Confluence will be upgraded on October 20th, 2020 beginning at 6 AM EST. Estimated downtime is 2 hrs. Please email webmaster@hl7.org with any questions.

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

 Minutes Approval

Review

2019-10-01 Security WG Agenda/Minutes

Motion to Approve with amendment to update # of approval 10/1 Minutes :   (

Moved:  Suzanne  Second: Mike

Objections: 0  Abstentions: 0; Approve: unanimous (#)

 WGM Minutes approvalThursday September 19 

Motion:  Kathleen  Second: Suzanne

Abstentions: none, Opposed: none; Approve: unanimous (#)

WGM Report out

Kathleen - Draft WGM Minutes - in process.  Should be ready for next call.

2019-09 Sept Security WGM Agenda/Minutes

16 SEP 2019 SEC WGM Minutes

17 SEP 2019 SEC WGM Minutes

18 SEP 2019 SEC WGM Minutes

VOTE: pushed to next week

Share with Protections

Mike Davis Update on SwP Part 1 and Part 2 (to be presented Drafts).  Recommend FHIR IG PSS for SwP. 

Three Parts:

  1. Version 1 is fairly refined (12 slides), higher level
  2. (in oven); expands on part 1 (which is conceptual)
  3. SAMHSA Omnibus Care Plan coordination system incorporated into SwP (Mike to send Omnibus

This shoushould close out the work on SwP

PROPOSAL: Create a FHIR IG.  (workgroup vote )

There are folks who wanted to see this as a paper first.  Mike has transitioned to a PPT format.  Either way the WG needs to vote on the material

This could fit as a nice IG for protecting Privacy in FHIR - we should seriously think of having many IGs that cover different needs–this may be the next one to go on the shelf next to SMARTonFHIR.  There is some use to doing an IG that whittles down the huge HCS vocab to a handful of them, giving each policy criteria when sing the IG. (per JohnM) - this is something actionalble

this is what is on DS4P - on what a client or recipei


Slide decks and Sharing with Protections paper are available on Security WG Confluence site
Basic Provenance Block VoteBrett Marquard and Russ Ott
(SP) 800-207, Zero Trust Architecture

Mike Davis: Should HL7  Sec WG provide comments on NIST Zero Trust Architecture relevant to standards work?  Reference HL7’s PSAF Vol 1 with links to relevant sections such as Fig 7, 9, 12, 18 etc.


PSAF Provenance Volume 3 Ballot Reconciliation

Mike to propose setting up a separate call for PSAF Provenance ballot reconciliation.


FHIR SecurityJohn Moehrke.  Note the call time has moved to 1PM ET, which is the hour after the CBCP calls.
42 CFR Part 2

42 CPR Part 2 NPRMs  - Kathleen:  Comments still in process.  Feedback on draft section below, second paragraph?

Limitations on Patient Data Consent - In a number of sections, including for example on pages 24 and 25 of the proposed rule, limitations on the characteristics of those to whom a patient consents to have their data sent are discussed. Entities that might be any of the following: covered by HIPAA; covered by The Common Rule; covered by FDA regulations; somehow identified as capable of doing scientific research; and any of these involving a specifically named person or entity; etc. How the part 2 EHR system is supposed to identify these characteristics of a target system  could be clarified by referencing standards that support conveying those characteristics.

If the consent is electronically encoded with HL7 standards using CDA or FHIR, then the consent could indicate the purpose of use (codes – e.g., HIPAA Authorization for Research Disclosure or Common Rule for FDA) for which a recipient is permitted to access this information either by query or by a pushed transaction. The recipient could declare the same purpose of use code in their requests or in the credentials used to determine that the recipient is authorized using SAML or scope in a Smart on FHIR authorization request.  In order for the information to be released, the EHR would compare the purpose of use codes on the information governed by the Part 2 consent with the purpose of use codes asserted or known to apply to the requester, and permit access only where there’s a match. HL7 stands ready to provide more detailed technical information about guidance that SAMHSA could develop for the industry on how to implement this policy goal.

Direct Links to 42 CFR Part 2 Proposed Rules on the “Confidentiality of Substance Use Disorder Patient Records 

http://bit.ly/2MIJ3e8

http://bit.ly/329doGq

NIH RFI: HL7 FHIR Interoperability Resources for Capturing and Sharing Clinical Data for Research Purposes

https://grants.nih.gov/grants/guide/notice-files/NOT-OD-19-150.html

Federal Health IT Strategic Plan

Mike Davis Should HL7 security comment on Federal Health IT Strategic Plan –

    • Individuals perform on their own some of the activities that traditionally occur only in formal health care settings (e.g., monitoring blood pressure, tracking body mass index). An increasing number of individuals want the ability to use technology to track and improve upon their health goals, and want technology to be helpful and easy to use.
    • How does HL7 support objective 4b?
Need links.
SequoiaMike - Sequoia discussions
FHIR Privacy and Security Considerations

FHIR DS4P Privacy and Security Considerations - Summary of discussions at the WGM about the relationship of a FHIR Right of Access Directive and FHIR Security Labeling.


AdjournmentMeeting adjourned at 1247 Arizona Time (Kathleen) 

Temporary Meeting Recording:https://fccdl.in/ZuV7Kjc8s5


...

  •   

John Moehrke Co-Chair

By-Light
  •   
HL7 Austria
  •   

Kathleen Connor  Co-Chair

VA (Book Zurman)
  •   
@Trish Williams Co-ChairFlinders University
  •   

Chris Shawn, Co-Chair

VA
  •   

John Davis (Mike)

VA
  •   
SRS
  •   
ONC
  •   
Aegis
  •   

  •   
Sequoia
  •   
Julie Chan jchan@cwglobalconsult.comHL7 FHIR
  •   
VA (Book Zurman)
  •   
Kaiser
  •   
VA (Book Zurman)
  •   
@Adam Wong adam.wong@hhs.govHHS
  •   
Phillips
  •   

@Ricky Sahu, @1up.health  

1up Health
  •   
Wave One
  •   


  •   
EMR Direct
  •   
Laura Bright laurabright4@gmail.com
  •   
Sequoia
  •   
Jim KamperAltarum
  •   
 PJM Consulting
  •   
 @David Staggs drs@securityrs.comSRS 
  •   
 Ready Computing
  •   
Terence Cunningham terence.cunningham@ama-assn.org (Terry) AMA
  •   
Trustworthy EHR 
  •   
Laura Hoffman laura.hoffman@ama-assn.orgAMA

Heather McComas heather.mccomas@ama-assn.org AMA 
  •   
Matthrew Reid matt.reid@ama-assn.orgAMA




  •  
Julie MaasEMR Direct