MaceMed and Related Activities Rob Carter Duke University 12 January 2001
Origins of MaceMed Originated with Mace discussions about HIPAA impact on universities with medical centers Ken convened initial gathering at I2 Fall 2000 I2 member meeting in Atlanta Co-chairs: Rob Carter (Duke University) and Jack Buchanan (UT Memphis/VA Hospital) Current members include representatives from Internet2 & various universities w/ medical centers (Hopkins, Wisconsin, Pitt, UWash)
Activities to date Two conference calls so far (12/20 & 1/5) Next conference call scheduled for 1/19/01 Discussion to date focused on three topics: –Scoping: What is our purpose? –Identifying existing initiatives and other groups to build relationships with (Mace Shibboleth, AAMC, HealthKey, HEPKI-{P,T}AG) –Defining initial projects and objectives
MaceMed Scope Originally identified as “middleware issues for academic medical institutions”, with focus on HIPAA-related issues Recent discussions leaning toward somewhat wider view Starting with a traditional view of “middleware” (authn, authz, directories), but with an eye toward potentially expanding scope into medical “upper middleware” (terminology mapping, etc.)
Issues of Interest PKI, PKI, PKI –HIPAA P&S requirements add up to at least one thing – PKI is in our not-so-distant future –Large medical centers have special needs for authn portability, scalability, reliability, and managability –Academic medical centers complicate the issue by fostering collaboration and supporting academic research relying on “covered” info
Issues of Interest (cont’d) Directory design and interoperability –Authz issues more complex in medical environs –Only made more so by HIPAA P&S regs –Roles and relationships unique to medical situations – patient/provider, provider/payer, provider/credentialer, etc. –Academic medical centers exhibit much higher incidence of inter-institutional collaboration and referrals – standards and interoperability
Related WIP (cont’d) AAMC HIPAA response/cookbook –Collaboration between I2, AAMC, and others –Producing a document to describe how academic medical centers should go about complying with HIPAA P&S requirements –Document being finalized this week – may be reviewed by HHS as well Other I2 groups –Shibboleth (inter-inst authz) HEPKI-PAG (PK policy), Apps Health Sciences Initiatives group
Related Work in Progress HealthKey –NC, UT, MA, WA healthcare group consortium –Developed recommendations for PKIs for healthcare –Working under Robert Wood Johnson grant to develop PKI bridge technology for use in healthcare industry –Working with Federal PKI bridge authority to ensure interoperability with HHS, DEA, etc. –Hoping to have pilot bridge ready in March, 2001 –Interestingly, not really working on directory issues & authz
MaceMed Project: MeduPerson We’re impressed with the EduPerson directory definition – succinct compared with the HL7 proposal for healthcare EduPerson doesn’t cover requirements of medical centers – roles and relationships need to be defined specific to medical environments Considering a similar definition for academic medical centers which will maintain interoperability with EduPerson but support medical needs
Contacts If you or your institution are interested in participating (or just listening in on conference calls) contact us: –Rob Carter –Jack Buchanan –Hoping to have web middleware.internet2.edu soon mailing