*Discussion*

With respect to the scenarios there was consensus that with the addition of remote access of records there are three solid scenarios to move into the requirements development phase.

The group also agreed that while vocabulary, defined as a set of characteristics that allows us to figure out roles, is vital it is important not to get sidetracked into trying to define that vocabulary. The desire is to use a reference that’s generally recognized in the medical community and campuses can map themselves into that vocabulary.

The next step is the requirements phase. The scenarios may need minor adjustments as requirements are identified but otherwise they are in finished form. The scenarios need to be deconstructed into requirements, such as data and security, with an eye to what object classes are already available from other Middleware efforts within Internet2. Where possible existing class will be used and where necessary new ones can be defined. It was decided that much of the requirements work will be conducted over the list with dedicated conference calls to work on the requirements as needed.

The question of level of access is also of concern in specifying requirements. Example: A person has a care provider relationship to a patient regardless of their specialty. Do they have access to any special information that may exist about the patient, such as HIV status, substance history etc? In HIPPA it will be required to give certain level of protection on information about certain conditions (substance abuse history, HIV status, psychological treatment). These requirements can also vary by state and institution so there will need to
be some provision for flexibility in the system with a set of default protections.

The next call is Thursday August 8, 2002.