1. Electronic Submission of Medical Documentation (esMD) Author of Record Workgroup Friday, September 7 th, 2012 1

2. Meeting Etiquette Please announce your name each time prior to making comments or suggestions during the call Remember: If you are not speaking keep your phone on mute Do not put your phone on hold – if you need to take a call, hang up and dial in again when finished with your other call –Hold = Elevator Music = very frustrated speakers and participants This meeting, like all of our meetings, is being recorded –Another reason to keep your phone on mute when not speaking! Feel free to use the “Chat” or “Q&A” feature for questions or comments NOTE: This meeting is being recorded and will be posted on the esMD Wiki page after the meeting From S&I Framework to Participants: Hi everyone: remember to keep your phone on mute 2

3. Agenda 3 TopicPresenter Announcements and Administrative itemsSweta AoR L1 UC E2E Comment ReviewSweta/Bob AoR L1 UC Consensus OverviewSweta AoR SWG DiscussionBob/Dan

4. Announcements Schedule next week: 4 Day/TimeMeeting Wednesday, September 12 th at 10 AM ET AoR Digital Identity Management SWG Wednesday, September 12 th at 1:00 PM ET (2 hour session) AoR Identity Proofing SWG (1-2 PM) AoR Signature Artifact/Delegation of Rights SWG (2-3 PM) Friday, September 15 th at 2 PM ET AoR SWG Recap (10 Minutes) Harmonization of UC 1&2

5. Administrative Items As we prepare for Consensus on the AoR L1 UC, please make sure you are registered and are a “Committed Member” with the esMD Initiative to make sure your vote counts –http://wiki.siframework.org/Joinhttp://wiki.siframework.org/Join 5

6. Administrative Items Registering for the esMD initiative (even if you are registered for other initiatives) will ensure: Inclusion on communications from Support Staff and Leadership Inclusion on forms pertaining to the comment and consensus process Adequate tracking of participation in weekly meetings

7. September 2012 Proposed Schedule 7 SunMonTueWedThuFriSat September 2012* 1 234567 2 PM AoR WG 8 91011 12 10 AM - AoR SWG: Digital Identity Management 1 PM - AoR SWG: Identity Proofing 2 PM - AoR SWG: Signature Artifact/Delegation of Rights 13 Leads will review consensus votes and provide dispositions 14 2 PM – Joint AoR and Harmonization of UC 1&2 15 161718 19 10 AM - AoR SWG: Digital Identity Management --- 1 PM - AoR SWG: Identity Proofing 2 PM - AoR SWG: Signature Artifact/Delegation of Rights 2021 2 PM – Joint AoR and Harmonization of UC 1&2 22 23242526 10 AM - AoR SWG: Digital Identity Management --- 1 PM - AoR SWG: Identity Proofing 2 PM - AoR SWG: Signature Artifact/Delegation of Rights 2728 2 PM – Joint AoR and Harmonization of UC 1&2 29 30 *This is a tentative schedule and subject to change AoR L1 UC E2E Review AoR L1 UC Consensus

8. Recap of Last Meeting Provided a brief overview on next steps for the AoR WG 8

9. Today’s Objectives Review comments from the E2E review period for the AoR L1 UC Discuss Consensus of the AoR L1 UC Discuss logistics regarding the AoR SWGs 9

10. AoR L1 UC Consensus Voting Please cast your vote on the Author of Record Level 1 Use Case –You do not need to have a Wiki login to vote! –Votes are due by the end of the day on Wednesday, September 12 th 10 http://wiki.siframework.org/esMD+Author+of+Record+Use+Case+1+Consensus+Form

11. Consensus Voting Yes –A Yes vote does not necessarily mean that the deliverable is the ideal one from the perspective of the Initiative Member, but that it is better to move forward than to block the deliverable Yes with comments –If a Consensus Process attracts significant comments (through Yes with comment votes), it is expected that the comments be addressed in a future revision of the deliverable. Formal Objection- with comments –Indicating a path to address the objection in a way that meets the known concerns of other members of the Community of Interest. "Formal Objection" vote without such comments will be considered Abstain votes. Formal Objection –Should a Consensus Process attract even one "Formal Objection" vote with comments from an Initiative Member, the deliverable must be revised to address the "Formal Objection" vote (unless an exceptional process is declared). Abstain (decline to vote) 11

12. General Requirements  Solution must  be implementable for pilot in Q1/Q2 2013  scale to all providers and payers  minimize the operational impact required to establish, maintain or use a digital identity  provide for non-repudiation without resorting to audit logs or validation of system configuration  Standards -- required  NIST 800-63-1 Level 3 (December 2011)  NIST 800-57 Part 1 (Revision 3 July 2012)  Federal Bridge Certification Authority Medium Level  X.509v3+ Digital Certificates

13. Sub Workgroup: Identity Proofing Type: Sub workgroup Makeup –Leadership: Robert Dieterle (interim) –SMEs:Wendy Brown –Community: Goal –Define required process for identity proofing of healthcare individuals and organizations for esMD Requirements –NIST SP 800-63-1 Level 3 authentication (December 2011) In-Scope –RA qualifications and certification –Combining RA process with other healthcare identity proofing (e.g. credentialing) –Policy issues regarding identity proofing Out-of-Scope –Digital Credential Management –Digital Signatures –Proxy or Delegation Deliverable: “Summary White Paper” –Assumptions –Statement of Problem –Recommended Solution(s) Review of Standards (e.g. NIST, FICAM) Certification requirements for RAs Proof of identity requirements for –Entities –Individuals Allowed proofing processes (e.g. as part of credentialing?) Frequency of Identity review Appeals process for denial Variation based on specific credentials/use? Revocation (triggers and process) –Identify gaps in current policy impacting Identity Proofing –References 13

14. Sub Workgroup: Digital Credentials Type: Sub workgroup Makeup –Leadership: Debbie Bucci –SMEs: (in process) –Community: Goal –Define required process for issuing and managing digital credentials for esMD Requirements –NIST SP 800-63-1 Level 3 authentication (December 2011) –Federal Bridge Certification Authority (FBCA) certified Medium Level –Digital Certificates must be X.509 V3 based –Must be from CA cross-certified with FB –Must provide for non-repudiation as part of the credentials and artifacts In-Scope –Digital credential life cycle –Relevant standards –Policy issues regarding Digital Credentials Out-of-Scope –Identity Proofing –Digital Signatures Deliverable: “Summary White Paper” –Assumptions –Statement of Problem –Recommended Solution(s ) Review of standards (e.g. NIST, FBCA, FICAM) CA qualifications and list Issuance process Credential types and forms Credential uses (Identity, Signing, Proxy, Encryption, Data Integrity) Specific use credentials (e.g. Direct, DEA) Maintenance requirements Revocation process Trust anchor validation Non-repudiation assurance –Identify gaps in current policy impacting Digital Credentials –References 14

15. Sub Workgroup: Digital Signatures Type: Sub workgroup Makeup –Leadership: Robert Dieterle (interim) –SMEs: Reed Gelzer, … –Community: Goal –Define process, artifacts and standards for transaction and document bundle digital signatures for esMD Requirements –Must provide for non-repudiation as part of the credentials and artifacts –Must ensure data integrity In-Scope –Use Case 1 and 2 transactions –AoR L1 (Signature binding to aggregated document bundle) –Signature workflow –Signature artifacts –Identification of relevant standards Out-of-Scope –AoR L2 –AoR L3 Deliverable: “Summary White Paper” –Assumptions –Statement of Problem –Recommended Solution(s) Review of Standards (e.g. OASIS, IHE, HL7, …) Transaction signature process Transaction artifacts to meet Use Case 1 and 2 requirements Document Bundle signature process Artifacts to meet AoR L1 requirements Data Integrity requirements Non-repudiation assurance –Identify gaps in current policy impacting Digital Signatures –References 15

16. Sub Workgroup: Delegation and Proxy (combine with Digital Signatures) Type: Sub workgroup Makeup –Leadership: –SMEs: –Community: Goal –Define credentials, artifacts and process for Delegation of Rights for esMD Requirements –Must provide for non-repudiation (NIST definition) as part of the credentials and artifacts –Revocable In-Scope –Use Case 1 and AoR L1 Delegation of Rights requirements –Delegation/Proxy workflow –Delegation/Proxy artifacts –Identification of relevant standards Out-of-Scope –AoR L2 –AoR L3 Deliverable: “Summary White Paper” –Assumptions –Statement of Problem –Recommended Solution(s) Review of Standards (e.g. OASIS, IHE, HL7, …) Proxy/Delegation Credential/Artifact(s) Operational consideration for Proxy/Delegation Creation Scope/Content of Proxy/Delegation Revocation of Proxy Credential Transaction proxy requirements Transaction artifacts to meet Use Case 1 requirements Document Bundle proxy signature process Artifacts to meet AoR L1 signature proxy requirements Data Integrity requirements Non-repudiation assurance –Identify gaps in current policy impacting Delegation & Proxy –References 16