Reminder: Do not include any PHI or PII in Confluence. If you require 508 accessibility assistance or any other support for this system, then please send an email to onc-jira-questions@healthit.gov
We will be performing scheduled maintenance on Saturday July 6th, from 8am to 1pm. During this time, users can expect interruptions in services. We thank you for your patience.
...
Possible Candidates from 7/19/21 Tiger Team Meeting:
TEFCA-specific (per draft 2; will need updating): Recording & communicating a Meaningful Choice; Authorizing an Individual Access Request
Patient Mediated. Patient authorizes access to their data by a third party when it is under patient's management and not the data creator (e.g. an intermediary allows patient to manage their own data).
Patient Directed. Patient authorizes access to their data to a third party through an app as in SMART app launch workflow using the patient's credentials for authenticating themselves at the data holder organization which is the data creator.
3 Compilation of industry-wide digital identity and patient matching projects
...
Risk Analysis 
or similar discussion Identifying the Identity Level of Assurance that is appropriate for various use cases, for example a patient's access to their own data or to make a consent, covered entity access to health data for Treatment/Payment/Operations, verification of demographic attributes to flag as verified and with Patient resource or Encounter context.
Process Include process for considering verifying a photo to be verified for use in matching, e.g., as in 800-63 where photo taken during proofing event is confirmed as matching with photo on identity evidence for IAL2 remote unsupervised etc.
Identity verification use case leveraging the parent's identity verification in order to shore up identity of the child.
...