Chair: Mark Scrimshire

Scribe: Crystal Kallem 

 

Create Decision from template

This is to approve minutes via general consent. "You have received the minutes. Are there any corrections to the minutes? (pause) Hearing none, if there are no objections, the minutes are approved as printed."

Minutes Approved as Presented 


Agenda Topics

Agenda Outline

Agenda Item

Meeting Minutes from Discussion

Decision Link(if not child)
Management

Review ANSI Anti-Trust Policy



Announcements

Single meeting on Fridays from 1:00-2:00 PM ET (reduced to 1 hour)

Join Zoom Meeting https://hl7-org.zoom.us/j/92482555863?pwd=TWQzVENNeStqeEpVTHdicGM2cGdMQT09 

Plan Net issue ticket https://jira.hl7.org/browse/FHIR-29767 is slated to be discussed during the FAST National Directory call on Thursday, Feb 9th. 

Planning Da Vinci IG Implementation Testing?

Learn More here: Open Testing Tools - Build and Validate with Touchstone

The Touchstone Support team and Da Vinci Test Script authors are available to answer questions and provide support with testing Da Vinci Test Scripts in Touchstone.  Please don't hesitate to reach out to Touchstone_Support@AEGIS.net.

Feel free to reach out on Zulip or through Touchstone Support if you have questions. 



CMS Advancing Interoperability and Improving Prior Authorization Processes Proposed Rule (CMS-0057-P)




Administrative Simplification: Adoption of Standards for Health Care Attachments Transactions and Electronic Signatures, and Modification to Referral Certification and Authorization Transaction Standard Proposed Rule (CMS-0053-P)



Block VotesPDex Block Vote 9 containing 12 tickets has been posted to Zulip and the FM listserv. The vote will take place on 2/7/23 FM call. The following is a link to block vote 9 in JIRA: https://jira.hl7.org/issues/?filter=20108.

PDex IG Tickets

Latest CI Build https://build.fhir.org/ig/HL7/davinci-epdx/PayerToPayerExchange.html


Unresolved:

T Key Summary Assignee Reporter P Status Resolution Created Updated Due
Refresh


  • Close to finalizing PDex STU2 for publication. 
  • If additional issues are identified as part of our review of the Prior Authorization Proposed Rule or implementation, can always consider an STU update.
  • It is important to get this IG published soon so CMS could potentially recommend this version of the IG. 
  • A few things to resolve in coordination with the FAST National Directory workgroup. They are in the process of consolidating National Directory IGs into an uber IG (called NDH).
  • The tickets related to clarifying endpoint resources - should be referring back to the National Directory IG, specifically the format of public certificates. As soon as that information is clarified, should be able to update https://jira.hl7.org/browse/FHIR-40236, https://jira.hl7.org/browse/FHIR-38698, and https://jira.hl7.org/browse/FHIR-38697.
  •  Information on what Mark was able to do this week: 
  • Mark moved the test repository used for Connectathon to the HL7 Da Vinci GitHub account: https://github.com/hl7-davinci and https://github.com/HL7-DaVinci/pdex-payer-payer (Payer-to-Payer mTLS Discovery)
  • Mark will add these reference from the payer-to-payer page. 
  • Mark reviewed an Example Endpoint
  • DV: You said that top value was the server certification - DCRP Server Registration Certificate?
  • MS: No, there are two certificates 1) mTLS endpoint; 2) trust framework
  • DV: If this endpoint registration has public certificate that you will find, what if it's not the right information? What if I have a public certificate in here but the one I retrieve is not the exact certificate. Is that a problem?
  • MS: The client is also including a certificate for the bundle they are submitting so both derived from same top level entity.
  • DV: Not sure that will fly. MS Azure implements mine for me and I'm not going to buy another certificate for this scenario. 
  • MS: What we are trying to do - if you are setting up mTLS within your own organization, you can have a server certificate that implements that TLS capability. What mTLS is saying, I've generated server and client certificate that come from same root. 
  • DV: But they don't have to come from same root to be validated. If I have gathered a server certificate and client certificate signed by CA. I'm supposed to put this client certificate in this bhundle  to talk to my server? 
  • MS: You are putting server cert; not the client cert.
  • DV: How does client get my certificate? 
  • MS: They will have to go to one of the CAs
  • DV: It has to be THE CA that is the server certificate. Does that mean there is only one CA so that everyone can get their client certificates? 
  • MS: The CAs that have been discussed for this, there were three well known names. It may require that server has certificate from each of them. 
  • DV: I can't have three different server certificates for one endpoint. Part of the problem is trying to bind client and server certificate being signed by same CA. I think this is a limitation. Server certificate needs to be trusted. Server has to say, we only trust server certificates by this organization. The server will say, give me any client certificate you have, and if you can prove, the server will go out and ask if it knows this client certificate. Understand the need for the certificate to be signed. 
  • MS: The other side of this is how these certificates are tied into the trust framework. 
  • DV: If I put this certificate in the bundle, is it the only that can be used for server identity?
  • BD: If you put in the bundle, you have clarified that this is the one that you are using. 
  • DV: That's my point, why even put it there. If I go buy a GoDaddy Certificate today and security group says I need to change it to Norton later. I have to go back and put a public version of the new certificate in the bundle and update the bundle? Whereas if I put in my endpoint, its there in one place an in one place always.
  • BD: The intent of the directory is to be the one place. 
  • DV: I can look at public cert in national directory and decide, yes, I trust that CA. Why would I do that?
  • BD: Wouldn't you always do that so that you trust the certificate?
  • DV: I will test whether I trust the certificate on the website, no matter whether or not it's in the directory. I'm always going to test the endpoint. If I looked at directory and saw that this certificate was signed by an entity to never trust, maybe i wouldn't go to that endpoint. My trust situation is up to me. Even if I say I'm going to trust this endpoint, I'm still going to do the same check. 
  • BD:  A lot of what we are putting in directory could be treated the same way. If you do query on directory and get back five different endpoints, you can use that set of data to filter down to one. Much of this is up to you to use. If you find some of it is irrelevant, fine. I doubt we will drop them but you don't have to use them.
  • DV: If I hit an endpoint and get a valid and trusted certificate but different than what is in the directory bundle, then should it be terminated or received. 
  • BD: Will depend on your standards of practice. We will never dictate whether or not you should connect.

Trust FrameworkResume discussion about Trust Framework (bottom of the hour)
  • BD: The trust framework is mutual agreement that you will behave in a certain way. You can put inside a certificate; you can have a separate signed document. Whoever manages the Trust Framework will define these requirements. Will also include a URL to the Trust Framework documentation. 
  • Bob needs to pick up the conversation he started with TEFCA. If we can agree on what TEFCA has done as a basis - payment and operation side as opposed to treatment. Will have to work within this framework as part of regulation. Bob will join the second half of the call next week to continue the discussion. 

Implementer SupportImplementation Questions



Chat

12:01:21 From  Crystal Kallem (POCP / Da Vinci PMO)  to  Everyone:
    Today's agenda: https://confluence.hl7.org/pages/viewpage.action?pageId=154994947
12:07:55 From  Wendy Gereke  to  Everyone:
    Thanks carie - apparently I was double muted - and thanks Crystal - YES Touchstone support is always here
12:17:44 From  Mark Scrimshire  to  Everyone:
    https://github.com/hl7-davinci
12:17:58 From  Mark Scrimshire  to  Everyone:
    https://github.com/HL7-DaVinci/pdex-payer-payer


 Adjournment

Adjourned at 1:55 PM ET


Outline Reference

Supporting Document

Minute Approval


PDex Companion Guides

PDex IG Companion Guide List

PDex IG Companion Guide - Laboratory Reporting Resources

Da Vinci is seeking answers to open questions and clarifications needed on the implementation and operational needs of the upcoming CMS Patient Directed API Rules.

Find initial questions and corresponding answers shared from our colleagues at CMS here

  • Links to Published IGs
Other Links:

Source code is here: https://github.com/HL7/davinci-epdx

Payer-Payer Trust outline: Payer-Payer Trust V3.docx

Implementer Resources

Da Vinci Implementer Support Page 

Implementers can take advantage of tools: See the Reference links on the Payer Data Exchange (PDex) page to access links for Reference Implementations, sandboxes, test scripts, and more!

Da Vinci PDex for Patient Access API Frequently Asked Questions (FAQs)

CMS Final Rule Questions and Answers log

ONC FAST National Healthcare Directory (including end points) solution page that includes links to everything (solution doc, Connectathon, HL7 workgroup, etc.): https://oncprojectracking.healthit.gov/wiki/display/TechLabSC/National+Healthcare+Directory

For questions, reach out to us on Zulip:

Formulary STU 1.1.0 Overview

Formulary - Searching by DrugName.docx

Recording of Formulary Tickets for STU 1.1.0 Overview

Action items

  •  

Attendees =

PresentNameAffiliation
PresentNameAffiliation
  •  

Mark Scrimshire

Onyx
  •  
Jarrett Cox
  •  
Yukta BellaniEvernorth/Cigna
  •  
Kanchan Kavimandan
  •  

Corey Spears

MITRE
  •  

Karen Barbeau


  •  

Charlie Provenzano

HealthLX
  •  
Kelli FordahlEvernorth
  •  

David Hill (Dave)

MITRE
  •  
Margaret CouttsEvernorth
  •  

Lloyd McKenzie

Gevity
  •  
Traci O'Brien
  •  

Robert Dieterle

EnableCare
  •  
Spenser UtleyEpic
  •  
Rachel E. Foerster

  •  
Susan CromwellIBM
  •  
Stanley Nachimson Nachimson Advisors
  •  
Barbara Doyle
  •  

Susan Langford

BCBST
  •  
Andra Preisler AHA
  •  
Vanessa CandeloraPOCP, Da Vinci PMO
  •  
Ben McMeenEvernorth
  •  

Daniel Venton 

United
  •  
James DerricksonIntersystems
  •  

Diederik Muylwyk

SmileCDR
  •  
Divya Pahilwani
  •  
@Joe QuinnSmileCDR
  •  
Damian SmithEvernorth
  •  

Jeff Brown 

Lantana, FM Co-Chair
  •  
Brandon Raab
  •  

Christopher Gracon



  •  
Ron WamplerCVS/Aetna
  •  
Stephan Roorda IBMIBM
  •  
Dana MarcelonisPOCP
  •  
Jamie Smith, PhD

IQVIA


  •  
Sonja ZieglerOptum
  •  
Sue CromwellIBM
  •  
Sean MahoneyMITRE
  •  

Alex Kontur

ONC
  •  
Neha
  •  
Bryan Briegel IBM Watson Health
  •  
Balaji NarayananOnyx
  •  

Chris Johnson 

BCBSAL
  •  
Kate Dech
  •  

Ezequiel Morales 

Evernorth/Cigna
  •  
Joel HansonCVS/Aetna
  •  
Nehal AminCVS Health
  •  
Priyanka
  •  

Mark Neumuth 

 Aetna
  •  
Sean Mahoney
  •  
Brett Atwood

  •  
Prabal Basu
  •  

Damian Smith

Evernorth
  •  
Courtney Bland
  •  
Michelle Benz

  •  
VijayCVS Health
  •  
Teresa YounkinPOCP
  •  
Artem SopinEdifecs
  •  
Tom LoomisEvernorth
  •  
Doug Williams
  •  
Serafina Versaggi

  •  
Karen Landin
  •  
Amol VyasCambia Health
  •  
Jim Iverson
  •  
Andrea PrieslerAHA
  •  
Spencer UtleyEpic
  •  
Caleb SuggsUPMC
  •  
Anthony Omosule
  •  
Casey TrauerSmile CDR
  •  
Court Collins
  •  
Christol Green

  •  
Janice HsiehAetna
  •  
Dan Cinnamon

  •  
Erin Huston
  •  
Courtney BlandCVS/Aetna
  •  
Kyle Brew
  •  
Malcolm McRoberts

  •  
Mike COnyx
  •  
Naveen ManiAnthem
  •  
Michael Cox Onyx
  •  
Crystal Kallem POCP, Da Vinci PMO
  •  
Kassie MintesnotLantana
  •  
Bruce WilkinsonBenmedica
  •  
Peter GunterVA
  •  
Dan VentonUnited
  •  
Muhammad Muddassar Ali
  •  
Jacki HemenwayUPMC
  •  
LakshmiAetna
  •  
Mike Evans

  •  
Sheljina IbrahimElevance Health
  •  
Shamil NizamovSmileCDR
  •  
Clarissa WinchesterBCBSAL
  •  
Manish Agarwal

  •  
Mudasir
  •  
Rick Geimer Lantana
  •  
Carie Hammond Aegis
  •  
Michelle BarryAvaility
  •  
Mike CabralPeraton
  •  
Rosaline ShawElevance Health
  •  

Tulsi

Aetna
  •  
Michael Gould ZeOmega
  •  
Victor
  •  
MicheleCareEvolution
  •  
Vency MenezesCNSI
  •  
Jaspreet Kaur

  •  
Donna Haid
  •  
Daniel LilavoisAetna/CVS Health




  •  
Shital Patil

  •  
Miriam
  •  
Joanna ChanLantana
  •  
Parth GabhawalaAetna/CVS Health
  •  
Nick RadovUnitedHealthcare
  •  
Farheen Khalil
  •  
Kevin Prince

  •  
Sanket RavalAetna/CVS
  •  
Brandon StewartLantana
  •  
Jeff HelmanAEGIS
  •  
Gregg JohnsonBCBS SC
  •  
Mark RobertsLeavitt Partners/ CARIN Alliance
  •  
Scott RobertsonKaiser Permanente
  •  
Ryan HowellsLeavitt Partners/ CARIN Alliance
  •  
Matthew MosierOnyx
  •  
Wendy GerekeAEGIS
  •  
Nathaniel Hosenpud

  •  
Ryan Moehrke
  •  
Tanner FuchsCAHQ CORE