I do not know the answer to this question but I am trying to figure it out.
Of course, HHS has an ARRA created group called the HITPC or (Health Information Technology Policy Committee) that will apparently be playing a central role in general NHIN policy making. Further there is a sub-committee there called the Privacy & Security Policy Workgroup. Apparently, if there was a single group who my group would “bubble up” issues to… this would be it. Their charter is:
The Privacy & Security Policy Workgroup will address Privacy and Security in the health IT policy context. At a very high level, the new Privacy & Security Policy Workgroup will define and address the policy challenges related to privacy and security; discuss a set of principles around privacy and security; and various methods of ensuring privacy and security.
The term “very high level” is somewhat problematic from my perspective because the kinds of questions I would like to see answered are pretty specific like “What should NHIN Direct users take into consideration as they choose a provider of X.509 certificates?” That does not sound like to me to be “very high level”.
However, there are some people in this group who have technical know-how. At least some of them should be able to speak the language that I am trying to use. Some of them I know personally. Others I have never heard of. I decided that I would share with you what little information I was able to glean about this small group…
- Deven McGraw, Chair, Center for Democracy & Technology Lawyer type.
- Rachel Block, Co-Chair, NYS Department of Health Really could not find a decent bio on Rachel.. but she does have a presentation or two online. She used to work for Howard Dean, so I am going to list her as politician/policy wonk.
- Paul Tang, Palo Alto Medical Foundation Paul is very well known in the Health Informatics community and I have rubbed shoulders with him several times. I presented to him at the NHCVS hearings on meaningful use. I am pretty sure this guy could manage OpenSSL from a unix prompt.
- Latanya Sweeney, Carnegie Mellon University Latanya has done some interesting work on re-identification techniques, and recently submitted testimony regarding NHIN Security that I found pretty useless. She is associated with Dr. Peel and the Patient Privacy Rights group. She went to MIT, whatever else I think of her work, she can handle OpenSSL
- Gayle Harrell, Consumer Representative/Florida Politician.
- Mike Klag, Johns Hopkins University, Public Health
- Judy Faulkner, Epic, Inc. She runs a proprietary health software company. I will give her the benefit of the doubt.
- Paul Egerman, Consultant This guy does proprietary speech recognition software. Again I will give him the benifit of the doubt.
- Dixie Baker, SAIC computer scientist.
- Paul Uhrig, SureScripts Lawyer. He worked with me to make Surescripts more Open Source compatible. Nice guy.
- Terri Shaw, Children’s Partnership Policy Wonk, but its nice to see someone with a child-focus. Health privacy with kids is really hard. They are not the same as short adults.
- John Houston, University of Pittsburgh Medical Center Lawyer
- Joyce DuBow, AARP Policy wonk… she gave some testimony
- A. John Blair, MD, Provider could not be sure who this is..
- Peter Basch, MD, Provider could not be sure who this is
- Justine Handelman, Blue Cross Blue Shield payer… could not find clear bio information
- Dave Wanser, National Data Infrastructure Improvement Consortium Psychologist
- Kathleen Connor, Microsoft I would have guessed techie… but I would be wrong.. she is a policy wonk
This is exactly the type of group that should be overlooking high-level security and privacy issues. They have lots of different perspectives and lots of different skills, but they all have a very relevant role to play in the future of healthcare information privacy in the United States. But I do not think this is the group to answer the question: “What should NHIN Direct users take into consideration as they choose a provider of X.509 certificates?”
I am happy that at least some of the members of this group would at least know what I am talking about.
I hope this linked list of names is more helpful to you then the list at HHS, which does not really tell you much.