*Attendees*
Dave DeMassa, Tufts
Jack Buchanan, Tennessee
Morgan Passiment, AAMC
Ken Klingenstein, Colorado
Keith Hazelton, Wisconsin
Tammy O'Brien, Wisconsin
Jere Retzer, OHSU
Steve Olshansky, Internet2
Jeanette Fielden, Internet2

*Discussion*

AAMC and the University of California system are having a HIPPA camp Nov. 12 and 13, 2002. HIPPA has reached a higher profile on campuses as they are working on policies for privacy to meet the April 2003 deadline. The purpose of the camp is to talk about strategies, common practices and create forums for ongoing discussion. The University Health System Consortium has agreed to participate. Since most medical centers are hybrids, research and clinical, they will revisit at this meeting how do you run the research side and protect the clinical side.

Once policies are in place there will be a need for the systems, security, authorization, authentication etc., to implement the policies. Ken talked about a proposal to be submitted in the networking security space for security with performance. The workshop will focus on practices, architectures and suggestions to campuses on how they can have security and high performance together. It was agreed that something similar would be highly relevant in the HIPPA space. Ken will draft a proposal to the NIH for a follow-up to the HIPPA workshop to create some documents and discussion groups to build on the workshop outcomes. Ongoing discussion forums can include technical issues, network layer, authentication, role-based access etc.

It was deemed important that MaceMed consider an initiative in the HIPPA space in addition to their other work. One possibility is sponsoring a workshop targeted towards best practices and technological alternatives, especially for major institutions that have medical centers. Information can be presented about network architectures, authentication and authorization in implementing HIPPA.

Morgan has mailed out a draft of the AAMC Faculty Roster System to give an overview of the types of data collected. She also reaffirmed that our primary interest in the AAMC identifier is not to access real-time clinical data but to authenticate users authoritatively.

Jack was at the summit meeting hosted by HL7 and OMG. It is not yet clear how our work will relate to theirs. It appears that a shared language for describing affiliations is likely where greatest impact will be though this not yet fully realized enough to be clear. There are also differences in procedural approach between HL7 and OMG that will need to be resolved. OMG has a library of use cases and it was agreed that the group should review those in the course of the requirements work.

As a reminder: Be aware of how you use the definition of middleware in terms of how we define it vs. how other organizations use the term. Our scenarios and requirements work is a start on a set of requirements that should be considered in approaching a solution to the issues.

The NEDS scenario is on hold for the moment due to time constraints. The remainder of the call was devoted to working on the scenario requirements.

The next call is Thursday October 17, 2002.