Presentation is loading. Please wait.

Presentation is loading. Please wait.

EsMD Author of Record L1 Use Case Meeting Friday, August 3, 2012.

Similar presentations


Presentation on theme: "EsMD Author of Record L1 Use Case Meeting Friday, August 3, 2012."— Presentation transcript:

1 esMD Author of Record L1 Use Case Meeting Friday, August 3, 2012

2 Meeting Etiquette Please announce your name each time prior to making comments or suggestions during the call Remember: If you are not speaking keep your phone on mute Do not put your phone on hold – if you need to take a call, hang up and dial in again when finished with your other call –Hold = Elevator Music = very frustrated speakers and participants This meeting, like all of our meetings, is being recorded –Another reason to keep your phone on mute when not speaking! Feel free to use the “Chat” or “Q&A” feature for questions or comments NOTE: This meeting is being recorded and will be posted on the esMD Wiki page after the meeting From S&I Framework to Participants: Hi everyone: remember to keep your phone on mute 2

3 Use Case Overview Agenda AgendaPresenterTime Frame General Meeting Recap (8/1) and Today’s tasks Sweta Ladwa2:00 – 2:05 AoR Use Case Continue Review of User Story from 8/1 meeting Review updates to previous sections based on 8/1 meeting Presha Patel2:05 – 2:35 Continue discussion of remaining Subworkgroup proposed structure and charge Bob Dieterle Dan Kalwa2:35 – 3:00 3

4 Recap of the Last Meeting Reviewed initial of the Scenario and the User Story sections Provided overview of the new Wiki navigation bar and where to find information for weekly meeting agendas, previous esMD use cases, meeting materials etc. Began discussion of the Charge and Scope of work for Identity Proofing and Digital Credentials. If you would like to sign up to participate in one or more SWGs, please visit the following page: http://wiki.siframework.org/AoR+L1+Use+Case+- +Subworkgroups+Home+Page 4

5 Today’s Objectives Review any community feedback for items discussed during the last meeting Scenario User Story Review updates made to Scope, Post Conditions and Context Diagram based on 8/1 discussion about Acknowledgement sent to Provider Entity from Payer Entity Continue discussions for the charge and deliverables for each of the Sub-workgroups introduced during the last call Digital Signatures Delegation and Proxy 5

6 1.0 Preface and Introduction 2.0 Initiative Overview 2.1 Initiative Challenge Statement 3.0 Use Case Scope 3.1 Background 3.2 In Scope 3.2 Out of Scope 3.3 Communities of Interest 4.0 Value Statement 5.0 Use Case Assumptions 6.0 Pre-Conditions 7.0 Post Conditions 8.0 Actors and Roles 9.0 Use Case Diagram Use Case Outline – Where are we? Note- This is tailored for each Initiative 6 10.0 Scenario 1, 2, x… 10.1 User Story 1, 2, x, … 10.2 Activity Diagram 10.2.1 Base Flow 10.2.2 Alternate Flow 10.3 Functional Requirements 10.3.1 Information Interchange Requirements 10.3.2 System Requirements 10.4 Sequence Diagram 11.0 Dataset Requirements 12.0 Risks, Issues and Obstacles Appendices Related Use Cases Previous Work Efforts References

7 Scenario and User Story Review (Separate Word Document) 7

8 Updates to previously reviewed Use Case Sections 8

9 Scope AoR (L1) Updates in Red In Scope Identity Proofing as part of Non-Repudiation of Actor Identity Digital Credential Management required for Non- Repudiation Actions (Signing and Delegation), Data Integrity and Encryption Digital Signatures and Signature Artifacts for Identity and Non-Repudiation Digital Credentials and Artifacts for Non-Repudiation of Delegation as required by UC1 and AoR L1 Data Integrity requirement actions and artifacts Encryption of PHI requirements Payer Entity validates submission signature and encryption artifacts Payer Entity acknowledges validity* of submission to Provider Entity Interactions between Provider Entity or Payer Entity and: Certificate Authority Registration Authority External Provider Directory And each other *Define Validity of submission - Out of Scope Interactions between: Payer and its Payer Contractors Provider and its Agent Payer or Payer Contractor and its Gateway Transaction level encryption Document level signatures and individual contribution signatures (AoR Levels 2,3) Defining delegation of rights within and between Providers and other authors (AoR Levels 2,3) 9

10 AoR L1 – Updated Context Diagram Digital Identities and Bundle Level Signatures New step in Red Provider Entity Payer Entity Payer Provider (Individual or Organization) Provider (Individual or Organization) Contractors / Intermediaries Agent Payer Internal System Gateway esMD UC 2: Secure eMDR Transmission esMD UC 1: Provider Registration esMD AoR Level 1 Digital Signature on Aggregated Document Bundle Certificate Authority Registration Authority External Provider Directory External Provider Directory 10 Acknowledge validity of signature and encryption artifacts

11 Post Conditions Updates in Red Incorporated #1 below into the User Story and Scope of AoR L1 work 1.Post submission credential and signature artifact processing required by the transmission standard 2.Payer Entity information system process the Document Bundle 11

12 AoR Subworkgroup Discussion Dan Kalwa & Bob Dieterle 12

13 Sub WorkGroup: Identity Proofing Type: Sub workgroup Makeup –Leadership: –SMEs: –Community: Goal –Define required process for identity proofing of healthcare individuals and organizations for esMD Requirements –NIST SP 800-63 Level 3 authentication (V 1.0.2) 2006 In-Scope –RA qualifications and certification –Combining RA process with other healthcare identity proofing (e.g. credentialing) –Policy issues regarding identity proofing Out-of-Scope –Digital Credential Management –Digital Signatures –Proxy or Delegation Deliverable: “Summary White Paper” –Assumptions –Statement of Problem –Recommended Solution(s) Review of Standards (e.g. NIST, FICAM) Certification requirements for RAs Proof of identity requirements for –Entities –Individuals Allowed proofing processes (e.g. as part of credentialing?) Frequency of Identity review Appeals process for denial Variation based on specific credentials/use? Revocation (triggers and process) –Identify gaps in current policy impacting Identity Proofing –References 13

14 Sub WorkGroup: Digital Credentials Type: Sub workgroup Makeup –Leadership: –SMEs: –Community: Goal –Define required process for issuing and managing digital credentials for esMD Requirements –NIST SP 800-63 Level 3 authentication (V 1.0.2) 2006 –Federal Bridge Certification Authority (FBCA) certified Medium Level –Digital Certificates must be X.509 V3 based –Must be from CA cross-certified with FB –Must provide for non-repudiation as part of the credentials and artifacts In-Scope –Digital credential life cycle –Relevant standards –Policy issues regarding Digital Credentials Out-of-Scope –Identity Proofing –Digital Signatures Deliverable: “Summary White Paper” –Assumptions –Statement of Problem –Recommended Solution(s ) Review of standards (e.g. NIST, FBCA, FICAM) CA qualifications and list Issuance process Credential types and forms Credential uses (Identity, Signing, Proxy, Encryption, Data Integrity) Specific use credentials (e.g. Direct, DEA) Maintenance requirements Revocation process Trust anchor validation Non-repudiation assurance –Identify gaps in current policy impacting Digital Credentials –References 14

15 Sub WorkGroup: Digital Signatures Type: Sub workgroup Makeup –Leadership: –SMEs: –Community: Goal –Define process, artifacts and standards for transaction and document bundle digital signatures for esMD Requirements –Must provide for non-repudiation as part of the credentials and artifacts –Must ensure data integrity In-Scope –Use Case 1 and 2 transactions –AoR L1 (Signature binding to aggregated document bundle) –Signature workflow –Signature artifacts –Identification of relevant standards Out-of-Scope –AoR L2 –AoR L3 Deliverable: “Summary White Paper” –Assumptions –Statement of Problem –Recommended Solution(s) Review of Standards (e.g. OASIS, IHE, HL7, …) Transaction signature process Transaction artifacts to meet Use Case 1 and 2 requirements Document Bundle signature process Artifacts to meet AoR L1 requirements Data Integrity requirements Non-repudiation assurance –Identify gaps in current policy impacting Digital Signatures –References 15

16 Sub WorkGroup: Delegation and Proxy Type: Sub workgroup Makeup –Leadership: –SMEs: –Community: Goal –Define credentials, artifacts and process for Delegation of Rights for esMD Requirements –Must provide for non-repudiation (NIST definition) as part of the credentials and artifacts –Revocable In-Scope –Use Case 1 and AoR L1 Delegation of Rights requirements –Delegation/Proxy workflow –Delegation/Proxy artifacts –Identification of relevant standards Out-of-Scope –AoR L2 –AoR L3 Deliverable: “Summary White Paper” –Assumptions –Statement of Problem –Recommended Solution(s) Review of Standards (e.g. OASIS, IHE, HL7, …) Proxy/Delegation Credential/Artifact(s) Operational consideration for Proxy/Delegation Creation Scope/Content of Proxy/Delegation Revocation of Proxy Credential Transaction proxy requirements Transaction artifacts to meet Use Case 1 requirements Document Bundle proxy signature process Artifacts to meet AoR L1 signature proxy requirements Data Integrity requirements Non-repudiation assurance –Identify gaps in current policy impacting Delegation & Proxy –References 16

17 Areas to Address Use Case TopicUC1: RegistrationUC2: eMDRAoR L1 Bundle Identity Proofing Required Digital Identity Management Required Digital Signatures & Signature Artifacts Required Delegation of Rights RequiredNot RequiredOptional PHI Encryption Not ApplicableRequiredTBD Other Topics Characteristics of solution Non-Repudiation* Required Characteristics of solution Data Integrity** Required Provider Directories Required TBD 17 *Non-repudiation (NIST) - Non-repudiation is a service that is used to provide assurance of the integrity and origin of data in such a way that the integrity and origin can be verified by a third party. This service prevents an entity from successfully denying involvement in a previous action. **Data Integrity (NIST) - Data integrity is a property whereby data has not been altered in an unauthorized manner since it was created, transmitted or stored. Alteration includes the insertion, deletion and substitution of data.

18 User Story Components / Workflow / Sub-workgroups (4) 1. Identity Proofing Federal Bridge / NIST Level 3 Individual and Organization Proof of identity requirements Allowed proofing processes 2. Digital Credentials Issuance Credential types and forms Credential uses (Identity, Signing, Proxy, Encryption, Data Integrity) Specific use credentials (e.g. Direct) Maintenance requirements Revocation 3. Signing Transaction and AoR L1 Workflow Artifacts 4. Delegation and Proxy Credential approach Delegation process Use and limitations on Use Revocation Note - Sub-workgroup leaders & meeting schedule is TBD at this time 18

19 User Story -- Additional Components / Workflow Provider Directories (required for entire initiative) Information requirements Interactions (transactions) Entry validation standards Use and limitations on use esMD Policy Issues (following report from SWG 1-4) Requiring digital identities Requiring digital signing of transactions Requiring digital signing of submission Implications of attestation Other General Issues Non-repudiation Data integrity PHI encryption 19

20 Content available on Wiki from previous meetings o Assumptions, Pre and Post Conditions -http://wiki.siframework.org/AoR+UC+L1+- +Assumptions%2C+Pre+and+Post+Conditionshttp://wiki.siframework.org/AoR+UC+L1+- +Assumptions%2C+Pre+and+Post+Conditions o Actors and Roles - http://wiki.siframework.org/AoR+L1+-+Actors+and+Roleshttp://wiki.siframework.org/AoR+L1+-+Actors+and+Roles o Communities of interest table - http://wiki.siframework.org/AoR+L1+-+Communities+of+Interesthttp://wiki.siframework.org/AoR+L1+-+Communities+of+Interest o User Story - http://wiki.siframework.org/AoR+UC+L1+-+User+Storyhttp://wiki.siframework.org/AoR+UC+L1+-+User+Story o Glossary - http://wiki.siframework.org/AoR+L1+Use+Case+-+Glossary+of+Termshttp://wiki.siframework.org/AoR+L1+Use+Case+-+Glossary+of+Terms o In Scope and Out of Scope Items - http://wiki.siframework.org/AoR+Use+Case+L1+-+In- Scope+and+Out+of+Scopehttp://wiki.siframework.org/AoR+Use+Case+L1+-+In- Scope+and+Out+of+Scope o Use Case Context Diagram - http://wiki.siframework.org/AoR+Use+Case+Context+Diagramhttp://wiki.siframework.org/AoR+Use+Case+Context+Diagram 20


Download ppt "EsMD Author of Record L1 Use Case Meeting Friday, August 3, 2012."

Similar presentations


Ads by Google