PD+-+Sprint+Team+Meeting+Minutes+2011-07-01


 * Meeting Date:** 07/01/2011
 * Meeting Title:** PD Sprint Team Meeting Session 5

Agenda/Objectives:

 * **Topic** || **Time Allotted** ||
 * Initiative Scope Revision and Next Steps || 30 minutes ||
 * Review of Comments on Query for Digital Certificate Use Case || 80 minutes ||
 * Updates on Query for Electronic Address Use Case || 5 minutes ||
 * Sprint Team Logistics / Next Steps and Questions || 5 minutes ||

Workgroup Attendees:
Ananya Gupta, David Tao, lin wan, mary-sara jones, Jas Singh, Kory Mertz, Rao Parvatam, Heather Stevens, Vincent Lewis, Terri Skalabrin, Smriti Singal, Aleena Dhar, Ernest Grove, Bob Yencha, bill pankey, Jennifer Sisto, Tynisha Carter, annamarie saarinen, Robert Dieterle, Karen Witting, Emily Mitchell, Steve Rushing, Jitin Asnaani, Chris Andreou, Arthur Hedge, Nitin Jain, Eric Heflin, Ed Larsen, Paul Cartland, Walter Suarez, Rick Marolt, Joy Styrcula, Robert Thurston, David Susanto, Derrick Evans, Sri Koka, Scott Chapin, Seonho Kim, Dan Chaput, lori fourquet, Ron Sawdey, van nguyen, Donna Jones, McLain Causey, Diana Massey, Arien Malec, Lester Keepper

Panelist Attendees:
Jitin Asnaani, Arien Malec, Virginia Riehl, Victoria Njoku

**Action Items:**

 * Date || Description || Status || Notes ||
 * 7/1/2011 || Develop //Query for Digital Certificate Use Case for Direct Project//, leveraging work done on the //Query for Digital Certificate Use Case (for directed exchange)// || OPEN || SWG and Sprint Team Members ||
 * 7/1/2011 || Recruit Direct Project Rules of the Road WG members to share insights in the development of the subsequent standards harmonization || In Progress || Harmonization Support Leads ||
 * 7/1/2011 || Complete consensus on //Query for Digital Certificate Use Case (for directed exchange)// || OPEN || Committed Members ||
 * 7/1/2011 || Complete current work on the //Query for Electronic Address Use Case// || OPEN || Sprint Team Members ||
 * TBD || Invite Jitin to future meetings to discuss and clarify scope on mini-harmonization effort as needed for electronic address discovery work stream || OPEN || Harmonization Support Leads ||
 * 7/1/2011 || Gauge interest in continuing to explore standards harmonization for electronic address discovery (and/or other outcomes) through a Community-driven initiative || OPEN || Support Leads ||
 * 7/1/2011 || Review posted Meeting Minutes for Sprint Team and SWG meetings and provide any corrections || OPEN || Sprint Team Members ||

Key Discussion Points:

 * The PD Initiative Charter has been revised to reflect recent feedback from the HIT Standards Committee, lessons learned from earlier work within Provider Directories, and prioritization by the S&I Steering team
 * There is an urgent need for certificate discovery within the Direct Project, so the first work stream would be narrowed to focus on querying to discover digital certificates using a Direct Address. This work is a priority to meet the anticipated objectives and current timeline of Meaningful Use Stage 2 as well as the HIT Standards Committee’s mandate.
 * Moving forward, the proposed scope is on standards for certificate discovery for Direct Project implementations only to be achieved by end of August and facilitated by S&I Support Team
 * The community was encouraged to take the lead on focusing on identifying standards for certificate discovery for other types of directed exchange. This will be community-driven (i.e., optional), that is facilitated by Community Leads and with a timeline driven by the community
 * Given the need in the community to develop Provider Directories and have them support queries to discover electronic addresses, the second work stream will focus on developing the Use Case and also address the core data set, data model, and schema that are needed to support such queries
 * The timeline to complete this effort is also end of August
 * In terms of standards, S&I Steering team feels that content and vocabulary standards (that can be mapped to standards like LDAP and microdata) should be the first priority and are the most important use of taxpayer funded resources at this time.
 * As ONC is unable to support the standards piece financially, the community was encouraged to take the lead on identifying standards for electronic address discovery. This will be community-driven (i.e., optional), that is facilitated by Community Leads and with a timeline driven by the community
 * There was strong preference to include the mapping of the data model to HPD in addition to LDAP and microdata.
 * Some workgroup members requested for more clarification on the rationale for revising the Charter and scope and it was provided
 * Some concerns were raised about:
 * The lack of transparency and public input in making the decisions. It was clarified the discussion emerged from recent HITSC meetings which the public can contribute
 * No focus on standards and interoperability for the second work stream which is the key purpose of the S&I Framework
 * Potential unforeseen scope changes downstream
 * The title of the Initiative being misleading and recommendation to change it

Resolution(s):

 * For the certificate discovery work stream, the Sprint Team will focus on making revisions to the first Use Case to derive a Use Case for discovering the certificates when a Direct address is known. Harmonization would conduct an analysis of the standards afterwards.
 * The community should also complete the consensus process for the original Use Case for directed exchanges and complete subsequent work should they choose
 * For the electronic address discovery work stream, the development of the Use Case will continue and the focus afterwards will be on the core data set, data model, and schema that are needed to support such queries as well mapping the data model to LDAP, microdata, and HPD.
 * The focus is on the messaging and content, not implementation
 * The community is welcome to continue work on standards should they choose to do so without S&I Framework support.
 * Any Sprint Team member should share recommendations on alternative names for the Initiative with Jitin via email to consider for changing the current name

Key Discussion Points:

 * Given the elimination of statements within the Use Case around the need for authorization to query for a digital certificate, additional assumptions were presented to the group to counteract potential issues and risks related to fraudulent queries when no authorization is provided by the owner of the certificate, spam messages that providers may receive, as well as misuse of the certificate.
 * Part of the conversation focused on the statement of assumption “ONC will issue guidance or standards” and its related assumption statements
 * Some workgroup members indicated that there was need for clarification or separation of statements that were more like pre-conditions or risks.
 * For example, the statement around providing guidance to implementers on using Certificate Authorities that were cross-certified with the Federal Bridge in order to be interoperable with Federal agencies was preferred to be restated as a risk. This was supported with the idea that ONC cannot force private enterprise to follow their guidance or standards
 * In regards to the assumption that ONC will provide guidance regarding “a healthcare specific trust authority or CA process that results in a healthcare specific chain of trust or identifier (e.g. Object ID) that is chained to or part of the Digital Certificate,” there was discussion that it appears out of scope to decide if the certificate is trusted since the focus is to provide a way to find the certificate.
 * The Assumptions were clarified as things that the Use Case is not directly addressing but presumes are taken care of in some way
 * There was concern that addressing some of these assumptions (or risks) was getting to be more implementation-focused rather than solely on the Use Case.

Resolution(s):

 * The statement “The issuance and use of Digital Certificates for both encryption and identification by CAs and/or other entities” was deleted because it feeds into the next assumption “A healthcare specific trust authority or CA process that results in a healthcare specific chain of trust or identifier (e.g. Object ID) that is chained to or part of the Digital Certificate.”
 * The statement “The required content (metadata) of these Digital Certificates sufficient to uniquely verify the holder of the certificate that does not include information reasonably considered sensitive or private to providers” will be revised and can remain in the Assumptions section
 * Generally, the statements under “ONC will issue guidance or standards” will be revised and moved to the risk section of the Use Case.
 * Erik Heflin will work offline to provide rewording of the statement around providing guidance to implementers on using Certificate Authorities that were cross-certified with the Federal Bridge in order to be interoperable with Federal agencies
 * Bob Dieterle agreed to revise the new assumptions to restate as risks

Key Discussion Points:

 * Next Certificate Discovery SWG Meeting rescheduled for July 5, 2:00-3:00PM ET
 * Next Electronic Address Discovery SWG Meeting scheduled for next Thursday July 7, 12:00-1:30PM ET)
 * Next Sprint Team Meeting scheduled for July 8, 2011 3:00-5:00PM ET

**__Next Steps and Questions__**:
= =
 * Develop //Query for Digital Certificate Use Case for Direct Project//, leveraging work done on the //Query for Digital Certificate Use Case (for directed exchange)//
 * Complete consensus on //Query for Digital Certificate Use Case (for directed exchange)//
 * Hold-off on additional harmonization work for the directed exchange Use Case and have it be community-driven (i.e. optional)
 * Recruit Direct Project Rules of the Road WG members to share insights in the development of the subsequent standards harmonization
 * Complete current work on the //Query for Electronic Address Use Case//
 * Ensure data elements are fully addressed in the Use Case and conduct mapping to LDAP, microdata, and HPD as part of Harmonization process
 * Invite Jitin to discuss and clarify scope on mini-harmonization effort as needed for electronic address discovery work stream in future meetings
 * Gauge interest in continuing to explore standards harmonization for electronic address discovery (and/or other outcomes) through a Community-driven initiative
 * Review posted Meeting Minutes for Sprint Team and SWG meetings and provide any corrections