Healthcare+Certificate+Discovery+of+Directed+Exchange+SWG+Meeting+Minutes+2011-06-06


 * Date:** June 6, 2011 2:30-4:00PM EDT
 * Name:** Provider Directories (PD) Initiative – Healthcare Certificate Discovery for Directed Exchange SWG Meeting Session 1

Agenda/Objectives:

 * **Topic** || **Time Allotted** ||
 * User Stories || 45 minutes ||
 * Use Case Diagrams || 25 minutes ||
 * Identification of Community Volunteer Leads/Co-Leads || 10 minutes ||
 * Sprint Team Logistics || 5 minutes ||
 * Next Steps and Questions || 5 minutes ||

Attendees:
__Workgroup Attendees__: Karen Witting, Ernest Grove, LesterKeepper, Robert Kaye, Robert Dieterle, Arthur Hedge, Boris Shur, Ryan Balsick, Peter Bachman, Scott Chapin, Chris Andreou, Van Nguyen, Cheryl Liu, Jonathan Tadese, Erik Pupo, Rao Parvatam, Dave Shevlin, Joy Styrcula, Terri Skalabrin, Jaime Estrada, Sid Thornton, Bob Yencha, Kelly Gonzalez, Sri Koka, Joni Bass, Sean Gibson, John Williams, Jitin Asnaani, Judith Fincher

__Panelist Attendees:__ Virginia Riehl, Victoria Njoku, Jitin Asnaani

Action Items:

 * Action Item || Status / Next Steps || Lead || Contributors || Due Date ||
 * None ||  ||   ||   ||   ||

Key Discussion Points: User Stories

 * Under this use case, the requester has the electronic address
 * If one assumption is that recipient needs to have access to the public key, then it is not certain why the certificate needs to be discovered
 * The idea that the electronic address was supplied by the patient during an out of band request from the receiving provider is not appropriate in this user story. It is sufficient to indicate that the electronic address is known and not where it was obtained from
 * Another assumption could be that the requester is unknown to the sender
 * Trust may need to be established prior to the query for the digital certificate, that is the requester would already be known to the sender since the electronic address is known
 * It may not be a provider directory that is being queried, perhaps some certificate repository
 * There is no need for the recipient to use the certificate from the sending provider to validate the source of the patient information
 * It is critical to include that the certificate is used to confirm the identity of the sending provider and that the certificate is issued and signed by a trusted authority
 * Electronic address will need to be defined to ensure everyone has same level of understanding

Resolutions:

 * Instead of using “provider directory,” as the system being queried to retrieve the digital certificate, a “certificate store” will be used instead
 * One pre-condition to establish is that trust needs to be established, the trust is the certificate itself or the issuer of the certificate. The sending system will need to verify that the certificate of the recipient has been issued by the trusted authority and this should be included in the user story
 * In regards to confirming the identity of the sender and that the certificate is trusted, include “the recipient uses the sender’s electronic address to access the certificate store to confirm the identity of the sending provider and confirms that the public certificate of the sender is signed by a trusted authority and to retrieve the certificate.”
 * Define electronic address

Key Discussion Points: Use Case and Context Diagrams

 * Under this use case, it needs to be clear whether there is an assumption that there is a 1:1 query/response, and whether more than one electronic address is needed
 * Under a directed exchange, this use case is solely a certificate lookup then and nothing more. The diagrams need to reflect this.
 * One purpose for retrieving the certificate is to do encryption
 * The meaning of a digital certificate needs to be clarified
 * In a situation where the certificate store does not return any certificate, then some error message should be indicated.
 * Some text should be added to the alternate flows to indicate such error message.

Resolutions:

 * Update “provider directory” to “certificate store” to reflect previous discussion

Key Discussion Points: Identification of Community Volunteer Leads/Co-Leads

 * A volunteer lead was solicited to help lead SWG members and more work to be completed

Resolutions:

 * Sri Koka volunteered as one of the Co-Leads
 * Other SWG members were asked to send an email to the support leads if interested and willing to occupy second Co-Lead position