HISP Rules of the Road Meeting - June 10

From Direct Project
Jump to: navigation, search
Attendees:
  • David Kibbe (AAFP) co-chair
  • Brett Peterson (ABILITY) co-chair
  • Greg Meyer (Cerner)
  • Andy Heeren (Cerner)
  • David McCallie (Cerner)
  • John Williams (Health-ISP)
  • Don Jorgenson (Inpriva)
  • Rich Berg
  • Bruce Schrieber
  • Adrian Gropper (HealthURL)
  • Brian Ahier ()
  • Will Ross (RedwoodMedNet)
  • Pete Palmer (SureScripts)
  • Sri Koka (TechCent)
  • Greg Chittim (Arcadia / RIQI)
  • Gary Christensen (RIQI)
  • Sean Nolan (Microsoft)
  • Arthur Hedge (Health-ISP)
  • Mark Stine (MedPlus)
  • Umesh Madan (Microsoft)
  • Pete Greaves ()
  • John Odden ()
  • Steven Waldren (AAFP)
  • Noam Artz (HLN)
  • Pat Pyette (Inpriva)
  • Ali Emami (Microsoft)
  • Dan Kazzaz (Secure Exchange Solutions)
  • Boris Shur (Secure Exchange Solutions)
  • Mark Gingrich (SureScripts)


Notes:

  • Review the HIT Policy Committee's Privacy and Security Tiger Team's presentation material to the HIT Policy Committee on June 8th (unanimously approved). The slide deck is here: pstt-recommendations-deck-06-08-11.ppt and the letter to ONC is here: pstt-recommendations-06-08-11.pdf. Addendum: For anyone who wants to listen to the HIT PC discussion about these recommendations, an audio recording of the meeting is available here: [1] The TT presentation by Paul Egerman starts at 2:55:00. The response and committee discussion (interesting) starts at around 3:18:00.
    • David McCallie
      • Recommendations presented to the Policy Committee – there was interested debate, but approved unanimously with no serious objections
      • Got committee to caveat recommendation with agreement to revisit if investigations into the cost/burden prove higher than though
      • TT did not take on levels of assurance or individual certs
      • Most important thing (but least clear) – Devin McGraw reiterated phrase the NwHIN is a brand. Anyone who wants to participate needs to abide by these rules.
      • David Kibbe (AAFP) co-chair
      • Brett Peterson (ABILITY) co-chair
        • Presentation was both interesting and disturbing. Having the door open is important. Not confident that S&I will shed a lot of light on this – think real products and real sales will do the most to clarify this issue.
      • Greg Meyer (Cerner)
      • Andy Heeren (Cerner)
      • David McCallie (Cerner)
        • Endorse what Brett just said. Real world experience is what will matter.
      • John Williams (Health-ISP)
      • Don Jorgenson (Inpriva)
      • Rich Berg
        • Very comfortable with recommendation, as one of FBCA cross certified bridges. Don’t think the $40 we charge will price anyone out of the market
      • Bruce Schrieber (Max.MD)
        • Okay with recommendation 3, especially if the cost is $40 per entity
        • Are we talking about the same type of cert being pushed down to the individual level?
        • McCallie – TT will tell you the made no recommendation around individual certs.
      • Adrian Gropper (HealthURL)
        • Want the minutes to reflect “I welcome our Federal Bridge overlords”
        • How does this affect patients in their use of Direct messaging?
        • Rick Berg – lots of work going on with VA, NIH, etc… on patient identification
      • Brian Ahier ()
        • While not as skeptical of chance of success for S&I framework, think Brett is more right than wrong.
      • Will Ross (RedwoodMedNet)
        • Also agree with Brett.
        • We want to be policy informed, but believe implementation trumps policy
      • Pete Palmer (SureScripts)
        • Very supportive of recommendations as they are
        • Know where others are coming from
        • Will add a link to GSA project that I worked on. Did pilot with 6 RHIOs and federal bridge. Enrolling both SW and HW. Will post a link to whitepaper: [2]
      • Sri Koka (TechCent)
        • Agree with Brett
        • Question: individual certificates are not required?
          • McCallie – correct. Tries to find individual first, if can’t find that, goes to org, if can’t find that, it fails
      • Gary Christensen (RIQI)
        • We’re going to have our certs be FBCA cross certified
        • Won’t make much difference in our implementation – path of least resistance
        • Implementation is key, but it can be an and with policy
        • Can also use previous face-to-face verification, in lieu of notaries or new face-to-face.
      • Sean Nolan (Microsoft)
        • Spent a little bit of time talking with Devin – happened to be in DC. She was very supportive of idea that this will play out over time. Very comfortable with us moving forward in a commercial way.
        • Clear that citizen stuff should continue on a separate track
      • David Kibbe
        • Sounds like we have a consensus on moving forward under the FB
        • Brings us to a cross roads:


  • Discuss options for where this group goes from here (e.g., continue the debate, go on hiatus to gather more experience, disband)
    • David Kibbe
      • Do we continue to meet? What do we do?
      • Consensus statement is very complete, and has been helpful to a number of people already
      • Share concerns of David McCallie around continued lack of understanding about Direct in general
      • Brett Peterson
        • My instinct is that to give input on where to go need to get more experience
        • Level of influence moving forward will be borne out of experience with real customers/counterparts
        • Don’t have a real good feeling for a lot of this stuff. Working with lots of customers/propects
        • Want to get that experience before moving forward any more.
        • Options:
  1. Continue along as is to refine ecosystem language
  2. Monthly sharing meeting or One meeting over the summer
  3. Go on hiatus, come back in a few months once we figure out where we are
  4. Disband entirely
  • Voting round:
    • ? - David Kibbe (AAFP) co-chair
      • Will do whatever group decides.
      • Think we’ve accomplished a lot
      • Want to keep considering DirectTrust.org as a governance body at some point.
      • 3 - Brett Peterson (ABILITY) co-chair
      • ? - Greg Meyer (Cerner)
      • 3 - Andy Heeren (Cerner)
        • Want to come to consensus on identity assurance level. Want something to point to.
        • 1 then 3 - David McCallie (Cerner)
          • Think there are still some unresolved issues so to avoid divergence later on
          • Level of assurance
          • Technical questions on marking certs as used for Direct – policy OIDs
          • Consumer question – needs to be more discussion here
          • Plan to come back around government NPRM to give feedback
        • 2 - John Williams (Health-ISP)
          • Will be interested in further definition of citizen community
          • Concerned that if we all go away and then come back ina few months we may have interop activities
        • 2 - Don Jorgenson (Inpriva)
          • Seems like we’ve talked about a lot of things today that need to be resolved if we’re going to find an efficient way to exchange information across domain
          • No longer than midsummer
        • 1 - Rich Berg
          • VA is currently putting together pilot for a patient portal. Want to stand up some level 3 PKI credentials. There is a funded pilot under Kantara to establish a patient portal for non-PKI level 3 credentials. Oasys and Katara are trying to put together a level 2.5 assurance.
          • With everything going on, would hate to have this group go on hiatus. Happy to share what is going on
          • NSTIC – ([3]) - National Strategy for Trusted Identities in Cyberspace. National effort to work on the entire subject of identity management
        • 2 - Bruce Schrieber
          • Opportunity to check in, inform group about things that are going on
        • 1 or 2 - Adrian Gropper (HealthURL)
          • Particularly interested in us coming out with clear best practices for citizen participation
          • Don’t see this work being done anywhere else
        • Brian Ahier ()
        • 1 - Will Ross (RedwoodMedNet)
          • Don’t want to go on hiatus deliberately
          • Adjust our topic mix, so that only those who are interested need to attend
        • ? - Pete Palmer (SureScripts)
          • Will defer to David and Brett
        • 1 - Sri Koka (TechCent)
          • Echo Will Ross. Want to continue meeting. This is the place I come to to get answers.
        • 3 + on demand - Gary Christensen (RIQI)
          • Think we should get to full consensus on the work we’ve done already. Make sure we’re not leaving anything incomplete
          • This has been a great process for us – shows we’re staying consistent in our think with the general community. Also helping us make course corrections in our detailed work.
          • Push to get live with as many doctors as possible as quickly as I can.
          • As we get to the next level of detail on how this will work full circle, would love to share with this group.
          • Could there also be an “on-demand” request for meetings?
          • Consumer issue is still out there, but I am not as concerned with that now.
        • 3 - Sean Nolan (Microsoft)
          • Have a good start on citizen work. Want to continue to move forward.
        • Arthur Hedge (Health-ISP)
        • David Kibbe
          • This has been a really good meeting.
          • If I continue in a leadership role, want to ensure we continue to focus on the success of Direct.
          • Seems there is a subset of folks who want to meet every week and focus on particular topics of interest, other who just want to meet once a month. Don’t seem like incompatible ideas.
          • Want to continue Greg Chittim’s administrative support
          • By mid-next week, can come up with a plan that will meet everyone’s needs