HIMSIG20080208
Health Identity Management – Special Interest Group of the Liberty Alliance
Minutes of the 02.08.2008 Conference Call
We started the second call of the HIM SIG group today. First, John Fraser sent to the group and announced that the HIM SIG Charter has been finalized and approved by Liberty Board! We also agreed to post it on the wiki.
Secondly, we discussed other health care identity management efforts. Pete Palmer, Wells Fargo mentioned the HiTrust effort (see: http://www.hitrustalliance.org/) . Pete Palmer spoke about how to move these into a single effort, and that these differing projects will only keep the health care industry fragmented.
There was also a lot of discussion about the new feeral initiative for standardized drivers licenses called: RealID. Much of the input was from Dan Combs.
There was discuss that there are lots of different players in this. The US federal Department of Homeland Security (DHS) has recently approved new rules for this. There have been some recent meetings with Brett McDowell (Executive Director of the Liberty Allinace), with AAMVA, Motor Vehicle Administrators, to bring them into the fold. First meetings have happened in just the last few weeks.
Take into account various vertical industries that would relish RealID system. Part of RealID mandate was to have electronically readable driver license.
More discussion that this is another unfunded mandate from Feds. They have backed off from putting chips on cards. Magnetic stripes on card however is moving forward. Dan said a big part of this, is on the “in person” proofing side. People have to show up for example, to go thru in person proofing process, which could be shareable to the health care domain.
Rich Furr, from SAFE Biopharma, said they want to use Driver License to provide antecedent data with prior face-to-face data.
SAIC has found ChoicePoint has access to DMV data. ChoicePoint gets that information to vet people for various identity services.
Dan – ChoicePoint buys this data. Don’t get current information. An interactive, real-time system would be best. Dan has been involved with projects in Iowa, to figure out the RealID project, to figure out funding issues.
Rich Furr, SAFE Biopharma was the guest speaker. John Fraser introduced him, and gave him the floor to introduce SAFE to the group (see: http://www.safe-biopharma.org/ )
SAFE – started 4 years ago, with 8 of the largest pharma companies. Stands for “Signatures and Authentication for Everyone”
Goal is to provide digital identity management focus, using PKI certificates, for digital signatures for b2b and b2regulatory submissions of signed information. Efforts to go paperless, but need an electronic signature with persistence, nonrepudiation and non-tamper services. Led by J&J and Pfizer, helped drive this via PKI.
SAFE has 12 major pharma members now. Works closely with FDA and EU regulators. Broadening their electronic health initiatives.
Rich said one of these new initiatives includes a new partnership with MEDNET USA in Minnesota, US, to provide services to RHIOs and HIEs.
SAFE is now moving to have CAs in the EU, specifically in Germany and Romania, standing up two new CAs to also support “Advanced Electronic Signature” EU standard. Rich said that when that is up, will issue basic and medium software/hardware and roaming id standard credentials.
Also, SAFE is working to get cross-certified with federal bridge. Yesterday, a recommendation from the fed policy cert working group was issued to approve SAFE’s request for cross certification with federal bridge. Rich hopes this will be completed by end of March, 2008.
Rich said SAFE is setting up very scalable and serious infrastructure that can be leveraged by other partners. Since SAFE is a closed system, it can move quickly. SAFE is central hub, with member contracts, that bind their members to the specific document standards they’ve developed, tech specs for RA systems, type of tokens allowed, etc.
Another key feature is arbitration instead of litigation in agreements with customers.
SAFE does not work with directly with the consumer. Members provide certificates to sponsored employees, or to professionals sponsored by employees.
Rich - Microsoft has a project called “Cardspace”, that can include some of these additional attributes. Pete Palmer asked if SAFE would be willing to join with the Identity Assurance SIG and Expert Groups at the Liberty Allinace, and perhaps get certified?
Rich responded that he has reviewed the IA efforts in Liberty, with Molly Shields Uehling, their Executive Director, and will monitor Liberty and possible join. Certified I&A processes are necessary. Need this to begin moving towards a broad level of trust.
ADJOURN
