March 13, 2007

The Honorable Michael O. Leavitt

Chairman

American Health Information Community

200 Independence Avenue, S.W.

Washington, D.C. 20201

Dear Mr. Chairman:

The Confidentiality, Privacy, and Security (CPS) Workgroup is submitting this letter to the American Health Information Community (AHIC) as a follow-up to the patient identity proofing recommendations presented at the January 23, 2007 AHIC Meeting.

During this meeting, the CPS Workgroup presented five recommendations pertaining to patient identity proofing. The AHIC approved the first four recommendations and tabled the fifth recommendation. The original and revised recommendations are listed below.

Version Presented on January 23, 2007:

Recommendation 5: Where applicable, the Certification Commission for Healthcare Information Technology (CCHIT) should develop certification criteria for the systems and networks they certify to support the identity proofing practices in these recommendations.

Revised Version:

Recommendation 5: CCHIT should be made aware of the identity proofing recommendations accepted by the AHIC on January 23, 2007, and where possible security criteria it develops should support these recommendations.

Thank you for giving us the opportunity to submit this revised recommendation. We look forward to discussing it with you and the AHIC Members.

Sincerely yours,

Kirk J. Nahra

Chair

Confidentiality, Privacy, and Security Workgroup