Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


 Minutes Approval

Review 2019-06-11 Security WG Agenda/Minutes 

Motion to Approve 6/11 Minutes : Suzanne / Mike  Moved/ Second

Objections: none  ; Abstentions: none ; Approve: 9

Montreal WGM Minutes

SEC WGM Minutes (7th May 2019 Wed)

SEC WGM Minutes (8th May 2019 Wed)

SEC WGM Minutes (9th May 2019 Thurs)

Meeting Minutes reviewed with attendees.

Motion to Approve May Montreal Security WGM

Minutes :  Kathleen/JohnM Moved/ Second

Objections:none ; Abstentions: none; Approved: 9


Final TEFCA 2 - HL7 Comments 

 <<link to final approved comments submitted>>

Mike to present on Sharing with Protections paper update

 Sharing with Protections  - Mike

Mike to present on Sharing with Protections

 Sharing with Protections - Mike Review

paper update

Review came out from the TEFCA; 

  • notion is how we might influence ONCE or support oNC ONC efforts in this area.
    • HITEC had dropped support for DS4P which is a blow to our efforsts efforts - this does not address the HITAC decision ddirectlydirectly, it does provide support Sharing for Protections
  • Slide 3 - 
  • Slide 4 - Result of Not-Sharing; a patient safety issue
  • Slide 5 - Share with ProtetctionsProtections
    • HIPAA does not specifically protect the data; creating a liability rather than property model
  • Slide
  • Slide
  • Slide 9 - Result
  • Slide 9 - Requirements: 
    • We don't make policy in HL7, but ONC does.

The paper has mor deteailmore detail; please send comments when convenient and we can drill down more

I see this is as a change in healthcare, what HL7 has put in place.  The chaos... and we can advance this.

comment: (Kathleen) This is concnsue on how youshare you share new policies cross dimentialdimensional;   Vendors could have a nightmare on their hands with differernt policysdifferent policies, declassification happening.  They may have to put in different security req requirements for different customers -that to me is chaos.  This way customers and vendors can come up with a joint policy/vocabulary to relieve that.

--this is the same as Dod DoD policy, wherein we give different access secret, etc.; we .  Sharing w protections provides a way to persist these protections where everyone can understand and deal with the information.

Comment: maybe you can add a snippet of this information to your paper, using the update of TEFCA. 

Sharing with Protections 

Sharing with Protections presentation

 July Harmonization

Initial Harmonization Proposal Submissions - Kathleen

Harmonization Proposals
PSAF Provenance

 Update from Mike Davis - (no updates this week)

  • Major updates
  • Plan is to ballot Provenance as Informative; if this ballot goes well we will move on to balloting as a Normative DAM

FHIR Security

FHIR Security Call updates.

Note that John Moehrke will be OOF next week.


Need PSS approval for FHIR DS4P and DS4P CDA IG update

FHIR DS4P IG PSS (Kathleen) - Review of updated draft per 2019-05-28 FHIR-Security Meeting Minutes comments below.

Outreach to current and prospective implementers and potential Connectathon testing concluded.  VA, Perspecta, MiHIN, PatientLink added for both categories.

Report out of discussion with CBCP WG at 6/4 meeting.

Check that the DRAFT PSS comments have been adequately addressed: 

  • add incremental development goal schedule (due to resource shortage); in January WGM we can begin to parse out the details
  • fix V3 Data types (to 'NO')
  • add to Content Already Developed 'CDA'
  • clarify work is scope x and
  • deliverable: how to parse the project to resource availability (low hanging fruit first)
  • per Mike: suggests removing word 'policy wherever it occurs' (suggestion under further discussion)

Mike is proposing a sub-working group, to deliver information to send out for support


Motion:  Kathleen/ Suzanne

Abstention: 1 (Mike, Julie Maas, JohnM); Objections: None; Approved: 6;

Action Item: Develop DS4P CDA IG revision PSS - Kathleen to do

Basic Provenance

Next call is June 17th - Good progress made. Refined Brett's Provenance Author Participation template for C-CDA. Decision made to include it in the Summer out of cycle C-CDA Companion Guide to get community feedback. 

Plan from Monday's call is that Brett is to meet with FHIR Security to check whether the data elements in the proposed C-CDA Provenance Author Participation template is fully supported by FHIR Provenance. Brett is working on Argonaut/US Core Basic Provenance profile. The Basic Provenance IG will point to the C-CDA Provenance Author Participation template and to the FHIR Basic Provenance profile with discussion on the use cases and how these decisions were arrived at.

WG needs to review and approve Basic Provenance NIB for September.

NIB screen shown; Review of NIB

  • original changed to Basic Provenance for C-Cda and HIR to be consistent with how we've been call the project all along.
  • informative ballot
  • security as sponsoring WG, additiona co-sponsors also checked

  • we need to comply with the CDA schema; with an action item to check in with FHIR Security so that it supports FHIR Provenance resource so that if Argonaut/basic provenance profile will still work
  • COMMENT: previously approved by FHIR management group.  WE can ask them to attend our fhir security call to make sure its mapped correctly (as a check mark) 

Kathleen moves to have approvated / Brett second

VOTE: Abstentions: none; OBjectsions: none; Approved: 9 

Kathleen will submit; Brett sending information to Kathleen.

Basic Provenance Project

Basic Provenance 2019-06-03

HL7 CDA R2 Data Provenance

 Different bet Provenance and Lineage

Provenance is 'like what we're doing w basic provenance' pure creation...

anything after that is lineage—whatever happens to that initial thing after provenance.

what healthcare people think of provenance is 'both'  the difference would be whether you chain them

MIke would like to view basic provenance is our 'painting' and once sold, the tracking, etc is 'lineage'

JohnM in healthcare - doesn't believe there is any distinction of purely provenance or lineage. It's just a form distinction. basic provenace is spoke of very early on.  'where did I get this information from...?' which ay not be the original painter but the museum... JohM believes in trying to fit them in the hybrids definitions --doenst really fit; I don't disagree with it–just in medical records it seems that way... they just want to know 'why I should trust this information... fromt he author or whomever...why should I trust that informatin/data...'

MikeD - thank you - just want to establish some foundational defitnions.

AdjournmentMeeting adjourned  Arizona time 1259 (Kathleen moved, John seconded)

Temporary Meeting link: