Notes:

  • Evaluation Criteria for Trust Anchors and Certification Authorities document up for full Implementation Group Consensus.
  • Two new Best Practices documents since last meeting:
    • HISP-HISP Agreements: addresses FAQ on whether HISPs will need to enter into BAAs or other agreements with other HISPs and whether they are incurring any HIPAA risk by not doing so. Seeks to outline how Direct works, as well as control/create conditions for trusted interoperability for directed information exchange. Also provides reference to HHS OCR guidance on HIPAA - notes provision for courier only service and breach guidance to help orgs understand the the HISP is serving as an electronic courier, thus BAAs are note required between other HISPs, as the data they are sending to the other HISP is encrypted until it reaches its intended recipient. Also seeks to explain an environment where HISPs contracting with one another, and reasons that may be undesirable.
    • Second document addresses concerns HITSC had with respect to content. Tries to explore areas of a broad network that’s open to providers who send/receive various types of info -including unstructured data.
  • The HISP-HISP agreement seems in pretty good shape and has been reviewed by Arien, David, several HIPAA lawyers. Up for workgroup consensus next week.
  • Other document is up for review and comment on next week's call.