Professional Associations that bring together competing entities, such as HL7, are subject to strict scrutiny under applicable antitrust laws. HL7 recognizes that the antitrust laws were enacted to promote fairness in competition and, as such, supports laws against monopoly and restraints of trade and their enforcement. Each individual participating in HL7 activities, regardless of venue, is responsible for knowing the contents of and adhering to the HL7 Antitrust policy as stated in §05.01 of the Governance and Operations Manual (GOM).
Welcome, agenda review, meeting minute approval
MedMorph Content IG Updates/Review- Central Cancer Registry Reporting and Health Care Surveys
The HL7 FHIR® Implementation Guide: Making EHR Data More Available for Research and Public Health (MedMorph); Cancer Use Case, Release 1- US Realm ballot reconciliation is complete.
Ballot reconciliation needs to get work group approval before requesting publication.
Next steps-- send the completed reconciliation to the listserv and get work group approval for publication
Immunization ISA comments
The ONC's Interoperability Standards Advisory (ISA) Vocabulary/Code Set/Terminology Covid 19 section lists the immunization implementation guide (IG).
Discussed the appropriateness for having IGs in the terminology section
There is already a section for public healthimplementationguides in the ISA.
If IGs were to be listed in this section, there would be more IGs needing to be listed.
Next steps-- Craig will log a comment regarding removing the IG from the Terminology section.
The artifact pages need to updated to include JSON, XML, etc. for past and present jobs
The updates involve more than creating an errata
It will need to be an STU update to 1.3
Next steps-- share proposed changes with listserv, once complete share with listserv and come to WG for a vote a week after
Apply maturity levels to our IGs
How are FMM levels applied for IGs?
Maturity levels have been generalized, so no longer core specific
Can declare at the IG via extensions, which can cascade, so if set at the IG level will apply to all content in the IG unless overridden
FHIR-I/FMG asking WGs to start thinking about FMM levels, but not currently required by use, but THO is applying some pressure about FMM levels.
How does FMM5/normative work for US Core since it requires multiple countries? A: that restriction does not apply to US core, can ignore that requirement for now
The WG is looking for clarification on what is coming down the pike
Next steps-- review the maturity levels and consider the impact on our projects
WGM Follow Up Discussion
Authorization Discussion at the WGM was confusing
Notes from the WGM
Question about authorization, etc. for SMART or core FHIR, considering the minimum necessary requirements that restrict access for public health? A: Core FHIR basically says you should think about it, SMART is a bit more specific for it's use case, for example you will probably not get write access to all possible kinds of Observation resources, but all Immunizations is maybe a less restrictive use case. Can use security meta tags to enable this where applicable, but there is a basic expectation for any use case to not let data flow when the recipient is not allowed to receive it, so it is the responsibility of the app to restrict appropriately without necessarily decorating the source resources with security tags. FHIR is an exchange standard, not a standard for access control, rather when you apply access control, only those resources you have access to will be exchanged. Very similar to V2 in that regard.
What does it mean to express access in a standardized way? A: can use the Permission resource to expose the desired behavior, but how that is implemented is up to implementers. SMART speaks a bit about this, recommends OAuth scopes, but doesn't mandate this.
Can use the Permission resource to describe the desired permissions, but again locking down how that is implemented is not in scope for FHIR.
PH wants to know the best way to express permission requirements such that they can be universally implemented. Permission resource might be something to consider, but still requires source systems to implement in their specific way.
Next Steps-- FAST has experience with authorization. Craig will ask someone from FAST to join a WG call.
Vital Records DAM Discussion
Discussed Monday, Q3
Version 4 of the DAM will be retired.
If expired, do not have to go through the balloting process
Next steps-- complete the retirement request
Version 2.6 of birth and fetal death IG
V2s and CDAs have already been retired—didn’t find active implementation
WADOH planning to implement birth defect, recommend start with V2 and birth and fetal death as a reference, not ready for FHIR
Retired IGs are made available for a reference, can search for retired IGs
ISA lists the retired IGs
Next steps-- Craig will make a comment regarding the retired IGs