FIRE Mins 2019-10-29: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 21: | Line 21: | ||
# A set of question for the developers and auditors to assure compliance. | # A set of question for the developers and auditors to assure compliance. | ||
# A regulatory support system from appropriate legal and audit agencies (some means for selecting the approved auditors, etc.) | # A regulatory support system from appropriate legal and audit agencies (some means for selecting the approved auditors, etc.) | ||
* Mary and Jeff listed the processes that allowed the IDEF to become | # Accepting and incorporating feedback from the field. | ||
# | * Mary and Jeff listed the processes that allowed the IDEF to become operational | ||
# Took 1.5 years of weekly meetings to refine the NSTIC principles in the security, privacy and user experience committees. | |||
# At the end of that process the efforts were harmonized and the need for a interop section was uncovered. | |||
# A concierge was hired to help with the coordination, publishing and support for entities that wanted to achieve compliance. | |||
# Feedback from the result was taken and a second display (trust registry) was created to incorporate that feedback. | |||
* The experience of create the IDEF would be a good plan for how to move our plans into practice. | |||
* Discussion of patient consent resulting in some ideas to feedback into the Kantara groups working on that part of the problem. | |||
Revision as of 17:36, 29 October 2019
Minutes of regular weekly meeting of the FIRE WG
- Date 2019-10-29
- Attendees
- Jim Kragh - Chari
- Sal D'A
- Mary Hodder
- Jeff Brennen
- Tom Jones - recorded these mins
- Agenda - discuss doc Patient Choice
notes
- Discussion of where to take the doc when approved - Jim's proposal was to vet the doc with Dr. Tom Sullivan and the present to Debbie Buchie at ONC. From there it can be presented to the various groups, like the CARIN Alliance.
- Main point of doc was to ensure the following direction of the Trustworthy Healthcare Ecosystem and the Health Care Profile
- There will be a trust registry of web sites that have been confirmed as entities that are covered by the HIPAA regulations with free access at patients.
- There will be a way to evaluate healthcare apps that protect patient healthcare Information (PHI) that the patient or guardian accesses.
- There will be a way to authenticate users to NIST SP 800-63-3 IAL2 and AAL2 that will inter-operate across the above listed entities.
- The user will trust the resultant healthcare ecosystem.
- The following is a proposed plan for getting to trustworthy patient apps.
- Code of Conduct of the app - starting with the proposal from the CARIN Alliance with possible input from ME2B work.
- Code of Practice - a more technical presentation of how the app achieves the designation of meeting the code of conduct.
- A set of question for the developers and auditors to assure compliance.
- A regulatory support system from appropriate legal and audit agencies (some means for selecting the approved auditors, etc.)
- Accepting and incorporating feedback from the field.
- Mary and Jeff listed the processes that allowed the IDEF to become operational
- Took 1.5 years of weekly meetings to refine the NSTIC principles in the security, privacy and user experience committees.
- At the end of that process the efforts were harmonized and the need for a interop section was uncovered.
- A concierge was hired to help with the coordination, publishing and support for entities that wanted to achieve compliance.
- Feedback from the result was taken and a second display (trust registry) was created to incorporate that feedback.
- The experience of create the IDEF would be a good plan for how to move our plans into practice.
- Discussion of patient consent resulting in some ideas to feedback into the Kantara groups working on that part of the problem.