MedMid Call January 8, 2004

*Attendees*
Keith Hazelton, U. Wisconsin
Dave Demassa, Tufts
Morgan Passiment, AAMC
Paul Jolly, AAMC
Kirke Lawton, AAMC
Jere Retzer, OHSU
Jeanette Fielden, Internet2
Renee Frost, Internet2
Mary Kratz, Internet2
Steve Olshansky, Internet2

*Discussion*

Please review the Internet2 Intellectual Property Framework at: http://members.internet2.edu/intellectualproperty.html

The proposal for the MedMid track session for the spring member meeting is due a week from tomorrow. There was agreement that a session with a focus on security would be of interest, with specific interest in wireless security for healthcare.

Topics that can be discussed might include:

The Project Sentinel Collaboratory at Georgetown (http://biodefense.georgetown.edu/project-sentinel.asp), which is a system to enable and enhance medical response to bio-terrorism.
Experiments and pilots at the University of Wisconsin to support the public health information network. One is called HAN (Health Alert Network), and another is the National Electronic Disease Surveillance Systems (NEDSS).
Inviting the chair of the Security at LineSpeed group or someone recommended by him that is affiliated with a medical campus to talk about wireless and PKI security issues in the health care/sciences space.
[AI] Steve will contact potential speakers about participating in the MedMid I2MM panel.

If you have suggestions about the panel mail them to Steve.

Dave stated that TUSK has submitted a grant to National Library of Medicine and they are waiting to hear back if it’s been accepted.

AAMC Project Kirke has put together a page for retrieving an AAMC id at https://staging.aamc.org/medmid/. The entry page from the application, such as the Cincinnati pilot, needs to have the information and explanation that’s specific to the pilot. It should also explain what information you may need to enter to generate a match. The AAMC lookup page will be more generic in nature. The page is a read only lookup. It does not use information entered by the user to update the AAMC record. Currently the user would perform the look up and the copy and paste the returned number into the application. There is interest in server-to-server communication that would allow the AAMC identifier to go directly into the application.

There are twelve fields of information that can be entered. How many are needed to find a match depends on the information AAMC already has. If you have a medical degree from the U.S. or are on faculty at a medical college, name and degree may be sufficient since AAMC likely has an identifier assigned. In other cases, such as Ph.D’s, they may have an identifier but the information stored may not be complete and it may take much more information to generate a match. There is a scoring algorithm used in how entered data is matched against stored data, to create a match. As a result it’s not a cut and dried, “this minimum set of information will return an AAMC number.” This can be explained on the pilot page that sends the user to the AAMC page.

The advantage of a web service is that users would not have to reenter information they submitted to register for the class. If the pilot has a registration page that collects that information, the AAMC could provide an API to post to and have the API return an AAMC identifier. There would be no visible interface to the user. Information might also be used to update AAMC records though that would need to explained and disclosed to users.

It is important to note that knowing the AAMC identifier does not grant access to anything. It is not intended to authenticate for any purpose, it’s strictly a unique identifier to resolve identity conflicts. i.e. to verify that Dr. John Smith is indeed Dr. John Smith of Duke and not Dr. John Smith of Notre Dame, or that he has moved from one institution to the other.

Dave suggested that he would like to see a lockout if someone tries a name too many times to prevent fishing for information. He also suggested that it might be useful to prompt individually for additional information if a match isn’t found so people don’t have to fill out a bunch of fields initially in hopes of getting the right information entered. While the look up page could be configured to issue an id when no match is made Jere indicated that keeping the functions separate is preferable from a security viewpoint.

Currently there is not a direct web interface for users update their own information, the AAMC systems using the lookup update information through the accessing application.