I am a member of the HIT Standards Privacy and Security workgroup. I really wanted to be physically at the hearing. I had booked hotel and flight; but the day-job got in the way at the last minute. This day-job took me away from the call a few times, each time I really felt I was missing something useful. Pulling the presentations is not sufficient to get the depth of the presentations.
I duplicate the agenda below, but encourage everyone to go to the HIT Standards site to get any updates or recording. I include the agenda simply to inspire you to go get the information.
|Trusted Identity of Physicians in Cyberspace Public Hearing|
Wednesday, July 11, 2012
9:00 am to 3:00 pm/EDT
The DuPont Circle Hotel
1500 New Hampshire Ave NW Washington, DC 20036
|How to Participate||http://altarum.adobeconnect.com/ONChearing/|
My biggest concerns:
a) Provisioning identities is important, but MORE important is keeping identities accurate, de-provisioning, and dispute handling.
b) Setting identity assurance levels and authentication assurance levels is important; but there is too much focus on perfecting these identities, vs recognizing that any service that has protected resources will in real-time make the assessment on if the identity and credentials offered on a request are sufficient to authorize that request. Meaning that we can actually be using different levels-of-assurance in the NwHIN; with purpose-of-use and data-classification specific enforcement.
c) Timeframe - In a perfect world we can define great identities and design NEW systems to use them. BUT there is much existing software and systems and organizations involved. Retrofitting everything is expensive.