1. HIT Standards Committee Privacy and Security Workgroup Dixie Baker, Chair, Privacy and Security Workgroup Walter Suarez, Co-Chair, Privacy and Security Workgroup April 20, 2011 1

2. Privacy and Security Workgroup Dixie Baker, SAIC Anne Castro, BlueCross BlueShield of South Carolina Aneesh Chopra, Federal Chief Technology Officer Mike Davis, Veterans Health Administration Lisa Gallagher, HIMSS Ed Larsen David McCallie, Cerner Corporation John Moehrke, General Electric Steve Findlay, Consumers Union Jeff Jonas, IBM Wes Rishel, Gartner Walter Suarez, Kaiser Permanente Sharon Terry, Genetic Alliance 2

3. Agenda Digital Certificate Standard Update Update on Recommendations for Provider Directory Standard 3

4. Digital Certificate Standard Update Transmittal letter from HITSC sent to ONC 1.Recommended requirements and evaluation criteria for standard 2.Recommendation to investigate benefits and alternatives for cross- certifying Direct Certificate Authorities (CAs) with Federal Bridge CA To enable Direct users to exchange health information with federal health agencies, the HITSC Privacy and Security Workgroup recommends that the ONC investigate architectural and operational alternatives for cross- certifying Direct CAs with the Federal Bridge CA, including an examination of potential benefits, and implications on cost, market dynamics, and complexity 3.Recommendation that HIT Policy Committee recommend policy and governance to establish a minimum level of trustworthiness for CAs issuing certificates for Direct exchanges 4

5. Provider Directories Update Outcomes from March HITSC meeting Approval to proceed to develop recommendations for Enterprise-Level and Individual-Level Provider Directory standards in concert ONC identified immediate need for recommendations for standard for certifying EHR capability to query Provider Directories, for consideration for Stage 2 Meaningful Use HITPC’s Information Exchange Workgroup (IE WG) presentation of recommendations for Individual-Level Provider Directories (ILPDs) to Policy Committee, originally scheduled for April 13, postponed to May 11 meeting Recognizing the immediate need for a standard for EHR provider-directory query, we are implementing measures to minimize the potential impact of this delay Including IE WG’s public materials addressing ILPDs in our deliberations Preparing to make adjustments as needed post May 11 HITPC meeting 5

6. Provider Directories Continuing Testimony Privacy and Security WG received testimony on provide directory standards work Social Security Administration (SSA) experience developing Integrating the Healthcare Enterprise (IHE) Provider Directory Profile ASC X12 Provider Directory transaction Confirming additional testimony from: HL7/OMG’s efforts on provider directories Massachusetts HIE 6

7. IHE Healthcare Provider Directory Profile Social Security Administration led development and proof-of-concept (POC) of Healthcare Provider Directory (HPD) Profile Demonstrated 2 use cases at HIMSS interoperability showcase Profile and POC cover both ELPD and ILPD 7

8. Standards Adopted for IHE HPD Profile 8

9. ASC X12 Provider Directory ASC X12 Transaction 274 – Health Care Provider Information Two implementation specifications ASC X12 004050X109 – Provider Directory Provides standardized data requirements and content for all users of ASC X12 Health Care Provider Information (274) transaction, and detailed explanation of transaction set 005010X207 will be ready for release soon, but awaiting additional requirements from HIT Standards Committee that ASC X12 might incorporate before publishing ASC X12 004050X185 – Provider Inquiry and Response Request list of providers from a specific geography, from a specific payer network, and by specific specialty => Responses provide list of providers and can provide information about the providers’ practices Could be migrated to version 5010 Additional requirements could be incorporated into version 5010 9

10. ASC X12 Provider Directory As a transaction standard, ASC X12 does not define a structure for the Provider Directory Some structure guidance may be taken from the implementation guides where closely related data elements are collected into a data segment, and data loops Observations Provider Directory needs to maintain information regarding provider’s membership within Health Plans’ provider networks X12 believes that directory information should include more than just contact information – including provider’s specialty, whether the provider is taking additional patients, and the provider’s characteristics compatibility with the patient (location, gender, language, hospital affiliation, etc) All of these are provided by ASC X12 Provider Directory, including electronic addresses 10

11. ASC X12 Provider Directory X207 – Provider Directory available information Affiliated Hospital Group Network Provider (i.e., doctor or facility) Site Name Identification Numbers Direct Contact Information Demographic Information Languages Spoken Work Schedule Location Logistics Healthcare Delivery Focus Healthcare Specialty Licensing Accreditation/Certification Name of Affiliated Entity Identification Numbers of the Affiliated Entity More... X135 – Provider Directory – Inquiry Response Information Provider Name Geographic Information Provider Area of Specialization Network Hospital Participation Dates Provider Role Accepting New Patients Provider Identification Number Geographic Information Provider Age Provider Gender Provider Language Site-specific Assistive Aids Sate Licensing Informaiton Site ID Provider Site Location Site Location Information Provider Work Schedule Information More... 11

12. Observations and Conclusions All approaches presented to date look at PDs as a single, integrated structure containing both enterprise and individual directory information, rather than as separate directory systems The Provider Directory standard needs to be implementable at the individual and enterprise levels, as well as centralized and federated The Provider Directory standard needs to accommodate the needs of providers, payers, and consumers Both IHE and ASC X12 offer valuable contributions to our task of recommending requirements for Provider Directory Standards IHE HPD profile has not yet been implemented in a production environment – though it implements more established standards 12

13. Privacy and Security Workgroup Plan DateMeetingGoal April 20 HITSC Meeting Provider Directories: Update report April 27 2:00-4:30 pm ET HITSC – P&S WG Provider Directories: Testimony from HL7/OMG on Provider Directories Testimony from Massachusetts HIE Review IE WG’s presentation materials re ILPDs MAY 2 mtgs (TBD) HITSC – P&S WG Provider Directories: Continue discussion around requirements, standards and criteria for structure, content and publishing of ELPDs and ILPDs Review and discuss final recommendations from HIT Policy Committee on Individual-Level Provider Directories (post May 11 HITPC Meeting) Discuss and finalize recommendations to ONC on requirements, standards and certification criteria for EHR query capabilities to PDs May 18 Full HITSCProvider Directories: Present recommendations on EHR query capabilities to PDs Update Report on other PD-related standards requirements and criteria 13