From brett at projectliberty.org Tue Apr 1 08:32:13 2008 From: brett at projectliberty.org (Brett McDowell) Date: Tue, 1 Apr 2008 11:32:13 -0400 Subject: [SIG-HIM] Fwd: FW: DOH presentation In-Reply-To: References: Message-ID: FYI Brett McDowell | Liberty Alliance | vCard| Calendar ---------- Forwarded message ---------- From: Marshall, Glen (MED US) Date: Tue, Apr 1, 2008 at 11:12 AM Subject: FW: DOH presentation To: HITSP-SEC-PRIV-INFRA-DOM-TC at maillist.ansi.org The attached document offers a very interesting view of consents and privacy. Glen -----Original Message----- From: Bechtel, Donald (MED US) Sent: Tuesday, April 01, 2008 11:06 AM To: Marshall, Glen (MED US) Subject: FW: DOH presentation FYI, this is a very interesting document summarizing where NY RHIO is in their thinking on privacy and security, and other HIE issues. Don ---------------------------------------------------------------------------- This message and any included attachments are from Siemens Medical Solutions and are intended only for the addressee(s). The information contained herein may include trade secrets or privileged or otherwise confidential information. Unauthorized review, forwarding, printing, copying, distributing, or using such information is strictly prohibited and may be unlawful. If you received this message in error, or have reason to believe you are not authorized to receive it, please promptly delete this message and notify the sender by e-mail with a copy to Central.SecurityOffice at siemens.com Thank you -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.projectliberty.org/pipermail/sig-him_lists.projectliberty.org/attachments/20080401/b35d633f/attachment-0001.html -------------- next part -------------- A non-text attachment was scrubbed... Name: RHIOConsent080310.pdf Type: application/pdf Size: 252565 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-him_lists.projectliberty.org/attachments/20080401/b35d633f/attachment-0001.pdf From lara.zimberoff at mednet.org Thu Apr 3 08:13:59 2008 From: lara.zimberoff at mednet.org (Lara Zimberoff) Date: Thu, 3 Apr 2008 10:13:59 -0500 Subject: [SIG-HIM] HIM SIG 2008-04-04 Call Reminder on behalf of John Fraser Message-ID: Health Identity Management, Special Interest Group of the Liberty Alliance Reminder of our call tomorrow, Friday, April 4th, 2008, 10:00 am to 11:00 am US Central (4:00 pm to 5:00 pm GMT). Please check our wiki for call-in times and numbers at the link below. http://wiki.projectliberty.org/index.php/Health_Identity_Management_SIG We look forward to having you on the call! Lara Zimberoff MEDNET USA ------------------------------- Phone: 612-435-7600 Fax: 612-435-7601 www.MEDNET.org 333 Washington Ave N, Suite 208 Minneapolis, MN 55401 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.projectliberty.org/pipermail/sig-him_lists.projectliberty.org/attachments/20080403/1e6747e9/attachment.html From lara.zimberoff at mednet.org Thu Apr 3 14:22:59 2008 From: lara.zimberoff at mednet.org (Lara Zimberoff) Date: Thu, 3 Apr 2008 16:22:59 -0500 Subject: [SIG-HIM] Update regarding 2008-04-04 HIM SIG Call Message-ID: HIM SIG call participants, Eric Tiffany of Project Liberty will be participating in the HIM SIG call tomorrow, 4/4/2008 at 10:00 am Central, 4:00 pm GMT. Eric will be discussing Liberty's interest in building an eHealth profile for SAML2. Once again, we look forward to having you all on the call. Have a great day! Lara Zimberoff MEDNET USA ------------------------------- Phone: 612-435-7600 Fax: 612-435-7601 www.MEDNET.org 333 Washington Ave N, Suite 208 Minneapolis, MN 55401 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.projectliberty.org/pipermail/sig-him_lists.projectliberty.org/attachments/20080403/40853166/attachment.html From kurt at projectliberty.org Thu Apr 3 16:12:43 2008 From: kurt at projectliberty.org (Kurt Kolok) Date: Thu, 3 Apr 2008 19:12:43 -0400 Subject: [SIG-HIM] HIM SIG Minutes 03-07 & 03-21, 2008 Message-ID: <00e901c895e0$4ad2a1b0$e077e510$@org> All, Following is a link to the minutes for March 7 and 21st on the SIG member page. Please advise if there are changes that need to be made. http://wiki.projectliberty.org/index.php/Health_Identity_Management_SIG#Meet ing_Minutes Regards, Kurt Kurt Kolok Liberty Alliance Project Program Coordinator -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.projectliberty.org/pipermail/sig-him_lists.projectliberty.org/attachments/20080403/ce220390/attachment.html From eric at projectliberty.org Mon Apr 14 13:48:35 2008 From: eric at projectliberty.org (Eric Tiffany) Date: Mon, 14 Apr 2008 16:48:35 -0400 Subject: [SIG-HIM] Test Message-ID: Listserve rebooted, testing -- ____________________________________________________ Eric Tiffany | eric at projectliberty.org Interop Tech Lead | +1 413-458-3743 Liberty Alliance | +1 413-627-1778 mobile From kurt at projectliberty.org Thu Apr 10 17:30:25 2008 From: kurt at projectliberty.org (Kurt Kolok) Date: Thu, 10 Apr 2008 20:30:25 -0400 Subject: [SIG-HIM] Meeting Minutes April 4, 2008 Message-ID: <001f01c89b6b$4f8129d0$ee837d70$@org> All, The minutes from our last meeting have been posted to the HIM SIG wiki page at the following link: http://wiki.projectliberty.org/index.php/HIMSIG20080404 Please note, the next call will take place next Friday, April 18 at 10:00 - 11:00am Central US time (4 p.m. GMT). Regards, Kurt Kurt Kolok Liberty Alliance Project Program Coordinator -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.projectliberty.org/pipermail/sig-him_lists.projectliberty.org/attachments/20080410/ae51df58/attachment.html From eric at projectliberty.org Thu Apr 17 08:17:07 2008 From: eric at projectliberty.org (Eric Tiffany) Date: Thu, 17 Apr 2008 11:17:07 -0400 Subject: [SIG-HIM] FW: [security-services] Complimentary OASIS Webinar -- 'Hear the Experts Describe the Relationship between OpenID, Higgins, i-names, and XDI' -- 6 May 2008, 11:00AM EDT In-Reply-To: Message-ID: For anyone not on the OASIS lists... Possibly interesting webinar about OpenID, XRI/XRDS, and Higgins. ET -- ____________________________________________________ Eric Tiffany | eric at projectliberty.org Interop Tech Lead | +1 413-458-3743 Liberty Alliance | +1 413-627-1778 mobile ------ Forwarded Message From: Dee Schur Organization: OASIS Date: Thu, 17 Apr 2008 10:45:35 -0400 To: , , , , , , , , , , Cc: Subject: [security-services] Complimentary OASIS Webinar -- 'Hear the Experts Describe the Relationship between OpenID, Higgins, i-names, and XDI' -- 6 May 2008, 11:00AM EDT **Hear the Experts Describe the Relationship between OpenID, Higgins, i-names, and XDI** Join us for another **COMPLIMENTARY** and thought-provoking OASIS Webinar: Date: Tuesday, May 6, 2008 Time: 11:00 AM - 12:00 PM EDT Reserve your Webinar seat now at: https://www1.gotomeeting.com/register/332275036 Overview: What do OpenID, the Higgins Project, i-names, and XDI (XRI Data Interchange) all have in common? They all use the XRI 2.0 digital identifier specifications and XRDS discovery format from the OASIS XRI (Extensible Resource Identifier) Technical Committee. Come to this one-hour webinar and learn: * Why distributed directories, digital identity frameworks, ontologies, reputation systems, and other emerging Web technologies need abstract structured identifiers. * How XRI syntax combines the best features of URNs (Uniform Resource Names) and HFNs (Human-Friendly Names). * How XRIs are backwards-compatible with URIs (Uniform Resource Identifiers) and IRIs (Internationalized Resource Identifiers). * How XRDS documents are rapidly becoming the defacto service discovery format for user-centric identity and data portability. * The problems XRI and XRDS solved for OpenID Authentication 2.0. System Requirements PC-based attendees Required: Windows? 2000, XP Home, XP Pro, 2003 Server, Vista Macintosh?-based attendees Required: Mac OS? X 10.3.9 (Panther?) or newer ------ End of Forwarded Message -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.projectliberty.org/pipermail/sig-him_lists.projectliberty.org/attachments/20080417/8debe672/attachment-0001.html From lara.zimberoff at mednet.org Thu Apr 17 11:04:15 2008 From: lara.zimberoff at mednet.org (Lara Zimberoff) Date: Thu, 17 Apr 2008 13:04:15 -0500 Subject: [SIG-HIM] HIM SIG 2008-04-18 Call Reminder on behalf of John Fraser Message-ID: Health Identity Management, Special Interest Group of the Liberty Alliance Reminder of our call tomorrow, Friday, April 18th, 2008, 10:00 am to 11:00 am US Central (4:00 pm to 5:00 pm GMT). Please check our wiki for call-in times and numbers at the link below. http://wiki.projectliberty.org/index.php/Health_Identity_Management_SIG We look forward to having you on the call! Lara Zimberoff MEDNET USA ------------------------------- Phone: 612-435-7600 Fax: 612-435-7601 www.MEDNET.org 333 Washington Ave N, Suite 208 Minneapolis, MN 55401 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.projectliberty.org/pipermail/sig-him_lists.projectliberty.org/attachments/20080417/a73362fa/attachment.html From brett at projectliberty.org Thu Apr 17 11:09:04 2008 From: brett at projectliberty.org (Brett McDowell) Date: Thu, 17 Apr 2008 14:09:04 -0400 Subject: [SIG-HIM] HIM SIG 2008-04-18 Call Reminder on behalf of John Fraser In-Reply-To: References: Message-ID: What's tomorrow's agenda? On Thu, Apr 17, 2008 at 2:04 PM, Lara Zimberoff wrote: > Health Identity Management, Special Interest Group of the Liberty > Alliance > > > > Reminder of our call tomorrow, Friday, April 18th, 2008, 10:00 am to 11:00 > am US Central (4:00 pm to 5:00 pm GMT). Please check our wiki for call-in > times and numbers at the link below. > > http://wiki.projectliberty.org/index.php/Health_Identity_Management_SIG > > > > We look forward to having you on the call! > > > > > > *Lara Zimberoff* > > *MEDNET USA* > > ------------------------------- > > Phone: 612-435-7600 > > Fax: 612-435-7601 > > *www.MEDNET.org* > > 333 Washington Ave N, Suite 208 > > Minneapolis, MN 55401 > > > > _______________________________________________ > SIG-HIM mailing list > SIG-HIM at lists.projectliberty.org > > http://lists.projectliberty.org/mailman/listinfo/sig-him_lists.projectliberty.org > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.projectliberty.org/pipermail/sig-him_lists.projectliberty.org/attachments/20080417/1dbaa0a5/attachment.html From lara.zimberoff at mednet.org Fri Apr 18 06:23:42 2008 From: lara.zimberoff at mednet.org (Lara Zimberoff) Date: Fri, 18 Apr 2008 08:23:42 -0500 Subject: [SIG-HIM] HIM SIG agenda for call today (4/18) Message-ID: The agenda for the HIM SIG call today, 4/18 at 10:00 am Central, 4:00 pm GMT is as follows: 1. Asa Hardcastle - Introducing and Discussing New Open Liberty Project 2. Dan Combs - Federating the Federations, Cross-boundary Identity Management We look forward to having you on the call! Lara Zimberoff MEDNET USA ------------------------------- Phone: 612-435-7600 Fax: 612-435-7601 www.MEDNET.org 333 Washington Ave N, Suite 208 Minneapolis, MN 55401 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.projectliberty.org/pipermail/sig-him_lists.projectliberty.org/attachments/20080418/b3fc8089/attachment.html From john.fraser at mednet.org Fri Apr 18 06:55:41 2008 From: john.fraser at mednet.org (John Fraser) Date: Fri, 18 Apr 2008 08:55:41 -0500 Subject: [SIG-HIM] Invitation to Liberty Alliance Healthcare SIG In-Reply-To: <229696f0804171422v7a22e12ayad65610a78578412@mail.gmail.com> References: <229696f0804171422v7a22e12ayad65610a78578412@mail.gmail.com> Message-ID: Hey Missy, Thanks for getting back to me. Sorry you can't make the call, I understand. However, feel free to monitor any of our calls if you want to see what we are discussing - our agenda today is on OpenLiberty and Federated Identities in health care, something that might be helpful to Google in the future. Thanks again, John Fraser MEDNET USA From: Missy Krasner [mailto:missy at google.com] Sent: Thursday, April 17, 2008 4:23 PM To: John Fraser Cc: Eric Sachs Subject: Re: Invitation to Liberty Alliance Healthcare SIG Hey John - My name is Missy and I work on the health team at Google. Eric passed this message onto me. Eric used to be on the health team and is now working on other products at Google. At the current time, Google Health is not launched publicly yet and we are still in pliot with the Cleveland Clinic. We will have to pass on joining your calls until after we launch. So keep in touch with me and once you hear of our launch loop back. We have no exact launch date but are working to move from pilot to public availability very soon. thanks Missy Krasner Google 1600 Amphitheater Parkway Mountain View, CA 94043 missy at google.com (650) 253-3246 Direct Office (650) 862-5145 Cell Phone ---------- Forwarded message ---------- From: John Fraser Date: Thu, Apr 17, 2008 at 4:42 AM Subject: Invitation to Liberty Alliance Healthcare SIG To: esachs at google.com Cc: Joseph Baron Eric, If you recall you spoke to our group I believe before we became part of Liberty. Now that you guys have launched your Google Health initiative and have a single sign on service that seems to compatible?? with Liberty, I thought you, or someone on your staff, might want to catch up the group on where Google Health is, and where the health community can use Liberty to collaborate with you. We meet tomorrow, at 10 a.m. central, then have a call every other week, same time. If you can make it tomorrow or another time, I'd appreciate it. Here is our Liberty Wiki: http://wiki.projectliberty.org/index.php/Health_Identity_Management_SIG And call in information: Next Call: Friday, April 18, 2008 - Time: 10:00 - 11:00 Central US time (4 p.m. GMT) US toll-free number: 866-469-3239 US toll number: 650-429-3300 Meeting Number or Access Code: 57684181# Thanks Eric, JF John Fraser, CEO MEDNET USA 333 Washington Ave North, Suite 208 Minneapolis, MN 55401 US Telephone: +1 612.435.7602 Fax: +1 612.435.7601 -- "This email may be confidential or privileged. If you received this communication by mistake, please don't forward it to anyone else, please erase all copies and attachments, and please let me know that it went to the wrong person. Thanks." -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.projectliberty.org/pipermail/sig-him_lists.projectliberty.org/attachments/20080418/c3083782/attachment-0001.html -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/png Size: 168 bytes Desc: image001.png Url : http://lists.projectliberty.org/pipermail/sig-him_lists.projectliberty.org/attachments/20080418/c3083782/attachment-0002.png -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/png Size: 166 bytes Desc: image002.png Url : http://lists.projectliberty.org/pipermail/sig-him_lists.projectliberty.org/attachments/20080418/c3083782/attachment-0003.png From dan.combs at nationalepcc.org Fri Apr 18 07:29:00 2008 From: dan.combs at nationalepcc.org (Dan Combs) Date: Fri, 18 Apr 2008 10:29:00 -0400 Subject: [SIG-HIM] FW: A Colleague Has Sent You a Govtech.com Article Link Message-ID: <005101c8a160$8c3a1c10$a4ae5430$@combs@nationalepcc.org> Although the article below (link provided) does not deal directly with Identity Management in Health Care I do believe it is poignant and provides background for today's discussion and why HIM and the work of this Special Interest Group is important. It also provides a good springboard for ranting about the deterioration of the human species and other interesting digressions. J Best regards, Dan Dan Combs Director, National Emergency Preparedness Coordinating Council www.nationalepcc.org Board Member, EC3 (NECCC) www.ec3.org Program Director, MIT Real ID Forum MIT Real ID Forum Real-ID-NPRM Member, Harvard Policy Group Dan.combs at nationalepcc.org 202-558-6910 515-238-8428 mobile Skype: dan combs Thanks for making the Atlanta Regional Conference a success Information and Registration for the EC3/NEPCC Emergency Governance workgroup From: Govtech.com [mailto:dan.combs at globalidentitysolutions.com] Sent: Friday, April 18, 2008 10:19 AM To: dan.combs at nationalepcc.org Subject: A Colleague Has Sent You a Govtech.com Article Link dan.combs at globalidentitysolutions.com saw this article at govtech.com and thought you would be interested. Using the Internet to Physically Harm People with epilepsy were singled out in an online assault. http://www.govtech.com/gt/articles/290089 Message from sender: undefined Visit Govtech.com for the latest news, videos, photos, events and training opportunities for State and Local Government. Add to My Briefcase Email to a friend Please note that this email was sent to you by a visitor to Govtech.com. Their emaill address has not been verified. Copyright 2007 Government Technology | Privacy Policy -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.projectliberty.org/pipermail/sig-him_lists.projectliberty.org/attachments/20080418/8eb87fc7/attachment-0001.html -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/png Size: 17197 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-him_lists.projectliberty.org/attachments/20080418/8eb87fc7/attachment-0001.png From brett at projectliberty.org Thu Apr 17 11:35:12 2008 From: brett at projectliberty.org (Brett McDowell) Date: Thu, 17 Apr 2008 14:35:12 -0400 Subject: [SIG-HIM] Fwd: Southeast Michigan Health Information Exchange In-Reply-To: References: Message-ID: FYI... I'm forwarding this as information as this is a key RHIO to work with and stay in touch with (not to promote the vendor opportunity that it relates to, but it is there should you be interested). This might be work responding to from an "expertise" point of view, helping them craft their requirements especially as they relate to SAML 2.0 and ID-WSF. Is responding to this RFI something we want to collectively tackle as a SIG? ---------- Forwarded message ---------- From: Semhie Info Date: Tue, Apr 15, 2008 at 4:56 PM Subject: Southeast Michigan Health Information Exchange To: April 15, 2008 The Southeast Michigan Health Information Exchange (SEMHIE) is a multi-stakeholder initiative dedicated to delivering the promise of an integrated health information exchange throughout Southeast Michigan. SEMHIE covers five Michigan counties of the Wayne Medical Trading Area. Over 50 hospitals and medical centers operate within this region. In addition, more than half the state's physician population, 17,000 MDs and DOs, practices in the region. SEMHIE is in the early stages of forming a Regional Health Information Organization (RHIO) and developing a plan for creating a Health Information Exchange (HIE) capability. Our vision is to establish a full HIE capability with an initial focus on the facilitation of existing provider communications, currently conducted primarily through fax phone or paper means. The communication of laboratory, radiology, admission notification and medication related data are of top priority. Functionality allowing for the enhancement of e-prescribing technology and the two way exchange of clinical information focused on information needs during transfers in care are also included in the goals of SEMHIE. You have been contacted because of your expertise related to HIE technology and/or security. SEMHIE would appreciate any suggestions or comments you may have about the attached Request for Information (RFI) by May 16, 2008. If you have any questions, please email semhie.info at altarum.org. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.projectliberty.org/pipermail/sig-him_lists.projectliberty.org/attachments/20080417/f5d531c1/attachment-0001.html -------------- next part -------------- A non-text attachment was scrubbed... Name: image002.jpg Type: image/jpeg Size: 7755 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-him_lists.projectliberty.org/attachments/20080417/f5d531c1/attachment-0001.jpg -------------- next part -------------- A non-text attachment was scrubbed... Name: SEMHIE_RFI .pdf Type: application/pdf Size: 81112 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-him_lists.projectliberty.org/attachments/20080417/f5d531c1/attachment-0002.pdf -------------- next part -------------- A non-text attachment was scrubbed... Name: Vendor Ref Form.pdf Type: application/pdf Size: 26408 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-him_lists.projectliberty.org/attachments/20080417/f5d531c1/attachment-0003.pdf From rkmoore at ehealthohio.org Fri Apr 18 09:18:00 2008 From: rkmoore at ehealthohio.org (Richard Moore - eHealth Ohio) Date: Fri, 18 Apr 2008 12:18:00 -0400 Subject: [SIG-HIM] CCHIT Use Cases Message-ID: <019101c8a16f$d9d9cab0$0400a8c0@DME3> Here are the CCHIT use cases under comment period. More description of the process below: Rick Richard Moore President eHealth Ohio 877-813-9750 Voice/Fax rkmoore at ehealthohio.org During this public comment period, comments will be accepted related to: * Changes to the 2008 criteria since the last publication. These spreadsheet rows have been highlighted in yellow. Deletions have been marked using strikethrough font. Additions have been marked using a red font. * Changes to the test script since the pilot test. These changes have been highlighted using track changes. Deletions have been marked using red, strikethrough font. Additions have been marked using blue, underlined font. The following documents are available for review and open for public comments: * Ambulatory proposed final criteria * Child Health proposed final criteria * Ambulatory proposed final test script (includes optional test steps for additional Child Health certification) * Cardiovascular proposed final criteria * Cardiovascular proposed final test script * Network proposed final 2008 criteria * Network first draft test script * Security proposed final test script (used for Ambulatory, Emergency Department and Inpatient certification) The documents listed above will be edited based upon public comments and, pending Certification Commission approval, published as final versions for 2008 certification on May 20th, 2008. Please note: The test scripts and criteria for Emergency Department, Inpatient and Enterprise certification are not being published for this public comment period. Additional criteria validation and pilot testing are required before these documents will be published in a proposed final version for public comment. Due to this delay, adjustments will be made in the timing of the proposed final public comment period, with publication of the final versions and the initial certification application period. Additional information will be communicated as it becomes available. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.projectliberty.org/pipermail/sig-him_lists.projectliberty.org/attachments/20080418/02ebea96/attachment-0001.html -------------- next part -------------- A non-text attachment was scrubbed... Name: CCHITPublicComment20080417ALL.zip Type: application/x-zip-compressed Size: 3080333 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-him_lists.projectliberty.org/attachments/20080418/02ebea96/attachment-0001.bin From brett at projectliberty.org Tue Apr 22 07:15:04 2008 From: brett at projectliberty.org (Brett McDowell) Date: Tue, 22 Apr 2008 10:15:04 -0400 Subject: [SIG-HIM] CCHIT Use Cases In-Reply-To: <019101c8a16f$d9d9cab0$0400a8c0@DME3> References: <019101c8a16f$d9d9cab0$0400a8c0@DME3> Message-ID: <3E693633-2803-42BA-AE0D-559099036558@projectliberty.org> I don't know about others on this list, but I won't be able to find the time to study all of these documents in time for getting feedback out to CCHIT. So my following suggested input to CCHIT is based on my working knowledge of HITSP and not based on a detailed knowledge of these documents. I am fairly certain that several of these systems will require usage of HITSP constructs such as TP20 which contain normative reference to SAML 2.0. Based on that conclusion I believe it would be appropriate to get back to CCHIT with the following input (may need some word- smithing): On behalf of the Liberty Alliance Project -- an industry consortium representing 150 businesses, governments, and universities who have collectively developed identity management technology standards and business frameworks since 2001 and operating an internationally accepted interoperability and certification program for products and services implementing SAML 2.0 and ID-WSF since 2003 -- we strongly recommend that CCHIT analyze its certification requirements against existing standards and leverage pre-existing interoperability certification programs wherever possible as opposed to spending tax payer dollars creating all new testing programs from scratch, neglecting to leverage previous investments by industry to perform the same service. As one international organization with a pre- existing certification program that is expanding its scope, we would welcome a dialog with CCHIT to ensure our program fully aligns with and can be required by CCHIT for NHIN certifications. We would like to also point out that the United States Government, through the eAuthentication Program of the Generals Services Administration, has already done just this. GSA worked with Liberty Alliance to ensure the program met its needs and has now publicly required all products to go through that certification before being qualified for the GSA schedule. If others can come up with a more specific form of feedback to CCHIT, all the better. But this is the best I can do on such short notice. Kind Regards, P.S. I've copied Ari, Beth, David, Britta, and Myisha to help with the word- smithing :-) -- Brett On Apr 18, 2008, at 12:18 PM, Richard Moore - eHealth Ohio wrote: > Here are the CCHIT use cases under comment period. More description > of the process below: > > Rick > > Richard Moore > President > eHealth Ohio > 877-813-9750 Voice/Fax > rkmoore at ehealthohio.org > > During this public comment period, comments will be accepted related > to: > > * Changes to the 2008 criteria since the last publication. These > spreadsheet rows have been highlighted in yellow. Deletions have been > marked using strikethrough font. Additions have been marked using a > red > font. > * Changes to the test script since the pilot test. These changes > have been highlighted using track changes. Deletions have been marked > using red, strikethrough font. Additions have been marked using blue, > underlined font. > > The following documents are available for review and open for public > comments: > > * Ambulatory proposed final criteria > * Child Health proposed final criteria > * Ambulatory proposed final test script (includes optional test > steps for additional Child Health certification) > * Cardiovascular proposed final criteria > * Cardiovascular proposed final test script > * Network proposed final 2008 criteria > * Network first draft test script > * Security proposed final test script (used for Ambulatory, > Emergency Department and Inpatient certification) > > The documents listed above will be edited based upon public comments > and, pending Certification Commission approval, published as final > versions for 2008 certification on May 20th, 2008. > > Please note: The test scripts and criteria for Emergency Department, > Inpatient and Enterprise certification are not being published for > this > public comment period. Additional criteria validation and pilot > testing > are required before these documents will be published in a proposed > final version for public comment. Due to this delay, adjustments > will be > made in the timing of the proposed final public comment period, with > publication of the final versions and the initial certification > application period. Additional information will be communicated as it > becomes available. > < > CCHITPublicComment20080417ALL > .zip>_______________________________________________ > SIG-HIM mailing list > SIG-HIM at lists.projectliberty.org > http://lists.projectliberty.org/mailman/listinfo/sig-him_lists.projectliberty.org -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.projectliberty.org/pipermail/sig-him_lists.projectliberty.org/attachments/20080422/9ab7d01b/attachment.html From brett at projectliberty.org Tue Apr 22 13:28:19 2008 From: brett at projectliberty.org (Brett McDowell) Date: Tue, 22 Apr 2008 16:28:19 -0400 Subject: [SIG-HIM] Fwd: Call for SDO Participation in the HITSP Info Interchange Subcommittee References: <11169BEA3B01DA4887C61AF9BDA44E03013D12B2@ny-exchange.ANSI.org> Message-ID: <24B49546-982E-4A4C-98DB-370D999A3D00@projectliberty.org> Anyone interested in participating in this on behalf of Liberty Alliance? Begin forwarded message: > From: Michelle Maas Deane > Date: April 22, 2008 11:21:07 AM EDT > To: Donald Bechtel , "fkiernan at ci.meriden.ct.us > " <'fkiernan at ci.meriden.ct.us'>, Dan Smith , "Gary > A. Wallace" , "jon.mcbride at availity.com" <'jon.mcbride at availity.com > '>, "sue-moorhead at uiowa.edu" <'sue-moorhead at uiowa.edu'>, "rkush at cdisc.org > " <'rkush at cdisc.org'>, John Roberts , Todd > Cooper , Valerie Smothers >, Lynne Gilbertson , "mlmurphy at qualityforum.org > " <'mlmurphy at qualityforum.org'>, "serickson at qualityforum.org" <'serickson at qualityforum.org > '>, "Dr. Brett Trusko" , "sfarha at pulseinc.com > " <'sfarha at pulseinc.com'>, "David L. Whitlinger" >, "Sharon K. Stanford" , "Dr. Elliot Sloane" > > Cc: "dkazzaz at disa.org" <'dkazzaz at disa.org'>, Lisa Miller >, "Theresa C. Zuraski" , Michael Miller >, Julie Evans , Karen Van Hentenryck >, Susan Vogel , Brett McDowell >, Patsy McElroy , Lee Ann C Stember >, "dsimon at merge.com" <'dsimon at merge.com'>, "Richard M. Eaton" >, "peter.roden at oasis-open.org" <'peter.roden at oasis-open.org'>, "mary.mcrae at oasis-open.org > " <'mary.mcrae at oasis-open.org'>, Alexandra Goss , > Amanda Byrd , Pamela Dyckhoff >, Gloria Bulechek , Landen Bain >, John Terwilliger , "Dr. Christina > Stephan" , "greene at medbiq.org" > <'greene at medbiq.org'>, Stephen A Vastagh > , "patrick.gannon at oasis-open.org" <'patrick.gannon at oasis-open.org > '>, Joseph Ternullo , "cmeyer327 at aol.com" <'cmeyer327 at aol.com > '>, "jwm1_20021 at naver.com" <'jwm1_20021 at naver.com'>, Ed Larsen > > Subject: Call for SDO Participation in the HITSP Info Interchange > Subcommittee > > CALL FOR STANDARDS ORGANIZATIONS? PARTICIPATION IN THE HITSP > INFORMATION INTERCHANGE SUBCOMMITTEE ? Response Requested no later > then May 5, 2008. > > At the HITSP Board meeting on November 20, 2006, it was agreed to > establish the Foundations Committee. The Board approved the > committee?s terms of reference which included an outline of > committee work products. The Foundations Committee is to develop > recommendations for implementing the standards harmonization > objectives necessary to achieve HITSP?s primary goal of > interoperability. The five objectives are: > > 1. Context/Information Model - establishing a common reference > information model (and subordinate models) to support clinical, > public health, financial, and administrative healthcare functions. > > 2. Terminology/Content Definition ? establishing common reference > terminology models and data content specifications that are > integrated with the information model(s). > > 3. Privacy and Security - establishing a common security framework. > > 4. Methodology- establishing a common methodology/process that all > standards organizations and code set maintainers will follow to > achieve standards harmonization. > > 5. Information Interchange - establishing a common information > interchange format and standards-based application roles and > interactions in a comprehensive dynamic model. > > The result of addressing the five objectives will be a common > framework for developing healthcare interoperability standards, at > the individual SDO level, that supports participation by all SDOs > and that supports concurrent standards harmonization, collaboration > and coordination in order that interoperability is designed into the > standards as they are developed. > The Foundations Committee is in the process of addressing the first > four objectives. Now the Foundations Committee announces the > formation of an Information Interchange Subcommittee to address the > fifth of these objectives. The preliminary scope of the Information > Interchange Subcommittee is to harmonize standards for the exchange > of healthcare information among organizations. The subcommittee will > initially limit its scope to the exchange of text data. > Information interchange does not address how healthcare data are > stored or processed within an organization > Information interchange may convey persistent or transient objects > The committee can look beyond interchange formats specified in > existing standards, legislation and regulations (e.g., HIPAA > Administrative Simplification and Executive Order 13410) > Information interchange standardization includes all healthcare > information interchange architectures such as messaging, structured > documents, health records and service oriented architectures > Information interchange standardization applies to both structured > and unstructured data > The HITSP goal of "full healthcare interoperability" requires > standards harmonization in all five areas for which the Foundations > Committee is responsible. > As with all HITSP committees the Subcommittee is open to all HITSP > members. However in the case of Foundations work, representation > and participation by standards organizations is critical since they > will be the primary implementers of a common standards development > framework. The Subcommittee will adopt a process that identifies > current interchange formats in use by standards organization, future > format directions and then identify specific projects that support > these formats. We will follow the notification procedures and > approval processes adopted by Foundations Committee and approved by > the Panel. This includes two points of formal the notification. > First, the Subcommittee will notify standards organizations and the > entire membership of its intent to initiate Information Interchange > projects and a call for participation by standards organization > representatives. > The second notice follows successful completion of the Information > Interchange projects and approval by the HITSP standards > organizations representatives to alert standards organizations of > the Subcommittee?s intent to publish the Information Interchange > framework. This initiates a 60 day comment period during which > standards organizations may provide negative comments for the > subcommittee to consider and resolve. Following resolution, which > may require a vote of member standards organizations if all > negatives are not resolved, the Subcommittee will send to the Panel > for its final review. > It is essential to the success of this project for each standards > organization to appoint a formal representative to participate in > the subcommittee meetings so that consensus may be achieved prior to > the formal announcement of the framework. We anticipate weekly or > bi-weekly conference calls, some intermediate work and reviews and > one or two face to face meetings of the Foundations Information > Interchange Subcommittee to complete its work. > Please provide the name of your organizations representative to me, > the HITSP Secretariat, at mmdeane at ansi.org by May 5th. We plan a > call with the standards organizations representatives on May 19th at > 3:00 ? 4:30 PM ET. Further call details will be sent out in advance > of the call. Questions may also be addressed to me as well. > ----------------------------------------------- > Michelle Maas Deane > HITSP Secretariat > American National Standards Institute > 25 West 43rd Street - Fourth Floor > New York, NY 10036 > > T: 1.212.642.4884 > F: 1.212.398.0023 > E: mmaasdeane at ansi.org > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.projectliberty.org/pipermail/sig-him_lists.projectliberty.org/attachments/20080422/fdb61fb0/attachment-0001.html From rkmoore at dmeconsult.com Tue Apr 22 16:59:20 2008 From: rkmoore at dmeconsult.com (Richard Moore) Date: Tue, 22 Apr 2008 19:59:20 -0400 Subject: [SIG-HIM] CCHIT Use Cases References: <019101c8a16f$d9d9cab0$0400a8c0@DME3> <3E693633-2803-42BA-AE0D-559099036558@projectliberty.org> Message-ID: <01d701c8a4d4$ebb8d4c0$0400a8c0@DME3> Brett, I think your comments are appropriate. I know that CCHIT is taking HITSP and certainly all the standards within the guidance documents (TP20, CP19, TP30, etc described in TN900) . We probably would have to be more specific as to what might be missing from consideration. HITSP TN900 has a fairly long section of out-of-scope issues or known gaps (PKI is a future requirement). For our current review process we might find it helpful to focus only on the network scenarios. I didn't realize until I began to read through these CCHIT documents that they are limited to requirements for 2008. For reference I will attach CCHIT's earlier document for network from the January 2008 release. If you look through this document you will notice that the areas we are most concerned with are 2009 or later in CCHIT's consideration. They appear to be excluded in the CCHIT documents under comment. So I guess CCHIT could certify a EMR for 2008 and they might de-certify in 2009 when new requirements become agreed upon. One thing I seem unable to find (it just might be me not able to see beyond all the detail)... I do not see a requirement for single sign-on. I can't imagine the NHIN working efficiently without it being a stated goal. I'd be willing to monitor HITSP for the group. I am not sure I can commit to their meeting schedule due to my other activities. Rick Richard Moore President eHealth Ohio 877-813-9750 Voice/Fax rkmoore at ehealthohio.org ----- Original Message ----- From: Brett McDowell To: Richard Moore - eHealth Ohio Cc: Ari Kermaier ; Beth Morrow ; HIM-SIG ; myisha.frazier-mcelveen at gsa.gov Sent: Tuesday, April 22, 2008 10:15 AM Subject: Re: [SIG-HIM] CCHIT Use Cases I don't know about others on this list, but I won't be able to find the time to study all of these documents in time for getting feedback out to CCHIT. So my following suggested input to CCHIT is based on my working knowledge of HITSP and not based on a detailed knowledge of these documents. I am fairly certain that several of these systems will require usage of HITSP constructs such as TP20 which contain normative reference to SAML 2.0. Based on that conclusion I believe it would be appropriate to get back to CCHIT with the following input (may need some word-smithing): On behalf of the Liberty Alliance Project -- an industry consortium representing 150 businesses, governments, and universities who have collectively developed identity management technology standards and business frameworks since 2001 and operating an internationally accepted interoperability and certification program for products and services implementing SAML 2.0 and ID-WSF since 2003 -- we strongly recommend that CCHIT analyze its certification requirements against existing standards and leverage pre-existing interoperability certification programs wherever possible as opposed to spending tax payer dollars creating all new testing programs from scratch, neglecting to leverage previous investments by industry to perform the same service. As one international organization with a pre-existing certification program that is expanding its scope, we would welcome a dialog with CCHIT to ensure our program fully aligns with and can be required by CCHIT for NHIN certifications. We would like to also point out that the United States Government, through the eAuthentication Program of the Generals Services Administration, has already done just this. GSA worked with Liberty Alliance to ensure the program met its needs and has now publicly required all products to go through that certification before being qualified for the GSA schedule. If others can come up with a more specific form of feedback to CCHIT, all the better. But this is the best I can do on such short notice. Kind Regards, P.S. I've copied Ari, Beth, David, Britta, and Myisha to help with the word-smithing :-) -- Brett On Apr 18, 2008, at 12:18 PM, Richard Moore - eHealth Ohio wrote: Here are the CCHIT use cases under comment period. More description of the process below: Rick Richard Moore President eHealth Ohio 877-813-9750 Voice/Fax rkmoore at ehealthohio.org During this public comment period, comments will be accepted related to: * Changes to the 2008 criteria since the last publication. These spreadsheet rows have been highlighted in yellow. Deletions have been marked using strikethrough font. Additions have been marked using a red font. * Changes to the test script since the pilot test. These changes have been highlighted using track changes. Deletions have been marked using red, strikethrough font. Additions have been marked using blue, underlined font. The following documents are available for review and open for public comments: * Ambulatory proposed final criteria * Child Health proposed final criteria * Ambulatory proposed final test script (includes optional test steps for additional Child Health certification) * Cardiovascular proposed final criteria * Cardiovascular proposed final test script * Network proposed final 2008 criteria * Network first draft test script * Security proposed final test script (used for Ambulatory, Emergency Department and Inpatient certification) The documents listed above will be edited based upon public comments and, pending Certification Commission approval, published as final versions for 2008 certification on May 20th, 2008. Please note: The test scripts and criteria for Emergency Department, Inpatient and Enterprise certification are not being published for this public comment period. Additional criteria validation and pilot testing are required before these documents will be published in a proposed final version for public comment. Due to this delay, adjustments will be made in the timing of the proposed final public comment period, with publication of the final versions and the initial certification application period. Additional information will be communicated as it becomes available. _______________________________________________ SIG-HIM mailing list SIG-HIM at lists.projectliberty.org http://lists.projectliberty.org/mailman/listinfo/sig-him_lists.projectliberty.org ------------------------------------------------------------------------------ _______________________________________________ SIG-HIM mailing list SIG-HIM at lists.projectliberty.org http://lists.projectliberty.org/mailman/listinfo/sig-him_lists.projectliberty.org -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.projectliberty.org/pipermail/sig-him_lists.projectliberty.org/attachments/20080422/c639f227/attachment-0001.html -------------- next part -------------- A non-text attachment was scrubbed... Name: CCHITCriteriaNETWORK2008Draft02.pdf Type: application/pdf Size: 187155 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-him_lists.projectliberty.org/attachments/20080422/c639f227/attachment-0001.pdf From brett at projectliberty.org Wed Apr 23 09:32:04 2008 From: brett at projectliberty.org (Brett McDowell) Date: Wed, 23 Apr 2008 12:32:04 -0400 Subject: [SIG-HIM] CCHIT Use Cases In-Reply-To: <01d701c8a4d4$ebb8d4c0$0400a8c0@DME3> References: <019101c8a16f$d9d9cab0$0400a8c0@DME3> <3E693633-2803-42BA-AE0D-559099036558@projectliberty.org> <01d701c8a4d4$ebb8d4c0$0400a8c0@DME3> Message-ID: Given that, should we start word-smithing my strawman so that it hits on some of your more informed points? For example, we should call out that the general statement might be more applicable in the future and may not be specific to 2008 certifications but we think it is worth pursuing a discussion with established certification programs during 2008 so our recommendation could actually be implemented in 2009 (this won't happen overnight I'm sure, it didn't happen overnight with the GSA). Perhaps we need someone to raise their hand as the editor of the collective feedback from HIM SIG to CCHIT... any volunteers? As for HITSP representation, I'm thrilled to hear that! I'll follow- up with you offline about that. -- Brett On Apr 22, 2008, at 7:59 PM, Richard Moore wrote: > Brett, > > I think your comments are appropriate. I know that CCHIT is taking > HITSP and certainly all the standards within the guidance documents > (TP20, CP19, TP30, etc described in TN900) . We probably would have > to be more specific as to what might be missing from consideration. > HITSP TN900 has a fairly long section of out-of-scope issues or > known gaps (PKI is a future requirement). > > For our current review process we might find it helpful to focus > only on the network scenarios. I didn't realize until I began to > read through these CCHIT documents that they are limited to > requirements for 2008. For reference I will attach CCHIT's earlier > document for network from the January 2008 release. If you look > through this document you will notice that the areas we are most > concerned with are 2009 or later in CCHIT's consideration. They > appear to be excluded in the CCHIT documents under comment. So I > guess CCHIT could certify a EMR for 2008 and they might de-certify > in 2009 when new requirements become agreed upon. > > One thing I seem unable to find (it just might be me not able to see > beyond all the detail)... I do not see a requirement for single sign- > on. I can't imagine the NHIN working efficiently without it being a > stated goal. > > I'd be willing to monitor HITSP for the group. I am not sure I can > commit to their meeting schedule due to my other activities. > > Rick > > Richard Moore > President > eHealth Ohio > 877-813-9750 Voice/Fax > rkmoore at ehealthohio.org > > > > ----- Original Message ----- > From: Brett McDowell > To: Richard Moore - eHealth Ohio > Cc: Ari Kermaier ; Beth Morrow ; HIM-SIG ; myisha.frazier-mcelveen at gsa.gov > Sent: Tuesday, April 22, 2008 10:15 AM > Subject: Re: [SIG-HIM] CCHIT Use Cases > > > I don't know about others on this list, but I won't be able to find > the time to study all of these documents in time for getting > feedback out to CCHIT. So my following suggested input to CCHIT is > based on my working knowledge of HITSP and not based on a detailed > knowledge of these documents. > > > I am fairly certain that several of these systems will require > usage of HITSP constructs such as TP20 which contain normative > reference to SAML 2.0. Based on that conclusion I believe it would > be appropriate to get back to CCHIT with the following input (may > need some word-smithing): > > > > On behalf of the Liberty Alliance Project -- an industry consortium > representing 150 businesses, governments, and universities who have > collectively developed identity management technology standards and > business frameworks since 2001 and operating an internationally > accepted interoperability and certification program for products and > services implementing SAML 2.0 and ID-WSF since 2003 -- we strongly > recommend that CCHIT analyze its certification requirements against > existing standards and leverage pre-existing interoperability > certification programs wherever possible as opposed to spending tax > payer dollars creating all new testing programs from scratch, > neglecting to leverage previous investments by industry to perform > the same service. As one international organization with a pre- > existing certification program that is expanding its scope, we would > welcome a dialog with CCHIT to ensure our program fully aligns with > and can be required by CCHIT for NHIN certifications. We would like > to also point out that the United States Government, through the > eAuthentication Program of the Generals Services Administration, has > already done just this. GSA worked with Liberty Alliance to ensure > the program met its needs and has now publicly required all products > to go through that certification before being qualified for the GSA > schedule. > > > > If others can come up with a more specific form of feedback to > CCHIT, all the better. But this is the best I can do on such short > notice. > > > Kind Regards, > > > P.S. > I've copied Ari, Beth, David, Britta, and Myisha to help with the > word-smithing :-) > > > -- Brett > > > On Apr 18, 2008, at 12:18 PM, Richard Moore - eHealth Ohio wrote: > > > Here are the CCHIT use cases under comment period. More > description of the process below: > > Rick > > Richard Moore > President > eHealth Ohio > 877-813-9750 Voice/Fax > rkmoore at ehealthohio.org > > > During this public comment period, comments will be accepted > related to: > > * Changes to the 2008 criteria since the last publication. These > spreadsheet rows have been highlighted in yellow. Deletions have > been > marked using strikethrough font. Additions have been marked > using a red > font. > * Changes to the test script since the pilot test. These changes > have been highlighted using track changes. Deletions have been > marked > using red, strikethrough font. Additions have been marked using > blue, > underlined font. > > The following documents are available for review and open for > public > comments: > > * Ambulatory proposed final criteria > * Child Health proposed final criteria > * Ambulatory proposed final test script (includes optional test > steps for additional Child Health certification) > * Cardiovascular proposed final criteria > * Cardiovascular proposed final test script > * Network proposed final 2008 criteria > * Network first draft test script > * Security proposed final test script (used for Ambulatory, > Emergency Department and Inpatient certification) > > The documents listed above will be edited based upon public > comments > and, pending Certification Commission approval, published as final > versions for 2008 certification on May 20th, 2008. > > Please note: The test scripts and criteria for Emergency > Department, > Inpatient and Enterprise certification are not being published > for this > public comment period. Additional criteria validation and pilot > testing > are required before these documents will be published in a proposed > final version for public comment. Due to this delay, adjustments > will be > made in the timing of the proposed final public comment period, > with > publication of the final versions and the initial certification > application period. Additional information will be communicated > as it > becomes available. > > > < > CCHITPublicComment20080417ALL > .zip>_______________________________________________ > SIG-HIM mailing list > SIG-HIM at lists.projectliberty.org > http://lists.projectliberty.org/mailman/listinfo/sig-him_lists.projectliberty.org > > > > > > ------------------------------------------------------------------------------ > > > _______________________________________________ > SIG-HIM mailing list > SIG-HIM at lists.projectliberty.org > http://lists.projectliberty.org/mailman/listinfo/sig-him_lists.projectliberty.org > From britta at projectliberty.org Wed Apr 23 10:44:02 2008 From: britta at projectliberty.org (Britta Glade) Date: Wed, 23 Apr 2008 10:44:02 -0700 Subject: [SIG-HIM] CCHIT Use Cases In-Reply-To: References: <019101c8a16f$d9d9cab0$0400a8c0@DME3> <3E693633-2803-42BA-AE0D-559099036558@projectliberty.org> <01d701c8a4d4$ebb8d4c0$0400a8c0@DME3> Message-ID: I'm happy to help "Liberty-tize", etc. for this--but a subject matter expert from this group would need to be the lead....but I can absolutely help support this from a Liberty standpoint. On 4/23/08, Brett McDowell wrote: > > Given that, should we start word-smithing my strawman so that it hits > on some of your more informed points? For example, we should call out > that the general statement might be more applicable in the future and > may not be specific to 2008 certifications but we think it is worth > pursuing a discussion with established certification programs during > 2008 so our recommendation could actually be implemented in 2009 (this > won't happen overnight I'm sure, it didn't happen overnight with the > GSA). > > Perhaps we need someone to raise their hand as the editor of the > collective feedback from HIM SIG to CCHIT... any volunteers? > > As for HITSP representation, I'm thrilled to hear that! I'll follow- > up with you offline about that. > > -- Brett > > On Apr 22, 2008, at 7:59 PM, Richard Moore wrote: > > > Brett, > > > > I think your comments are appropriate. I know that CCHIT is taking > > HITSP and certainly all the standards within the guidance documents > > (TP20, CP19, TP30, etc described in TN900) . We probably would have > > to be more specific as to what might be missing from consideration. > > HITSP TN900 has a fairly long section of out-of-scope issues or > > known gaps (PKI is a future requirement). > > > > For our current review process we might find it helpful to focus > > only on the network scenarios. I didn't realize until I began to > > read through these CCHIT documents that they are limited to > > requirements for 2008. For reference I will attach CCHIT's earlier > > document for network from the January 2008 release. If you look > > through this document you will notice that the areas we are most > > concerned with are 2009 or later in CCHIT's consideration. They > > appear to be excluded in the CCHIT documents under comment. So I > > guess CCHIT could certify a EMR for 2008 and they might de-certify > > in 2009 when new requirements become agreed upon. > > > > One thing I seem unable to find (it just might be me not able to see > > beyond all the detail)... I do not see a requirement for single sign- > > on. I can't imagine the NHIN working efficiently without it being a > > stated goal. > > > > I'd be willing to monitor HITSP for the group. I am not sure I can > > commit to their meeting schedule due to my other activities. > > > > Rick > > > > Richard Moore > > President > > eHealth Ohio > > 877-813-9750 Voice/Fax > > rkmoore at ehealthohio.org > > > > > > > > ----- Original Message ----- > > From: Brett McDowell > > To: Richard Moore - eHealth Ohio > > Cc: Ari Kermaier ; Beth Morrow ; HIM-SIG ; > myisha.frazier-mcelveen at gsa.gov > > Sent: Tuesday, April 22, 2008 10:15 AM > > Subject: Re: [SIG-HIM] CCHIT Use Cases > > > > > > I don't know about others on this list, but I won't be able to find > > the time to study all of these documents in time for getting > > feedback out to CCHIT. So my following suggested input to CCHIT is > > based on my working knowledge of HITSP and not based on a detailed > > knowledge of these documents. > > > > > > I am fairly certain that several of these systems will require > > usage of HITSP constructs such as TP20 which contain normative > > reference to SAML 2.0. Based on that conclusion I believe it would > > be appropriate to get back to CCHIT with the following input (may > > need some word-smithing): > > > > > > > > On behalf of the Liberty Alliance Project -- an industry consortium > > representing 150 businesses, governments, and universities who have > > collectively developed identity management technology standards and > > business frameworks since 2001 and operating an internationally > > accepted interoperability and certification program for products and > > services implementing SAML 2.0 and ID-WSF since 2003 -- we strongly > > recommend that CCHIT analyze its certification requirements against > > existing standards and leverage pre-existing interoperability > > certification programs wherever possible as opposed to spending tax > > payer dollars creating all new testing programs from scratch, > > neglecting to leverage previous investments by industry to perform > > the same service. As one international organization with a pre- > > existing certification program that is expanding its scope, we would > > welcome a dialog with CCHIT to ensure our program fully aligns with > > and can be required by CCHIT for NHIN certifications. We would like > > to also point out that the United States Government, through the > > eAuthentication Program of the Generals Services Administration, has > > already done just this. GSA worked with Liberty Alliance to ensure > > the program met its needs and has now publicly required all products > > to go through that certification before being qualified for the GSA > > schedule. > > > > > > > > If others can come up with a more specific form of feedback to > > CCHIT, all the better. But this is the best I can do on such short > > notice. > > > > > > Kind Regards, > > > > > > P.S. > > I've copied Ari, Beth, David, Britta, and Myisha to help with the > > word-smithing :-) > > > > > > -- Brett > > > > > > On Apr 18, 2008, at 12:18 PM, Richard Moore - eHealth Ohio wrote: > > > > > > Here are the CCHIT use cases under comment period. More > > description of the process below: > > > > Rick > > > > Richard Moore > > President > > eHealth Ohio > > 877-813-9750 Voice/Fax > > rkmoore at ehealthohio.org > > > > > > During this public comment period, comments will be accepted > > related to: > > > > * Changes to the 2008 criteria since the last publication. These > > spreadsheet rows have been highlighted in yellow. Deletions have > > been > > marked using strikethrough font. Additions have been marked > > using a red > > font. > > * Changes to the test script since the pilot test. These changes > > have been highlighted using track changes. Deletions have been > > marked > > using red, strikethrough font. Additions have been marked using > > blue, > > underlined font. > > > > The following documents are available for review and open for > > public > > comments: > > > > * Ambulatory proposed final criteria > > * Child Health proposed final criteria > > * Ambulatory proposed final test script (includes optional test > > steps for additional Child Health certification) > > * Cardiovascular proposed final criteria > > * Cardiovascular proposed final test script > > * Network proposed final 2008 criteria > > * Network first draft test script > > * Security proposed final test script (used for Ambulatory, > > Emergency Department and Inpatient certification) > > > > The documents listed above will be edited based upon public > > comments > > and, pending Certification Commission approval, published as final > > versions for 2008 certification on May 20th, 2008. > > > > Please note: The test scripts and criteria for Emergency > > Department, > > Inpatient and Enterprise certification are not being published > > for this > > public comment period. Additional criteria validation and pilot > > testing > > are required before these documents will be published in a proposed > > final version for public comment. Due to this delay, adjustments > > will be > > made in the timing of the proposed final public comment period, > > with > > publication of the final versions and the initial certification > > application period. Additional information will be communicated > > as it > > becomes available. > > > > > > < > > CCHITPublicComment20080417ALL > > .zip>_______________________________________________ > > SIG-HIM mailing list > > SIG-HIM at lists.projectliberty.org > > > http://lists.projectliberty.org/mailman/listinfo/sig-him_lists.projectliberty.org > > > > > > > > > > > > > ------------------------------------------------------------------------------ > > > > > > _______________________________________________ > > SIG-HIM mailing list > > SIG-HIM at lists.projectliberty.org > > > http://lists.projectliberty.org/mailman/listinfo/sig-him_lists.projectliberty.org > > > > > _______________________________________________ > SIG-HIM mailing list > SIG-HIM at lists.projectliberty.org > > http://lists.projectliberty.org/mailman/listinfo/sig-him_lists.projectliberty.org > -- Britta Glade Liberty Alliance 925-254-4233 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.projectliberty.org/pipermail/sig-him_lists.projectliberty.org/attachments/20080423/c95659c3/attachment-0001.html From joni at ieee-isto.org Wed Apr 23 18:11:14 2008 From: joni at ieee-isto.org (joni at ieee-isto.org) Date: Wed, 23 Apr 2008 18:11:14 -0700 Subject: [SIG-HIM] HIM SIG Conference Call Draft Minutes and Action Summary Message-ID: Hello, This HIM SIG draft minutes have been posted on the working wiki here for your review: http://wiki.projectliberty.org/index.php/HIMSIG20080418 Action Summary: ACTION: Have this call same time next Friday (on April 25) ? let?s look at the C-Chip use cases and work to make a response for input. Please feel free to contact me should I have captured any discussions incorrectly or if you request edits for incorporation. Cheers, Joni Brennan IEEE-ISTO Liberty Alliance Project Operations Manager voice:+1 732-226-4223 email: joni at projectliberty.org From rkmoore at dmeconsult.com Thu Apr 24 12:19:52 2008 From: rkmoore at dmeconsult.com (Richard Moore) Date: Thu, 24 Apr 2008 15:19:52 -0400 Subject: [SIG-HIM] CCHIT Use Cases References: <019101c8a16f$d9d9cab0$0400a8c0@DME3> <3E693633-2803-42BA-AE0D-559099036558@projectliberty.org> <01d701c8a4d4$ebb8d4c0$0400a8c0@DME3> <046001c8a57a$338a8b90$6401a8c0@VaioDesktop> Message-ID: <00e801c8a640$34837f90$0500000a@DME3> Beth, Thank you for your email of support. Are you reviewing the CCHIT Use Cases and have comments? Or are you specifically focused on SAML 2.0? Have you been testing SAML 2.0 for healthcare scenarios? If so what middleware are you using on the testbed? Do you have EMR or EHR or PHR services on the testbed? Thanks, Rick ----- Original Message ----- From: Beth Morrow To: 'Richard Moore' ; 'Brett McDowell' Cc: 'Ari Kermaier' ; 'HIM-SIG' ; myisha.frazier-mcelveen at gsa.gov ; 'Rik Drummond' Sent: Wednesday, April 23, 2008 3:42 PM Subject: RE: [SIG-HIM] CCHIT Use Cases Richard, Drummond Group runs the SAML 2.0 testing for the Liberty Interoperable program and other types of interoperability testing as well. Please let us know how we can assist you in this effort. Beth Morrow President Drummond Group Inc. www.drummondgroup.com phone:512-335-5606 ------------------------------------------------------------------------------ From: Richard Moore [mailto:rkmoore at dmeconsult.com] Sent: Tuesday, April 22, 2008 6:59 PM To: Brett McDowell Cc: Ari Kermaier; Beth Morrow; HIM-SIG; myisha.frazier-mcelveen at gsa.gov Subject: Re: [SIG-HIM] CCHIT Use Cases Brett, I think your comments are appropriate. I know that CCHIT is taking HITSP and certainly all the standards within the guidance documents (TP20, CP19, TP30, etc described in TN900) . We probably would have to be more specific as to what might be missing from consideration. HITSP TN900 has a fairly long section of out-of-scope issues or known gaps (PKI is a future requirement). For our current review process we might find it helpful to focus only on the network scenarios. I didn't realize until I began to read through these CCHIT documents that they are limited to requirements for 2008. For reference I will attach CCHIT's earlier document for network from the January 2008 release. If you look through this document you will notice that the areas we are most concerned with are 2009 or later in CCHIT's consideration. They appear to be excluded in the CCHIT documents under comment. So I guess CCHIT could certify a EMR for 2008 and they might de-certify in 2009 when new requirements become agreed upon. One thing I seem unable to find (it just might be me not able to see beyond all the detail)... I do not see a requirement for single sign-on. I can't imagine the NHIN working efficiently without it being a stated goal. I'd be willing to monitor HITSP for the group. I am not sure I can commit to their meeting schedule due to my other activities. Rick Richard Moore President eHealth Ohio 877-813-9750 Voice/Fax rkmoore at ehealthohio.org ----- Original Message ----- From: Brett McDowell To: Richard Moore - eHealth Ohio Cc: Ari Kermaier ; Beth Morrow ; HIM-SIG ; myisha.frazier-mcelveen at gsa.gov Sent: Tuesday, April 22, 2008 10:15 AM Subject: Re: [SIG-HIM] CCHIT Use Cases I don't know about others on this list, but I won't be able to find the time to study all of these documents in time for getting feedback out to CCHIT. So my following suggested input to CCHIT is based on my working knowledge of HITSP and not based on a detailed knowledge of these documents. I am fairly certain that several of these systems will require usage of HITSP constructs such as TP20 which contain normative reference to SAML 2.0. Based on that conclusion I believe it would be appropriate to get back to CCHIT with the following input (may need some word-smithing): On behalf of the Liberty Alliance Project -- an industry consortium representing 150 businesses, governments, and universities who have collectively developed identity management technology standards and business frameworks since 2001 and operating an internationally accepted interoperability and certification program for products and services implementing SAML 2.0 and ID-WSF since 2003 -- we strongly recommend that CCHIT analyze its certification requirements against existing standards and leverage pre-existing interoperability certification programs wherever possible as opposed to spending tax payer dollars creating all new testing programs from scratch, neglecting to leverage previous investments by industry to perform the same service. As one international organization with a pre-existing certification program that is expanding its scope, we would welcome a dialog with CCHIT to ensure our program fully aligns with and can be required by CCHIT for NHIN certifications. We would like to also point out that the United States Government, through the eAuthentication Program of the Generals Services Administration, has already done just this. GSA worked with Liberty Alliance to ensure the program met its needs and has now publicly required all products to go through that certification before being qualified for the GSA schedule. If others can come up with a more specific form of feedback to CCHIT, all the better. But this is the best I can do on such short notice. Kind Regards, P.S. I've copied Ari, Beth, David, Britta, and Myisha to help with the word-smithing :-) -- Brett On Apr 18, 2008, at 12:18 PM, Richard Moore - eHealth Ohio wrote: Here are the CCHIT use cases under comment period. More description of the process below: Rick Richard Moore President eHealth Ohio 877-813-9750 Voice/Fax rkmoore at ehealthohio.org During this public comment period, comments will be accepted related to: * Changes to the 2008 criteria since the last publication. These spreadsheet rows have been highlighted in yellow. Deletions have been marked using strikethrough font. Additions have been marked using a red font. * Changes to the test script since the pilot test. These changes have been highlighted using track changes. Deletions have been marked using red, strikethrough font. Additions have been marked using blue, underlined font. The following documents are available for review and open for public comments: * Ambulatory proposed final criteria * Child Health proposed final criteria * Ambulatory proposed final test script (includes optional test steps for additional Child Health certification) * Cardiovascular proposed final criteria * Cardiovascular proposed final test script * Network proposed final 2008 criteria * Network first draft test script * Security proposed final test script (used for Ambulatory, Emergency Department and Inpatient certification) The documents listed above will be edited based upon public comments and, pending Certification Commission approval, published as final versions for 2008 certification on May 20th, 2008. Please note: The test scripts and criteria for Emergency Department, Inpatient and Enterprise certification are not being published for this public comment period. Additional criteria validation and pilot testing are required before these documents will be published in a proposed final version for public comment. Due to this delay, adjustments will be made in the timing of the proposed final public comment period, with publication of the final versions and the initial certification application period. Additional information will be communicated as it becomes available. _______________________________________________ SIG-HIM mailing list SIG-HIM at lists.projectliberty.org http://lists.projectliberty.org/mailman/listinfo/sig-him_lists.projectliberty.org ---------------------------------------------------------------------------- _______________________________________________ SIG-HIM mailing list SIG-HIM at lists.projectliberty.org http://lists.projectliberty.org/mailman/listinfo/sig-him_lists.projectliberty.org No virus found in this incoming message. Checked by AVG. Version: 7.5.524 / Virus Database: 269.23.3/1393 - Release Date: 4/23/2008 8:12 AM No virus found in this outgoing message. Checked by AVG. Version: 7.5.524 / Virus Database: 269.23.3/1393 - Release Date: 4/23/2008 8:12 AM -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.projectliberty.org/pipermail/sig-him_lists.projectliberty.org/attachments/20080424/7d5b74f1/attachment-0001.html From beth at drummondgroup.com Wed Apr 23 12:42:43 2008 From: beth at drummondgroup.com (Beth Morrow) Date: Wed, 23 Apr 2008 14:42:43 -0500 Subject: [SIG-HIM] CCHIT Use Cases In-Reply-To: <01d701c8a4d4$ebb8d4c0$0400a8c0@DME3> References: <019101c8a16f$d9d9cab0$0400a8c0@DME3> <3E693633-2803-42BA-AE0D-559099036558@projectliberty.org> <01d701c8a4d4$ebb8d4c0$0400a8c0@DME3> Message-ID: <046001c8a57a$338a8b90$6401a8c0@VaioDesktop> Richard, Drummond Group runs the SAML 2.0 testing for the Liberty Interoperable program and other types of interoperability testing as well. Please let us know how we can assist you in this effort. Beth Morrow President Drummond Group Inc. HYPERLINK "http://www.drummondgroup.com/"www.drummondgroup.com phone:512-335-5606 _____ From: Richard Moore [mailto:rkmoore at dmeconsult.com] Sent: Tuesday, April 22, 2008 6:59 PM To: Brett McDowell Cc: Ari Kermaier; Beth Morrow; HIM-SIG; myisha.frazier-mcelveen at gsa.gov Subject: Re: [SIG-HIM] CCHIT Use Cases Brett, I think your comments are appropriate. I know that CCHIT is taking HITSP and certainly all the standards within the guidance documents (TP20, CP19, TP30, etc described in TN900) . We probably would have to be more specific as to what might be missing from consideration. HITSP TN900 has a fairly long section of out-of-scope issues or known gaps (PKI is a future requirement). For our current review process we might find it helpful to focus only on the network scenarios. I didn't realize until I began to read through these CCHIT documents that they are limited to requirements for 2008. For reference I will attach CCHIT's earlier document for network from the January 2008 release. If you look through this document you will notice that the areas we are most concerned with are 2009 or later in CCHIT's consideration. They appear to be excluded in the CCHIT documents under comment. So I guess CCHIT could certify a EMR for 2008 and they might de-certify in 2009 when new requirements become agreed upon. One thing I seem unable to find (it just might be me not able to see beyond all the detail)... I do not see a requirement for single sign-on. I can't imagine the NHIN working efficiently without it being a stated goal. I'd be willing to monitor HITSP for the group. I am not sure I can commit to their meeting schedule due to my other activities. Rick Richard Moore President eHealth Ohio 877-813-9750 Voice/Fax HYPERLINK "mailto:rkmoore at ehealthohio.org"rkmoore at ehealthohio.org ----- Original Message ----- From: HYPERLINK "mailto:brett at projectliberty.org"Brett McDowell To: HYPERLINK "mailto:rkmoore at ehealthohio.org"Richard Moore - eHealth Ohio Cc: HYPERLINK "mailto:ari.kermaier at oracle.com"Ari Kermaier ; HYPERLINK "mailto:Beth at drummondgroup.com"Beth Morrow ; HYPERLINK "mailto:sig-him at lists.projectliberty.org"HIM-SIG ; HYPERLINK "mailto:myisha.frazier-mcelveen at gsa.gov"myisha.frazier-mcelveen at gsa.gov Sent: Tuesday, April 22, 2008 10:15 AM Subject: Re: [SIG-HIM] CCHIT Use Cases I don't know about others on this list, but I won't be able to find the time to study all of these documents in time for getting feedback out to CCHIT. So my following suggested input to CCHIT is based on my working knowledge of HITSP and not based on a detailed knowledge of these documents. I am fairly certain that several of these systems will require usage of HITSP constructs such as TP20 which contain normative reference to SAML 2.0. Based on that conclusion I believe it would be appropriate to get back to CCHIT with the following input (may need some word-smithing): On behalf of the Liberty Alliance Project -- an industry consortium representing 150 businesses, governments, and universities who have collectively developed identity management technology standards and business frameworks since 2001 and operating an internationally accepted interoperability and certification program for products and services implementing SAML 2.0 and ID-WSF since 2003 -- we strongly recommend that CCHIT analyze its certification requirements against existing standards and leverage pre-existing interoperability certification programs wherever possible as opposed to spending tax payer dollars creating all new testing programs from scratch, neglecting to leverage previous investments by industry to perform the same service. As one international organization with a pre-existing certification program that is expanding its scope, we would welcome a dialog with CCHIT to ensure our program fully aligns with and can be required by CCHIT for NHIN certifications. We would like to also point out that the United States Government, through the eAuthentication Program of the Generals Services Administration, has already done just this. GSA worked with Liberty Alliance to ensure the program met its needs and has now publicly required all products to go through that certification before being qualified for the GSA schedule. If others can come up with a more specific form of feedback to CCHIT, all the better. But this is the best I can do on such short notice. Kind Regards, P.S. I've copied Ari, Beth, David, Britta, and Myisha to help with the word-smithing :-) -- Brett On Apr 18, 2008, at 12:18 PM, Richard Moore - eHealth Ohio wrote: Here are the CCHIT use cases under comment period. More description of the process below: Rick Richard Moore President eHealth Ohio 877-813-9750 Voice/Fax HYPERLINK "mailto:rkmoore at ehealthohio.org"rkmoore at ehealthohio.org During this public comment period, comments will be accepted related to: * Changes to the 2008 criteria since the last publication. These spreadsheet rows have been highlighted in yellow. Deletions have been marked using strikethrough font. Additions have been marked using a red font. * Changes to the test script since the pilot test. These changes have been highlighted using track changes. Deletions have been marked using red, strikethrough font. Additions have been marked using blue, underlined font. The following documents are available for review and open for public comments: * Ambulatory proposed final criteria * Child Health proposed final criteria * Ambulatory proposed final test script (includes optional test steps for additional Child Health certification) * Cardiovascular proposed final criteria * Cardiovascular proposed final test script * Network proposed final 2008 criteria * Network first draft test script * Security proposed final test script (used for Ambulatory, Emergency Department and Inpatient certification) The documents listed above will be edited based upon public comments and, pending Certification Commission approval, published as final versions for 2008 certification on May 20th, 2008. Please note: The test scripts and criteria for Emergency Department, Inpatient and Enterprise certification are not being published for this public comment period. Additional criteria validation and pilot testing are required before these documents will be published in a proposed final version for public comment. Due to this delay, adjustments will be made in the timing of the proposed final public comment period, with publication of the final versions and the initial certification application period. Additional information will be communicated as it becomes available. _________________________________________ ______ SIG-HIM mailing list HYPERLINK "mailto:SIG-HIM at lists.projectliberty.org"SIG-HIM at lists.projectliberty.org HYPERLINK "http://lists.projectliberty.org/mailman/listinfo/sig-him_lists.projectliber ty.org"http://lists.projectliberty.org/mailman/listinfo/sig-him_lists.projec tliberty.org _____ _______________________________________________ SIG-HIM mailing list SIG-HIM at lists.projectliberty.org http://lists.projectliberty.org/mailman/listinfo/sig-him_lists.projectlibert y.org No virus found in this incoming message. Checked by AVG. Version: 7.5.524 / Virus Database: 269.23.3/1393 - Release Date: 4/23/2008 8:12 AM No virus found in this outgoing message. Checked by AVG. Version: 7.5.524 / Virus Database: 269.23.3/1393 - Release Date: 4/23/2008 8:12 AM -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.projectliberty.org/pipermail/sig-him_lists.projectliberty.org/attachments/20080423/d35a2fa1/attachment-0001.html From beth at drummondgroup.com Thu Apr 24 17:13:26 2008 From: beth at drummondgroup.com (Beth Morrow) Date: Thu, 24 Apr 2008 19:13:26 -0500 Subject: [SIG-HIM] CCHIT Use Cases In-Reply-To: <00e801c8a640$34837f90$0500000a@DME3> References: <019101c8a16f$d9d9cab0$0400a8c0@DME3> <3E693633-2803-42BA-AE0D-559099036558@projectliberty.org> <01d701c8a4d4$ebb8d4c0$0400a8c0@DME3> <046001c8a57a$338a8b90$6401a8c0@VaioDesktop> <00e801c8a640$34837f90$0500000a@DME3> Message-ID: <006e01c8a669$2f896710$6401a8c0@VaioDesktop> Rick, Drummond Group has been focused on SAML 2.0 interoperability testing for Liberty. Interesting that you would bring up healthcare scenarios for SAML because we do have an interoperability test starting in July. It might be interesting to discuss how we might leverage these healthcare scenarios in an upcoming Liberty interop test/certification. Your questions about testbeds tells me that we have some information sharing to do on the method utilized for the SAML interoperability testing and the background behind it. I?d like to suggest a conversation with Rik Drummond, our CEO who is copied on this email. And I was unaware that the CCHIT use cases under review pertained to SAML this year. I thought this was further out In CCHIT?s plans. But, given Liberty?s investment in a certification program for SAML and ID-WSF over the years, we obviously would like to see CCHIT honor this work as they go forward. Beth _____ From: Richard Moore [mailto:rkmoore at dmeconsult.com] Sent: Thursday, April 24, 2008 2:20 PM To: Beth Morrow; 'Brett McDowell' Cc: 'Ari Kermaier'; 'HIM-SIG'; myisha.frazier-mcelveen at gsa.gov; 'Rik Drummond' Subject: Re: [SIG-HIM] CCHIT Use Cases Beth, Thank you for your email of support. Are you reviewing the CCHIT Use Cases and have comments? Or are you specifically focused on SAML 2.0? Have you been testing SAML 2.0 for healthcare scenarios? If so what middleware are you using on the testbed? Do you have EMR or EHR or PHR services on the testbed? Thanks, Rick ----- Original Message ----- From: HYPERLINK "mailto:beth at drummondgroup.com"Beth Morrow To: HYPERLINK "mailto:rkmoore at dmeconsult.com"'Richard Moore' ; HYPERLINK "mailto:brett at projectliberty.org"'Brett McDowell' Cc: HYPERLINK "mailto:ari.kermaier at oracle.com"'Ari Kermaier' ; HYPERLINK "mailto:sig-him at lists.projectliberty.org"'HIM-SIG' ; HYPERLINK "mailto:myisha.frazier-mcelveen at gsa.gov"myisha.frazier-mcelveen at gsa.gov ; HYPERLINK "mailto:rikd at drummondgroup.com"'Rik Drummond' Sent: Wednesday, April 23, 2008 3:42 PM Subject: RE: [SIG-HIM] CCHIT Use Cases Richard, Drummond Group runs the SAML 2.0 testing for the Liberty Interoperable program and other types of interoperability testing as well. Please let us know how we can assist you in this effort. Beth Morrow President Drummond Group Inc. HYPERLINK "http://www.drummondgroup.com"www.drummondgroup.com phone:512-335-5606 _____ From: Richard Moore [mailto:rkmoore at dmeconsult.com] Sent: Tuesday, April 22, 2008 6:59 PM To: Brett McDowell Cc: Ari Kermaier; Beth Morrow; HIM-SIG; HYPERLINK "mailto:myisha.frazier-mcelveen at gsa.gov"myisha.frazier-mcelveen at gsa.gov Subject: Re: [SIG-HIM] CCHIT Use Cases Brett, I think your comments are appropriate. I know that CCHIT is taking HITSP and certainly all the standards within the guidance documents (TP20, CP19, TP30, etc described in TN900) . We probably would have to be more specific as to what might be missing from consideration. HITSP TN900 has a fairly long section of out-of-scope issues or known gaps (PKI is a future requirement). For our current review process we might find it helpful to focus only on the network scenarios. I didn't realize until I began to read through these CCHIT documents that they are limited to requirements for 2008. For reference I will attach CCHIT's earlier document for network from the January 2008 release. If you look through this document you will notice that the areas we are most concerned with are 2009 or later in CCHIT's consideration. They appear to be excluded in the CCHIT documents under comment. So I guess CCHIT could certify a EMR for 2008 and they might de-certify in 2009 when new requirements become agreed upon. One thing I seem unable to find (it just might be me not able to see beyond all the detail)... I do not see a requirement for single sign-on. I can't imagine the NHIN working efficiently without it being a stated goal. I'd be willing to monitor HITSP for the group. I am not sure I can commit to their meeting schedule due to my other activities. Rick Richard Moore President eHealth Ohio 877-813-9750 Voice/Fax HYPERLINK "mailto:rkmoore at ehealthohio.org"rkmoore at ehealthohio.org ----- Original Message ----- From: HYPERLINK "mailto:brett at projectliberty.org"Brett McDowell To: HYPERLINK "mailto:rkmoore at ehealthohio.org"Richard Moore - eHealth Ohio Cc: HYPERLINK "mailto:ari.kermaier at oracle.com"Ari Kermaier ; HYPERLINK "mailto:Beth at drummondgroup.com"Beth Morrow ; HYPERLINK "mailto:sig-him at lists.projectliberty.org"HIM-SIG ; HYPERLINK "mailto:myisha.frazier-mcelveen at gsa.gov"myisha.frazier-mcelveen at gsa.gov Sent: Tuesday, April 22, 2008 10:15 AM Subject: Re: [SIG-HIM] CCHIT Use Cases I don't know about others on this list, but I won't be able to find the time to study all of these documents in time for getting feedback out to CCHIT. So my following suggested input to CCHIT is based on my working knowledge of HITSP and not based on a detailed knowledge of these documents. I am fairly certain that several of these systems will require usage of HITSP constructs such as TP20 which contain normative reference to SAML 2.0. Based on that conclusion I believe it would be appropriate to get back to CCHIT with the following input (may need some word-smithing): On behalf of the Liberty Alliance Project -- an industry consortium representing 150 businesses, governments, and universities who have collectively developed identity management technology standards and business frameworks since 2001 and operating an internationally accepted interoperability and certification program for products and services implementing SAML 2.0 and ID-WSF since 2003 -- we strongly recommend that CCHIT analyze its certification requirements against existing standards and leverage pre-existing interoperability certification programs wherever possible as opposed to spending tax payer dollars creating all new testing programs from scratch, neglecting to leverage previous investments by industry to perform the same service. As one international organization with a pre-existing certification program that is expanding its scope, we would welcome a dialog with CCHIT to ensure our program fully aligns with and can be required by CCHIT for NHIN certifications. We would like to also point out that the United States Government, through the eAuthentication Program of the Generals Services Administration, has already done just this. GSA worked with Liberty Alliance to ensure the program met its needs and has now publicly required all products to go through that certification before being qualified for the GSA schedule. If others can come up with a more specific form of feedback to CCHIT, all the better. But this is the best I can do on such short notice. Kind Regards, P.S. I've copied Ari, Beth, David, Britta, and Myisha to help with the word-smithing :-) -- Brett On Apr 18, 2008, at 12:18 PM, Richard Moore - eHealth Ohio wrote: Here are the CCHIT use cases under comment period. More description of the process below: Rick Richard Moore President eHealth Ohio 877-813-9750 Voice/Fax HYPERLINK "mailto:rkmoore at ehealthohio.org"rkmoore at ehealthohio.org During this public comment period, comments will be accepted related to: * Changes to the 2008 criteria since the last publication. These spreadsheet rows have been highlighted in yellow. Deletions have been marked using strikethrough font. Additions have been marked using a red font. * Changes to the test script since the pilot test. These changes have been highlighted using track changes. Deletions have been marked using red, strikethrough font. Additions have been marked using blue, underlined font. The following documents are available for review and open for public comments: * Ambulatory proposed final criteria * Child Health proposed final criteria * Ambulatory proposed final test script (includes optional test steps for additional Child Health certification) * Cardiovascular proposed final criteria * Cardiovascular proposed final test script * Network proposed final 2008 criteria * Network first draft test script * Security proposed final test script (used for Ambulatory, Emergency Department and Inpatient certification) The documents listed above will be edited based upon public comments and, pending Certification Commission approval, published as final versions for 2008 certification on May 20th, 2008. Please note: The test scripts and criteria for Emergency Department, Inpatient and Enterprise certification are not being published for this public comment period. Additional criteria validation and pilot testing are required before these documents will be published in a proposed final version for public comment. Due to this delay, adjustments will be made in the timing of the proposed final public comment period, with publication of the final versions and the initial certification application period. Additional information will be communicated as it becomes available. _________________________________________ ______ SIG-HIM mailing list HYPERLINK "mailto:SIG-HIM at lists.projectliberty.org"SIG-HIM at lists.projectliberty.org HYPERLINK "http://lists.projectliberty.org/mailman/listinfo/sig-him_lists.projectliber ty.org"http://lists.projectliberty.org/mailman/listinfo/sig-him_lists.projec tliberty.org _____ _______________________________________________ SIG-HIM mailing list SIG-HIM at lists.projectliberty.org http://lists.projectliberty.org/mailman/listinfo/sig-him_lists.projectlibert y.org No virus found in this incoming message. Checked by AVG. Version: 7.5.524 / Virus Database: 269.23.3/1393 - Release Date: 4/23/2008 8:12 AM No virus found in this outgoing message. Checked by AVG. Version: 7.5.524 / Virus Database: 269.23.3/1393 - Release Date: 4/23/2008 8:12 AM No virus found in this incoming message. Checked by AVG. Version: 7.5.524 / Virus Database: 269.23.4/1395 - Release Date: 4/24/2008 7:24 AM No virus found in this outgoing message. Checked by AVG. Version: 7.5.524 / Virus Database: 269.23.4/1395 - Release Date: 4/24/2008 7:24 AM -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.projectliberty.org/pipermail/sig-him_lists.projectliberty.org/attachments/20080424/04b5477d/attachment-0001.html From john.fraser at mednet.org Fri Apr 25 06:51:44 2008 From: john.fraser at mednet.org (John Fraser) Date: Fri, 25 Apr 2008 08:51:44 -0500 Subject: [SIG-HIM] CCHIT - Adrift without Liberty ?? - Meeting reminder today, 10 am Central US time Message-ID: Health Identity Management SIG - Liberty Alliance We have a special meeting today to discuss our input to CCHIT as it relates to our Liberty standards and what we'd like to say to CCHIT. Please join us for a focused discussion on this. Below I have some draft language from Brett McDowell, Executive Director of Liberty, the call to action from CCHIT, and some clarification by Deborah Lafky, ONH, on what CCHIT is. Please join us if you can! *Special Call - Discussion of Use Cases and CCHIT Responses** Friday, April 25, 2008 - Time: 10:00 - 11:00 Central US time (4 p.m. GMT) US toll-free number: 866-469-3239 US toll number: 650-429-3300 Meeting Number or Access Code: 57684181# John Fraser Co-chair On behalf of the Liberty Alliance Project: Liberty is an industry consortium representing 150 businesses, governments, and universities who have collectively developed identity management technology standards and business frameworks since 2001 and operating an internationally accepted interoperability and certification program for products and services implementing SAML 2.0 and ID-WSF since 2003. We strongly recommend that CCHIT analyze its certification requirements against these existing standards and leverage pre-existing interoperability certification programs wherever possible as opposed to spending tax payer dollars creating all new testing programs from scratch, neglecting to leverage previous investments by industry to perform the same service. As Liberty is one international organization with a pre-existing certification program that has recently been expanding its health care scope, we would welcome a dialog with CCHIT to ensure our program fully aligns with and can be required by CCHIT for NHIN certifications. We would like to also point out that the United States Government, through the eAuthentication Program of the Generals Services Administration, has done just this. GSA worked with Liberty Alliance to ensure the program met its needs and has now publicly required all products to go through that certification before being qualified for the GSA schedule. MAY 5th DEADLINE: CALL FOR STANDARDS ORGANIZATIONS' PARTICIPATION IN THE HITSP INFORMATION INTERCHANGE SUBCOMMITTEE - Response Requested no later than May 5, 2008. At the HITSP Board meeting on November 20, 2006, it was agreed to establish the Foundations Committee. The Board approved the committee's terms of reference which included an outline of committee work products. The Foundations Committee is to develop recommendations for implementing the standards harmonization objectives necessary to achieve HITSP's primary goal of interoperability. The five objectives are: 1. Context/Information Model - establishing a common reference information model (and subordinate models) to support clinical, public health, financial, and administrative healthcare functions. 2. Terminology/Content Definition - establishing common reference terminology models and data content specifications that are integrated with the information model(s). 3. Privacy and Security - establishing a common security framework. 4. Methodology- establishing a common methodology/process that all standards organizations and code set maintainers will follow to achieve standards harmonization. 5. Information Interchange - establishing a common information interchange format and standards-based application roles and interactions in a comprehensive dynamic model. Brett, I thought I would point out that CCHIT is not a governmental entity. It is a public-private organization governed by a body of commissioners representing all sectors of HIT as well as consumers. HHS does contract with CCHIT for services and has a seat among the other commissioners. CCHIT, I would note, is committed to aligning with HITSP standards. CCHIT and HITSP work closely together to maintain this alignment. I would be happy to brief you further if it would be helpful and to introduce you to a CCHIT staff liaison. Kind regards, Deborah Lafky, MSIS, Ph.D., CISSP Office of Interoperability and Standards Office of the National Coordinator for Health Information Technology (ONC) Department of Health and Human Services Washington, D.C. 20201 (202) 690-6386 (direct) (202) 205-9467 (fax) Deborah.Lafky at hhs.gov John Fraser, CEO MEDNET USA 333 Washington Ave North, Suite 208 Minneapolis, MN 55401 US Telephone: +1 612.435.7602 Fax: +1 612.435.7601 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.projectliberty.org/pipermail/sig-him_lists.projectliberty.org/attachments/20080425/c4497ac3/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: image/png Size: 168 bytes Desc: image001.png Url : http://lists.projectliberty.org/pipermail/sig-him_lists.projectliberty.org/attachments/20080425/c4497ac3/attachment.png From rkmoore at dmeconsult.com Fri Apr 25 08:22:49 2008 From: rkmoore at dmeconsult.com (Richard Moore) Date: Fri, 25 Apr 2008 11:22:49 -0400 Subject: [SIG-HIM] CCHITTestScriptNETWORK2008FirstDraft.doc Message-ID: <02ea01c8a6e8$4093a320$0500000a@DME3> -------------- next part -------------- A non-text attachment was scrubbed... Name: CCHITTestScriptNETWORK2008FirstDraft_.doc Type: application/msword Size: 179200 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-him_lists.projectliberty.org/attachments/20080425/e77e6903/attachment-0001.doc From Deborah.Lafky at hhs.gov Fri Apr 25 09:13:46 2008 From: Deborah.Lafky at hhs.gov (Lafky, Deborah (HHS/ONC)) Date: Fri, 25 Apr 2008 12:13:46 -0400 Subject: [SIG-HIM] SIG-HIM Digest, Vol 3, Issue 13 References: Message-ID: All, Sorry I was unable to listen in to the meeting today due to other obligations. I hope that the group took into consideration investigating more fully the CCHIT process and progress, together with its relationship to HITSP and standards bodies in general prior to presenting input/feedback. As I have offered to Brett previously, I am more than willing to facilitate a briefing by CCHIT staff and myself. Deborah Lafky, MSIS, Ph.D., CISSP Office of Interoperability and Standards Office of the National Coordinator for Health Information Technology (ONC) Department of Health and Human Services Washington, D.C. 20201 (202) 690-6386 (direct) (202) 205-9467 (fax) Deborah.Lafky at hhs.gov ________________________________ From: sig-him-bounces at lists.projectliberty.org on behalf of sig-him-request at lists.projectliberty.org Sent: Fri 4/25/2008 11:23 AM To: sig-him at lists.projectliberty.org Subject: SIG-HIM Digest, Vol 3, Issue 13 Send SIG-HIM mailing list submissions to sig-him at lists.projectliberty.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.projectliberty.org/mailman/listinfo/sig-him_lists.projectliberty.org or, via email, send a message with subject or body 'help' to sig-him-request at lists.projectliberty.org You can reach the person managing the list at sig-him-owner at lists.projectliberty.org When replying, please edit your Subject line so it is more specific than "Re: Contents of SIG-HIM digest..." Today's Topics: 1. CCHIT - Adrift without Liberty ?? - Meeting reminder today, 10 am Central US time (John Fraser) 2. CCHITTestScriptNETWORK2008FirstDraft.doc (Richard Moore) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 6140 bytes Desc: not available Url : http://lists.projectliberty.org/pipermail/sig-him_lists.projectliberty.org/attachments/20080425/c7ddeb78/attachment.bin From lara.zimberoff at mednet.org Wed Apr 30 15:59:06 2008 From: lara.zimberoff at mednet.org (Lara Zimberoff) Date: Wed, 30 Apr 2008 17:59:06 -0500 Subject: [SIG-HIM] Cancellation of 5/2 HIM SIG call Message-ID: Health Identity Management, Special Interest Group of the Liberty Alliance The call scheduled for Friday, May 2nd, 2008 has been cancelled. The next regularly scheduled call will take place Friday, May 16th, 2008 from 10:00 am to 11:00 am US Central (4:00 pm to 5:00 pm GMT). Please check our wiki for call-in times and numbers at the link below. http://wiki.projectliberty.org/index.php/Health_Identity_Management_SIG Thank you, and we look forward to having you on the next call. Lara Zimberoff MEDNET USA ------------------------------- Phone: 612-435-7600 Fax: 612-435-7601 www.MEDNET.org 333 Washington Ave N, Suite 208 Minneapolis, MN 55401 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.projectliberty.org/pipermail/sig-him_lists.projectliberty.org/attachments/20080430/f9ab5e7b/attachment.html