HISP Rules of the Road Meeting - June 3

From Direct Project
Jump to navigation Jump to search

Agenda

  • (Sean Nolan) Review community-based changes to the wiki. Do a round for consensus.
  • (Brett Peterson) High level overview of wiki changes planned for early next week.


Attendees:

  • David Kibbe (AAFP) co-chair
  • Brett Peterson (ABILITY) co-chair
  • Greg Meyer (Cerner)
  • Andy Heeren (Cerner)
  • Gary Christensen (RIQI)
  • Arthur Hedge (Health-ISP)
  • John Williams (Health-ISP)
  • Don Jorgenson (Inpriva)
  • Mark Stine (MedPlus)
  • Umesh Madan (Microsoft)
  • Sean Nolan (Microsoft)
  • Will Ross (RedwoodMedNet)
  • Pete Palmer (SureScripts)
  • Sri Koka (TechCent)
  • Pete Greaves ()
  • John Odden ()
  • Greg Chittim (Arcadia / RIQI)


Absent:

  • Steven Waldren (AAFP)
  • David McCallie (Cerner)
  • Adrian Gropper (HealthURL)
  • Noam Artz (HLN)
  • Pat Pyette (Inpriva)
  • Ali Emami (Microsoft)
  • Brian Ahier ()
  • Dan Kazzaz (Secure Exchange Solutions)
  • Boris Shur (Secure Exchange Solutions)
  • Mark Gingrich (SureScripts)


Notes:

  • (David Kibbe) Paul Eggerman conversation review re: FBCA cross certification
    • A fairly tense call
    • Paul’s position is that there needs to be a single standard for origination of certs. Tiger Team position is that the FBCA is the best source for this
    • Thinks this will be relatively inexpensive, with opportunities for reselling
    • Kibbe and Nolan – tried to persuade otherwise, fear that the way this was approach was implemented is that government taking over the broader PKI infrastructure
    • Agreed to continue the conversation
    • Think our work is still valuable, as there is white space we can fill
    • Not looking for decision to change, but for encouragement that the work we’re doing is valid and valuable. Didn’t get it.
    • Arien has definitely followed up, encouraging us to move forward
  • (Sean Nolan) Review community-based changes to the wiki. Do a round for consensus
    • Based on small group discussion last week
    • http://wiki.directproject.org/Direct+Communities
    • Looking at the diversity of usage – Ecosystem, Federal, Citizen
    • ROUND- thoughts of splitting this into these communities, where most of our work would continue in Ecosystem and Citizen. Federal would be driven by ONC, etc…
      • David Kibbe (AAFP) co-chair
        • People are starting to call me who are interested in what we’re doing. Some may join these groups
        • Brett Peterson (ABILITY) co-chair
          • Very much in favor. Want to cover additional details to make it even clearer next week
          • Greg Meyer (Cerner)
            • From tech perspective, have nothing against it. With respect to trust circles, if HISPs are participating with both FBCA and baseline, is there any conflict there?
            • Inherently anyone in the FBCA trusts each other
            • Sean – because we can have multi-anchors, and they can be built out in the DB with flexibility in the hierarchy, this is doable. However, if you trust the FB, you can’t *exclude* someone who has a FB cert
            • Andy Heeren (Cerner)
              • Greg covered much of my thoughts.
              • Will participate in all communities.
            • Arthur Hedge (Health-ISP)
              • Looks good. Will need to focus on the intersections to move forward.
              • Maybe there is the private revocation list to maintain who you don’t trust.
            • John Williams (Health-ISP)
              • Will actively support ecosystem and citizen communities
            • Don Jorgenson (Inpriva)
              • Looking forward to day when there is public-private governance
            • Mark Stine (MedPlus) – no adds
            • Sean Nolan (Microsoft) – no adds
            • Umesh Madan (Microsoft) – no adds
            • Will Ross (RedwoodMedNet) – no adds
            • Gary Christensen (RIQI)
              • Ecosystem and Federal seems like a timing issue, as opposed to a broad divergence to implementation. By default, it seems like we’re in the ecosystem one.
              • In the short term, decisions seem to be around identity proofing and whether the certs root up to the FBCA
              • Want to continue to forge ahead
            • Pete Palmer (SureScripts)
              • Will likely focus on the Federal group
              • Have done a number of pilot projects with the FB
            • Sri Koka (TechCent)
              • As a HISP, if we want to add a provider, do we need to characterize them as one of these communities?
              • Kibbe – we have a core model emerging, where most provider will get Direct address based on their orgs contracting with a HISP. In that case, it will be up to the organization to decide whether they need to have Direct communications with Federal agencies or not. Market will likely determine if classification is needed
            • Greg Chittim (Arcadia / RIQI) – no adds
            • Pete Greaves ()
            • John Odden ()
              • Like the three communities. Plus some tech evangelism is what we need
              • Being able to explain to the HC community is key to our success
  • (Brett Peterson) High level overview of wiki changes planned for early next week
    • In the next week, planning to restructure the wiki beginning of next week to support the three communities
    • Now have a consensus statement and a charter statement
    • Future
      • Move much of intro info from consensus statement to communities top level page
      • Each community wiki page will have 5 common sections
        • Intro
        • PKI/Security policy
        • HIDP policy
        • HISP policy
        • Governance
        • Move existing consensus statement to Ecosystem community page
        • Gary – this starts to institutionalize divergence. Other than the question of where cert ends up, is there really going to be much difference?
        • Kibbe – need a way to put the Federal community on a shelf that we look at every once in a while, but there is a long process of regulatory and NPRMs – too much uncertainty about where that will end up. If we want to get on with best practices for other communities, we don’t want to be blocked by this
  • (Gary Christensen) Overview of RIQI progress
    • We’re moving ahead very directly.
    • Down to the detailed operational level.
    • We’re making sure that we’re doing are in line with this group. Much of what we thought was important has ended up in the consensus statement
    • Planning to issue RFP for CA in the coming weeks.
    • Documenting detailed workflows. Planning to share with this group.
    • One of our absolute cardinal rules is vanilla, industry standards. Don’t want anything that is a RI-specific way to do this. There may be some differences than from what people do now, but no underlying constructs that go against trends.
    • Organization vs. individual certificates – most of our thinking has focused on the latter. Don’t think there’s much difference, but we’re circling back to confirm.
    • Kibbe – organization certificates have some HIPAA implications
    • Kibbe – are you part of 10 state consortium dealing with some of these issues? Same group as the one doing EHR consolidation. They are figuring out how to standardize the Direct implementations. If you’re not in that group then you should be.
    • NY is the program office for the consortium