Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Agenda Item

Meeting Minutes from Discussion

Decision Link(if not child)
Minutes Approval

2019-08-06 CBCP Meeting Agenda/Minutes

VOTE: (motion to approve as written) :  KenS/CraigN

Abstain: 0 / Opposed: 0/  Approve:  15

 Minutes Approval 2019-08-13 CBCP Meeting Agenda/Minutes

VOTE: (motion to approve as written): GregW / Craig N (with correction)

Abstain:  / Opposed:  / Approve:  15

 New 42 CFR 2 Proposal Announced

 Par 2 - two new NPRMs

Secretary of HHS announced proposed changes  to regulation 

Please review, PAC is looking for comments.  

  • is there a time limit for returning comments?  90-days for publication - PAC needs earlier to compile and review before submitting.

Add to next week's agenda and also the WGM Agenda

  • There are a number of hot buttons in the updates
    • Seemed to be very closely held in the agency; neither Jim or Ken were a part of the process
    • Jim has read through the first half - so far they strike him as limited in terms of understanding what the issues are i.e. there is a still a disclosed record must be with a written record---
      • this item can be supported by FHIR - we can tell the system to display that
  • reference to consent to share - this is something has never been balloted
    • they need some updating ...on that section; concern is not that the labeling could nto deal with the various noties; but the autoris do not have an understanding of what needs to move where
    • Jim does not remembering seeing (yet) that is terribly new or different; there issome peculiarities in a attempt to make things more cprovide clarity to HIPAA there is a discussion of prologue to the rules  (check recording)
      • they still carve out
      • one example (surprising) was the election efforts for payment are implecitiy incuded for disclosure without consent - if someone has access to a methadone clincie, the credit reporting services will also have that information and the 'cat is out of the bag'  found this bewildering (mental health clinic)
        • believe this is a davinci issue - we want to be abe to push 'full disclosure' - they want to have eah various providers to become individual HIEs
        • they do not licenses to practice medicine, but they want to spread the information around
        • there are some vagaries that we do not understand—clipping much of privacy parts, 
        • PAC - Jim is on; does nto have a lot of freedom of action on that range
  • asking trhe WG to take a look and disucss for next week - it still requires consent for a lot of activities, data segemenation but it opens up channels of substance abuse organizations;
    • Jim will have the sec


View file
namePart 2 Confidentiality of SUD Records 2 Align with HIPAA.pdf
View file
namePart 2 Confidentiality of SUD records 2019-17816.pdf

Share with Protections (Response to HITAC) - Mike Davis

(no update) Meeting set-up TBD (Mike not on) Mike is starting the PSS for this project

"Share with Protections"

      • PSS update
  • there is a document that Mike is producing, available to review; its the basis for the PSS - 
  • Mike has not worked on the PSS


Review of attached document (latest version as of 8/27/2019)

  • pgs 9-10 'the bad'
  • Use Case 2: Share with Protections; intended to optimize sharing in the best interest of the patient and/or society.  This requires tha tprotectiosn themselves are enduring...
    • Table 2 - Share with Protections "Truth Table"
      • Shareing by default with the lablels (patients know this)

Questions: This is intended to be a hwite paper that is disucfssion a specific US Use case in th eohopes that it covers some solution -

  • focusued (Mike) on the notion that ONC has proposed the with TEFCA that informaton blocking in any form is a 'bad thing' .  wthi that presumption, the idea here is to make the information liquid and accfessable.  artner quote:  "The tenuous balance bet protections, privacy, security, acces.....     "  which is where he is gong with this
  • to note (JohnM) this is going ounter to x by design.
  • mike - its an analysis
  • john m need to firuge out the so what message is -
    • similar to the GDPR where HL7 could act on the gaps; that could be soething that is actionable through HL7?
    • mike 0 the intent is to say that patients can opt out but its not in their best interst with data sharing - because providers need the information.  there are so many holes; with respect to 42CFR and DaVicni, the whole notion that we have privacy is dillusionals.  the idea is to protect the information, and access it only if you have credentials to access it.  To optimize the use of the information we share it, but we share it with protegtions - we are honoring the recipient ....
    • we need to come up with an HL7 as a mechanish that can support HL7 in sharing with protections
      • theer is osme agareemnt in place where the recipient will honor the lables.  the possiblities of leverages the provenance... as described in PSAF spec and say perhaps tdisclosure woudl be recording as provenance in some discoverable store, that indicated whtere security labels had been changes.  this way the recipeient can see if lables had been honored.... we nened to start thinking how our tools can be osmething patients can actually embrace
      • mike is open to that -yhou're sayhing is …" we have the analysis now... what's the next step - ? 
    • kathlen 0  the part that is most valuable is that information can be shared with protecgtions; balancing the cost tracking consent, whethere they are honoring the lablels... 
    • mike - several objs to this approach - which is why we have SLS (external) we have standards in place to support.  we need to draw on thaese to propose how this might work.  not sure your provenances supports sharing
    • kathleen - the provancne resource can record things like classification; if someone were to change lables and it was a mandatory req for changes made to the record....then its okay to upgrade classifications; but it is not okay to.... changes would be recorded somewhere that ...     enforcemnt 

recommendations: working session - separate from this meeting for people to review and comment on the document

  • mike to set up a meeting to review/comment
  • kathleen - we will be revisiting this on the security call; 
    • john is right... we need the 'so what'

Share with Protections Document (latest version)

View file
nameDS4P_Share with Protections 2019 0826 r1.docx


 eLTSS FHIR IG Project - Becky, Johnathan

Completing comments; reviewing for duplicates

  •  working on final updates to the IG/FHIR IG
    • a few more milestones passed; approval from FMG for publication and has moved to TSC (eVote)
  • weekly calls - Tuesday, 2PM ET; (prep for Connectathon)

--reconciliation is uploaded on the website, 

link to IG:

 eLTSS Use Case - Craig (15-20 min)

Discussion:  Next steps for Connectathon track

  • No changes in the use cases - three groups participating in connectathon
  • Craig from Altarum and a group from LTCI are meeting weekly are working toward the Atlanta Connectathon supporting eLTSS IG, pulling in pieces from care track.
  • A possible separate testing may be introduced so as not to interfere with the current use case

Nothing needed from WG at this time

 Provenance DAM - Mike Davis

Approx 150 balloters signed up / no votes yet

Content due 8/4 (Sunday) , Normative ballot

PSAF Package, including Final Provenance Content submitted to HL7 office on Saturday 8/3 (PDF and word versions)

Out for ballot - this version is significantly improved from first version.  encourage everyone to look at it and provide comment.  this doc is intended to put the scientific viewpoint on Provenance.  its not an implementation but based on work that is out there. its inteted to give structure to other HL7 work in this area


  • Consensus pool for September ballot is out, please sign up to review and vote
  • working on completing sections of the document

 DS4P FHIR IG - Kathleen Connor

Approved.  on agenda for 8/20Security WG meeting.

Resources, additional logistics in process.  

How to answer questions from DaVinci - additional questions to be answered - due to kick off in January.

Update: Approved, start date is in January for September balloting.  Low hanging fruit to start, staring with security labels to describe how to do data segmentation in FHIR

  • add topic for joint session (Security/CBCP)

Update (question) Approval from FMG and will go to e-vote from TSC - completed

PSS Approved 6/4/2019: FHIR Data Segmentation for Privacy (DS4P) Implementation Guide IG PSS (by Steering Division)

 September 2019 WGM

Suzanne, Kathleen to collaborate on MON Q3/Q4 and other Security/CBCP joint sessions at a future date

No additional agenda items added to 2019 September WGM at this time.

  • 42 CFR update... 

  • Low hanging fruit to start, staring with security labels to describe how to do data segmentation in FHIR

    • add topic for joint session (Security/CBCP)

Additional Agenda Items

If you are interested in becoming a FHIR IG Author - Dave will send you the link to attend (SEND HIM AN e-mail!)

  • Cost to attend?  It's FREE (ONC Sponsored)
  • Course is a day and a half (Wednesday/Thursday)
  • Curriculum is still being put together

Background intent is to have a pool of people to write FHIR IGs

LINK: Please e-mail David Pyke if you would like to register for this course (

 concern for additional participation from CBCP to discuss on how to have a united front on Security and privacy in regard to i.e. DaVinci

Announcement : interoperability standards advisory  (ISA)

Deadline for comment is September 23, 2019 1150 ET ISA Comments

  • let them know DS4P FHIR IG project is underway
    • is on Security Agenda; so that we can bring input to PAC comments
<add links>> 
Carin has published BlueButton FHIR IG 'self-attestation' to privacy and security requirements

 Carin has published a blue button IG; 

  • noted that they have federation project on their 
    • recommend invite author to CBCP/Security - discuss their privacy/security considerations 
    • Author:  Amol Vyas (Cambia Health)

Suggest that Security and CBCP WGs monitor Carin BlueButton FHIR IG "self-attestation" to privacy and security requirements, and seek collaboration on attestation criteria.
Note that "Consent Federation" is a project on their roadmap. Suggest that we invite Amol Vyas, Cambria Health, to Security/CBCP call.

Amol Vyas

FHIR Consent

Next Thursday at 2PM ET is next attempt for comment resolution 

  • some open topics; new examples uploaded
  • met with patient care to talk about the use case for FHIR consent

have revised all the examples to fit the model

other changes to the documentation with minor changes; need to vet the changes before bringing forward to the WG

 Additional agenda Items?None brought forward 
Adjournment Meeting adjourned at 0958 Arizona TimeTemporary Meeting Recording: