Trusted Identity of Physicians in Cyberspace Public Hearing

ONC did another FANTASTIC job of putting together an agenda and gathering experts. Not only that but the coverage of the healthcare space and coverage of the identity space was exceptional. I hope you all were watching this testimony, if not please get the recording. This was also not just the HIT Standards Privacy and Security workgroup but also the HIT Policy Privacy and Security tiger team. The intention was to inform these groups, not to make any decisions. The decisions and discussion will happen in future meetings.

I am a member of the  HIT Standards Privacy and Security workgroup. I really wanted to be physically at the hearing. I had booked hotel and flight; but the day-job got in the way at the last minute. This day-job took me away from the call a few times, each time I really felt I was missing something useful. Pulling the presentations is not sufficient to get the depth of the presentations. 


I duplicate the agenda below, but encourage everyone to go to the HIT Standards site to get any updates or recording. I include the  agenda simply to inspire you to go get the information.

Trusted Identity of Physicians in Cyberspace Public Hearing Wednesday, July 11, 2012 9:00 am to 3:00 pm/EDT The DuPont Circle Hotel 1500 New Hampshire Ave NW Washington, DC 20036
How to Participate	http://altarum.adobeconnect.com/ONChearing/
Meeting Agenda	Agenda [PDF - 101 KB]
Meeting Materials	800-63 for HIT Polk [PPT - 71 KB]* OneID June 2012 HHS Kirsch [PPT - 797 KB]* OneID Written Materials for Trusted Identities Hearing [DOC - 27.1 KB]* Provider Identities Rick Rubin [PDF - 260 KB]* Surescripts Trusted Identity of Physicians in Cyberspace Testimony [DOC - 201 KB]* Federal Advisory Committee Trenkle [PPT - 2,110 KB]* Trusted Identities Hearing [PPT - 202 KB]* NSTIC ONC Meeting Grant [PPT - 1.39 MB]* ONC TS July 2012 [PPT - 368 KB]* ONC Verbal [DOC - 17 KB]* Presenter Biographical Sketches [DOC - 34.4 KB]* Verizon FAC Presentation Evans [PPT - 2.17 MB]* NSTIC Physician Steering Committee [PPT - 588 KB]* Trusted Providers in Cyberspace EHR Bias [PPT - 1.15 MB]*

My biggest concerns:

a) Provisioning identities is important, but MORE important is keeping identities accurate, de-provisioning, and dispute handling.
b) Setting identity assurance levels and authentication assurance levels is important; but there is too much focus on perfecting these identities, vs recognizing that any service that has protected resources will in real-time make the assessment on if the identity and credentials offered on a request are sufficient to authorize that request. Meaning that we can actually be using different levels-of-assurance in the NwHIN; with purpose-of-use and data-classification specific enforcement.
c) Timeframe - In a perfect world we can define great identities and design NEW systems to use them. BUT there is much existing software and systems and organizations involved. Retrofitting everything is expensive.