*Attendees*
Jack Buchanan, Memphis (chair)
Tammy O'Brien, Wisconsin
Keith Hazelton, Wisconsin
Morgan Passiment, AAMC
June Moody, AAMC
Kirke Lawton, AAMC
Dave Damassa, Tufts
Steve Olshansky, Internet2
Jeanette Fielden, Internet2

*Discussion*

The focus of the call was to explore, with AAMC representatives, the potential to use AAMC identities as an authority for identity management. AAMC's database of identities has been suggested as an authoritative source for the people they cover in the medical education community. While they do not cover 100% of the medical community they cover a very large portion of it. AAMC has a large database with high quality data that they have been working with for a number of years. Utilization of the AAMC's identifiers would help minimize reinventing the wheel and build on their considerable experience.

One significant issue in the MedMid scenarios is identity management. How do we differentiate between people with the same name, or that this is the same person at two different institutions? Being able to discern that this Jane Smith is the same or not the same as that Jane Smith is critical.

In the scenarios there are different levels of need for identity verification. For medical education it may be enough to verify that it's a student enrolled in a given class, and not verify exactly which student. For access to medical directory information it could be on the level of: "are they members of an institution and have a role that allows access to that directory information?" With respect to patient information the standard is higher. There will be a need to verify who that person is, and that they are allowed access to that material.

One idea purposed for consideration was a periodic data export from AAMC that would be input into an automated system and used in an automated secure fashion rather than real time access. Based on the access levels above the identifier could be linked at the appropriate level to verify identity for access purposes.

The group discussed possible policy issues for AAMC with respect to letting systems outside AAMC access this information and possible ways to structure design to control the level of information access. The desire is not to create another database out there but also not to create an increased load on the AAMC.

Two concerns expressed by AAMC in the discussion are that 1) many don't realize they have an AAMC identifier and 2) while the data is very good quality, there are some errors.

While there are growing efforts to increase awareness of AAMC identifier's, particularly through medical education institutions, there would need to be consideration of how to expand efforts to educate people about what the identifier is and what it means.

If such a widespread use of the AAMC identifier is implemented how large will the volume of calls about out-of-date/incorrect data become? There will need to be planning for the increase. Also how will errors and changes be handled, tracked, etc? What kind of development will be needed for this? One suggestion was a change log table could be maintained by the originating system. If scoped appropriately it can be forecast how much is needed, in terms of resources, to maintain such a table.

There will be a need for flexibility in managing changing identifiers. Some have built systems that assume the identifier is strictly static but that's not the case; so there will need to be planning around how to minimize arising issues. It could also be architected into the system that before the identification process is deemed complete, a check against an identification revocation list would be run.

Since there is high interest in such an application there are a number of sources to apply to for funding of such development.

The general consensus was that there are definite areas of mutual interest to continue discussions around. AAMC will have some internal discussions and contact Steve about next steps.

The next MedMid call is October 3 2002.