I have made comment in several blog posts regarding the use of social media and other online tools by the ONC to seek input and communicate plans and priorities. Several people have asked me for specific examples. One such example is use of a blog by the Privacy & Security Tiger Team to gather community input.
On Oct 21st, I received the following email from the ONC:
The Privacy & Security Tiger Team seeks your comments on how the identities of provider organizations are authenticated for the electronic exchange of protected health information.
Specific questions to consider include:
- What strength of provider-entity authentication (level of assurance) might be recommended to ensure trust in health information exchange (regardless of what technology may be used to meet the strength requirement)?
- Which provider-entities can receive digital credentials, and what are the requirements to receive those credentials?
- What is the process for issuing digital credentials (e.g., certificates), including evaluating whether initial conditions are met and re-evaluation on a periodic basis?
- Who has the authority to issue digital credentials?
- Should ONC select an established technology standard for digital credentials and should EHR certification include criteria that tests capabilities to communicate using that standard for entity-level credentials?
- What type of transactions must be authenticated, and is it expected that all transactions will have a common level of assurance?
You can submit your comments on the Federal Advisory Committee Blog. Take the opportunity to join the discussion today. Remember, the deadline for feedback is October 29.
As of this evening (October 26th), there are seventeen comments posted on the blog.