Notes from NHIN Direct Security & Trust Meeting


Date: May 13, 2010
Time: 12pm-1pm
Attendees
: Arien Malec, Honora Burnett, Nick Radov, Fred Trotter, David McCallie, Vassil Peytchev
John Moehrke, Sean Nolan, Erik Horstkotte, Ron Cordell, Pete Palmer, Paul Mincini for Gail Belles, Peter Clark & Brett Peterson
Actions from this week
#
Date
Action
Status
Owner
Due Date
13
5/13/10
Fred Trotter will provide links for the voting section of the basic trust model on the WG page
Open
Fred Trotter
5/20/10
14
5/13/10
WG should read/comment on Sean Nolan’s post on the challenges of multiple simultaneous trust circles and using TLS: http://nhindirect.org/message/view/Security+and+Trust+Workgroup/24123785
Open
WG
5/20/10
15
5/13/10
Arien will frame and elevate policy tradeoff for consumption by policy people
Open
Arien
5/20/10
16
5/13/10
David McCallie will set up a time to speak with Dixie Baker about Technology/Policy
Open
David McCallie
5/20/10
17
5/13/10
Arien will answer Fred Trotter’s questions:
  • Which HITSP documents are we talking about?
  • Where is policy coming down from?
  • What is the correct language: node or HISP?
Open
Arien
5/20/10

Actions from last week
#
Date
Action
Status
Owner
Due Date
12
4/29/10
Group will read and comment on Basic Trust Model: http://nhindirect.org/Basic+Trust+Model
Closed
All
5/6/10

Notes
Recap of Face-To-Face meeting on May 6th
  • Ensuring that there is cohesion with what we are doing and what the policy community is doing
  • Certain communities may want to use this within their own spheres
  • What the scope of the initial deployment of NHIN Direct would look like
  • Concern that we’re not definition the policy – be sure that is something we are working with as we move forward
  • Conversation of global vs. many
  • We’re pushing fast & concrete and in parallel we are working more closely with the policy folks
Comment from Brett Peterson
  • Boils down to: where do we encrypt the message
  • Not the first group to look at this type of stuff
Comment from John Moehrke
  • Creating a problem that is an academic problem rather than making simple decisions on point to point, and not forbidding message level security
  • Increase complexity makes it outside the bounds of our original
  • Keep it simple, but not stupid & not cut off message security
Comment from Arien Malec
  • Policy guidance that is going to come down – which will get us back in discussion mode
  • Agree with David McCallie
  • We need to surface technology/policy choices and emphasize that this isn’t new material

Review of policy guidance
  • Heightened awareness of what is going on at NHIN Direct
  • Policy folks have thought of this as being push messages that fall under permitted purposes
  • New thing that policy folks (HIT Policy Committee)
  • What level of access to HISPs have to PHI
    • Routing Metadata should be lean/spare:
      • Concern over the amount of PHI that is expressed in routing metadata (to route a message the PHI exposure should be minimal)
      • Data rights/data exposure at the HISP level
    • Don’t’ require access to the package:
      • Level of policy concern: must not be required that in order to route the HISP must not have access to the
    • Background: not clear from a policy perspective
    • Cross mapping function:
      • Enabling XDR bridging to XDR will be problematic?
Comment from Brett Peterson
· How can certs be distributed?
Comment from Erik Horstkotte
· What routing information do we need?
· To/From/ Date/Message ID for traceability/audit
Comment from Sean Nolan
· Simple, stupid, stupid
· Normally issue with LDAP is issue of whether we are trying to limit the issue to IST
· Certs records
Comment from John Moehrke
· Unfortunate the way the wording has come down from policy committee
· Idea that a HISP is even router is something that might not be true – there is no use case for this
· Don’t authorize a HISP to touch your data to begin with
· Case for “free hop” transfer is to install the HER enabled by two exchanges
· Source/BA and Destination/BA
· Whole discussion about S&I is overly complex-ifying
    • We’d discussed addresses have endpoint and domain part
    • Why is an organization that is receiving needs to minimally support 7,00 endpoints with 7,000 TLS certificates
    • Could start with a single endpoint recognized buy a single certificate and modify their addresses overtime

Comment from Vassil
· Ask ourselves “why are we reinventing the wheel?”
· How is that different?
· Beat odds with existing HIEs – agreement for how to share data with their group
· Allow the NHIN exchange
· Create alternative path for exchanging data and will get fragmented system
· Real HISPs in the real world do all kinds of things that are legal, appropriate and required and a notion of a pure routing only organization is a myth
· Faithfully surface back the point of view of the NHIN Direct technology folks to see that that gets communicated

Comment from David McCallie
· David McCallie and Arien will speak with Dixie about Technology/Policy conversations together
· Sean’s model requires that the HISP do the encryption – allow the simplicity of the TLS model
· Similarly complex
· Are we going to be in the stupid/stupid case?
· Tough to participate in complexity – mistaken and feels like a false argument
· Express this as a value added network
o Even if they aren’t converting, they’d be a fully authorized participant in those conversations
o Circled around back to not having anything new to do
o Cases outside a BAA

· Question that Arien has to come back to – is there one policy that everyone has to come to?
· Pulled in the NHIN Dursa as our base policy language
· Why would we forbid two doctors with NHIN from exchanging information?
· Two doctors have equipment that is capable of exchanging information
· How does one person have one endpoint that allows for them to have international conversations?
o Provider to have trust relationships one on one with multiple endpoints
· Put the trust decisions back into the hands of the individual users

Comment from Fred Trotter
· Disconcert between what we’re talking about on the calls vs. forums
· On forums – not one top down models
· Different interpretation of what the trust assertion means

· Fred Trotter will provide links for the voting section of the basic trust model on the WG page
· WG should read/comment on Sean Nolan’s post on the challenges of multiple simultaneous trust circles and using TLS: http://nhindirect.org/message/view/Security+and+Trust+Workgroup/24123785
· Arien key action: frame and elevate policy tradeoff for consumption by policy people
· David will set up a time to speak with Dixie Baker about Technology/Policy
· Arien will answer Fred Trotter’s questions:
o Which HITSP documents are we talking about?
o Where is policy coming down from?
o What is the correct language: node or HISP?

To Discuss next time
· The VA asked if their comments on the wiki were read. In case some readers missed them or do not have "Notify Me" enabled, these should be discussed:
· http://nhindirect.org/message/view/Security+and+Trust+Workgroup/23774697
· Review of Basic Trust Model - Keys for Consensus