Uploaded image for project: 'FHIR Specification Feedback'
  1. FHIR Specification Feedback
  2. FHIR-36254

Missing details of payer-to-payer mutual authentication

    XMLWordPrintableJSON

Details

    • Icon: Change Request Change Request
    • Resolution: Persuasive with Modification
    • Icon: Medium Medium
    • US Da Vinci PDex (FHIR)
    • 2.0.0-ballot
    • Financial Mgmt
    • Payer-to-Payer Exchange [deprecated]
    • 4.2
    • Hide

      The mTLS element of the workflow diagram in section 4.2.1 has been expanded on the Payer-to-PayerExchange page.

      Profiles have been added to the IG to detail the Endpoint bundle that can be made available for payers to query for other Payer endpoints. 

      The bundles, when signed by a Certificate Authority (CA), would provide confidence in the legitimacy of the endpoint information. 

      Information is being finalized about the location of the public GitHub repository that can house the endpoint bundles for payer discovery.

       

      Show
      The mTLS element of the workflow diagram in section 4.2.1 has been expanded on the Payer-to-PayerExchange page. Profiles have been added to the IG to detail the Endpoint bundle that can be made available for payers to query for other Payer endpoints.  The bundles, when signed by a Certificate Authority (CA), would provide confidence in the legitimacy of the endpoint information.  Information is being finalized about the location of the public GitHub repository that can house the endpoint bundles for payer discovery.  
    • Bob Dieterle / Celine Lefebvre: 21-0-1
    • Clarification
    • Compatible, substantive
    • Yes
    • 2.0.0-ballot

    Description

      The connectivity diagrams (section 4.2.1, "Step 1a", items 1-7) indicate the use of a "Payer Directory | Certificate Authority" that the new payer will contact as the first step in establishing contact with the old payer. However, the text simple states "Each retrieval method SHALL be preceded by the use of the following interaction to match a member and provide consent" and "The steps in the Member Match with Consent process are: Establish a secure connection via mTLS" without explaining what that directory lives or how it is maintained. Is this intended to be a central authority managed by a governing body, an internal repository that each payer builds and maintains themselves, etc?

      Attachments

        Activity

          People

            Unassigned Unassigned
            sutley Spencer Utley
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: