1. Workgroup Introduction & Trust Mark Briefing Transport & Security Standards Workgroup September 22, 2014

2. September 22, 2014 Agenda Meeting Objective: Introduce workgroup and discuss NSTIC Trust Mark Pilot 12:00 p.m.Call to Order/Roll Call Workgroup Introduction and Charge Introduction of All Members — Michelle Consolazio, Office of the National Coordinator 12:20 p.m.Discussion of Draft Workplan — Dixie Baker, Chair 12:25 p.m.Presentation-Trust Mark Pilot — John Wandelt, Chief, Information and Enterprise Architecture Division (IEAD) Executive Director, National Identity Exchange Federation (NIEF) Georgia Tech Research Institute (GTRI) 12:50 p.m.Discussion 1:15 p.m.Next Steps 1:25 p.m.Public Comment 1:30 p.m.Adjourn 1

3. Content Standards Chair: Andy Wiesenthal Co-chair: Rich Elmore HITSC Workgroups and Chairs 2 Architecture, Services & APIs Chair: David McCallie Co-chair: Arien Malec Transport and Security Standards Chair: Dixie Baker Co-chair: Lisa Gallagher Semantic Standards Co-chair: Jamie Ferguson Co-chair: Becky Kush Health IT Standards Committee Chair: Jacob Reider Vice Chair: John Halamka Implementation, Certification &Testing Co-chair: Liz Johnson Co-chair: Cris Ross Steering Committee Chair: Jacob Reider Co-chair: John Halamka *Task Forces may be needed for specific work assignments

4. Workgroup Membership First NameLast nameOrganization DixieBakerMartin, Blanck, and Associates LisaGallagherHIMSS JeffBrandt Consultant BrianFreedmanSecurity Risk Solutions, Inc. JohnHummelTahoe Forest Hospital District LeRoyJonesGSI Health StevenLaneSutter Health PeterKaufmanDrFirst, Inc AaronMiriChildrens Medical Center ScottReaDigicert SharonTerryGenetic Alliance JulieChuaONC staff lead 3

5. Member Responsibilities Workgroup members are expected to be actively engaged in their workgroup – Two meetings each month, with published agendas – Membership of the workgroups will be reviewed on a quarterly basis to ensure active participation – Members missing more than 5 meetings will be removed from membership (unless extenuating circumstances) – Differing opinions are welcome and encouraged but should be done in a respectful manner – Participants should be prompt and do their best to minimize personal interruptions (e.g., mute phones) All meeting materials are due at least 24 hours in advance of workgroup meetings – Members are expected to review materials in advance of the meeting and be actively engaged in the discussion 4

6. Workgroup Charge Support standards for security, privacy, and data transport Examples of items to be discussed, but are not limited to: – securing data at rest – security for application programming interfaces and RESTful approaches that support modular application integration – consent management technology (e.g., consent to access/use EHR data, disclose) – digital identity (alignment with National Strategy for Trusted Identities in Cyberspace (NSTIC)) – data provenance, i.e., methods of recording and conveying the source of data 5

7. (estimates) FACA Workplan 2014 Q32014 Q42015 Q12015 Q2 JunJulAugSepOctNovDecJanFebMarAprMayJun Interoperability Governance Subgroup JASON Task Force Kick-off Milestone Joint HITPC/HITSC JASON/Governance Final Recs Federal HIT Strategic Plan Posted for Comment FACA Final Interoperability Roadmap Recs FACA Final HIT Strategic Plan Comments Interoperability Roadmap Posted for Comment HITPC comments on MU3 NPRM HITSC comments on Certification NPRM 6

8. Draft Workplan 7 TasksStart DateDue Date14- Jun 14- Jul 14- Aug 14- Sep 14- Oct 14- Nov 14- Dec 15- Jan 15- Feb 15- Mar 15- Apr 15- May Workgroup Kick-Off9/22/2014 Presentations to inform future work (Trust Mark (HIE Trust), Consent Management, Patient Matching/Patient Identity) 9/22/201412/14/2014 Comment on Certification NPRM TBD Q1 Comment on published version of Interoperability Roadmap TBD Q1 Data Provenance Recommendations 3/18/20155/20/2015 Italicized dates are estimates