthcare committee calls:
Examples of the IDESG Healthcare committee requirements for the IDEF Identity Solutions include:

Final vote to accept changes today  ? (4/18/19)
This represents a “general consensus”, but there was no formal vote taken. Excerpted from September 2016 and later from the IDESG Healthcare committee calls:
Examples of the IDESG Healthcare committee requirements for the IDEF Identity Solutions include:

 Core Principles in Healthcare Identity (/Identifier ? ) Design (Current status)  Accepted 3/7/19 but need confirmation of the highlighted edits from everyone for 4/18/19

1.    100% accuracy in identity management/matching
2.    "Break the Glass" in emergencies despite violating privacy rights. Notices or receipts should be sent to the patient and healthcare proxy whenever BTG is invoked.
3.    The need for relative anonymity and the use of pseudonyms to manage privacy issues in selected circumstances and where desired by the patient. "You must first be known in order to become anonymous"
4.    The need for robust audit trails including precise time stamping when changes are made.
5.     The importance of patient safety and also of liability surrounding inaccurate or conflicting/duplicate identities
6.     The need to easily delegate or designate a "proxy" with a strong identity (identifier set ?) and credentials to access records online with significant "ease of use" i.e. IAL2 and AAL2 for patients
7.    The need to promote “strong” multi- factor authentication as a requirement to enhance security
8.    Recognition of “Known to the Practice” as a common description of selected methods of real-world identity proofing of patients in clinical settings – There is no agreed up on consensus around details. "Known to the Practice" will remain a meaningless and useless term unless there is widespread agreement and adoption of a minimal standard for IDP and authentication, ideally incorporating the recommendations of NIST SP 800-63-3 or later versions as modified for Healthcare.
9.     Resilience, namely the ability “to recover and adapt to drastic and abrupt change” .Proposed addition -"You can't steal a person's identity, but identifier theft is very common"
10.  Legal, statutory redress must be available in the event of intentional online identity fraud and abuse of agreed upon core principles of HC Identity Design ​

5.   New business:
                                a.  Barry Hieb will discuss his GPII proposal. See attached Powerpoint  "IntroductiontoGPII...  The embedded video clip was too  large for my email client so I sent it separately from Gmail.

                                 b.  Renew/update our workgroup charter per Andrew Hughes for the leadership council approval See attachment.

6.   Next Meeting/Conference call schedule: We will invite guest speakers where appropriate.

                               a.) Regularly scheduled Conference calls, every other Thursday at 2 PM ET:  May 2  and 16 and 30, 2019


Thomas E Sullivan, MD
Chief Strategic Officer
Chief Privacy Officer
[Description: Description: DrFirst_OneLiner_OneLiner_Main]
 DrFirst.com, Inc.
(978) 729-5075 (M)
tsullivan at drfirst.com<mailto:tsullivan at drfirst.com>
sullivan at massmed.org<mailto:sullivan at massmed.org>

Notice of Confidentiality: The information included and/or attached in this electronic mail transmission may contain confidential or privileged information and is intended for the addressee. Any unauthorized disclosure, reproduction, distribution or the taking of action in reliance on the contents of the information is prohibited. If you believe that you have received the message in error, please notify the sender by reply transmission and delete the message without copying or disclosing it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/wg-healthidassurance/attachments/20190418/5115b7c5/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: IDESG HealthcareCharterFinal2012d.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 12943 bytes
Desc: IDESG HealthcareCharterFinal2012d.docx
URL: <http://kantarainitiative.org/pipermail/wg-healthidassurance/attachments/20190418/5115b7c5/attachment-0001.docx>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: IntroductiontoGPII-public Abridged2.pptx
Type: application/vnd.openxmlformats-officedocument.presentationml.presentation
Size: 402542 bytes
Desc: IntroductiontoGPII-public Abridged2.pptx
URL: <http://kantarainitiative.org/pipermail/wg-healthidassurance/attachments/20190418/5115b7c5/attachment-0001.pptx>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: NSTIC and Healthcare ID design 041819.xlsx
Type: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
Size: 19803 bytes
Desc: NSTIC and Healthcare ID design 041819.xlsx
URL: <http://kantarainitiative.org/pipermail/wg-healthidassurance/attachments/20190418/5115b7c5/attachment-0001.xlsx>

More information about the WG-HealthIDAssurance mailing list