Motion to Approve with amendment to update # of approval 10/1 Minutes : (
Moved: Suzanne Second: Mike
Objections: 0 Abstentions: 0; Approve: unanimous (#)
|WGM Minutes approval||Thursday September 19|
Motion: Kathleen Second: Suzanne
Abstentions: none, Opposed: none; Approve: unanimous (#)
|WGM Report out|
Kathleen - Draft WGM Minutes - in process. Should be ready for next call.
|VOTE: pushed to next week|
Share with Protections
Mike Davis Update on SwP Part 1 and Part 2 (to be presented Drafts). Recommend FHIR IG PSS for SwP.
This shoushould close out the work on SwP
PROPOSAL: Create a FHIR IG. (workgroup vote )
There are folks who wanted to see this as a paper first. Mike has transitioned to a PPT format. Either way the WG needs to vote on the material
This could fit as a nice IG for protecting Privacy in FHIR - we should seriously think of having many IGs that cover different needs–this may be the next one to go on the shelf next to SMARTonFHIR. There is some use to doing an IG that whittles down the huge HCS vocab to a handful of them, giving each policy criteria when sing the IG. (per JohnM) - this is something actionalble
this is what is on DS4P - on what a client or recipei
|Basic Provenance Block Vote||Brett Marquard and Russ Ott|
|(SP) 800-207, Zero Trust Architecture|
Mike Davis: Should HL7 Sec WG provide comments on NIST Zero Trust Architecture relevant to standards work? Reference HL7’s PSAF Vol 1 with links to relevant sections such as Fig 7, 9, 12, 18 etc.
|PSAF Provenance Volume 3 Ballot Reconciliation|
Mike to propose setting up a separate call for PSAF Provenance ballot reconciliation.
|FHIR Security||John Moehrke. Note the call time has moved to 1PM ET, which is the hour after the CBCP calls.|
|42 CFR Part 2|
42 CPR Part 2 NPRMs - Kathleen: Comments still in process. Feedback on draft section below, second paragraph?
Limitations on Patient Data Consent - In a number of sections, including for example on pages 24 and 25 of the proposed rule, limitations on the characteristics of those to whom a patient consents to have their data sent are discussed. Entities that might be any of the following: covered by HIPAA; covered by The Common Rule; covered by FDA regulations; somehow identified as capable of doing scientific research; and any of these involving a specifically named person or entity; etc. How the part 2 EHR system is supposed to identify these characteristics of a target system could be clarified by referencing standards that support conveying those characteristics.
If the consent is electronically encoded with HL7 standards using CDA or FHIR, then the consent could indicate the purpose of use (codes – e.g., HIPAA Authorization for Research Disclosure or Common Rule for FDA) for which a recipient is permitted to access this information either by query or by a pushed transaction. The recipient could declare the same purpose of use code in their requests or in the credentials used to determine that the recipient is authorized using SAML or scope in a Smart on FHIR authorization request. In order for the information to be released, the EHR would compare the purpose of use codes on the information governed by the Part 2 consent with the purpose of use codes asserted or known to apply to the requester, and permit access only where there’s a match. HL7 stands ready to provide more detailed technical information about guidance that SAMHSA could develop for the industry on how to implement this policy goal.
Direct Links to 42 CFR Part 2 Proposed Rules on the “Confidentiality of Substance Use Disorder Patient Records
NIH RFI: HL7 FHIR Interoperability Resources for Capturing and Sharing Clinical Data for Research Purposes
|Federal Health IT Strategic Plan|
Mike Davis Should HL7 security comment on Federal Health IT Strategic Plan –
|Sequoia||Mike - Sequoia discussions|
|FHIR Privacy and Security Considerations|
FHIR DS4P Privacy and Security Considerations - Summary of discussions at the WGM about the relationship of a FHIR Right of Access Directive and FHIR Security Labeling.
|Adjournment||Meeting adjourned at 1247 Arizona Time (Kathleen)|
Temporary Meeting Recording:https://fccdl.in/ZuV7Kjc8s5
John Moehrke Co-Chair
Kathleen Connor Co-Chair
|VA (Book Zurman)||@Trish Williams Co-Chair||Flinders University|
Chris Shawn, Co-Chair
John Davis (Mike)
|Sequoia||Julie Chan firstname.lastname@example.org||HL7 FHIR|
|VA (Book Zurman)||Kaiser|
|VA (Book Zurman)||@Adam Wong email@example.com||HHS|
@Ricky Sahu, @1up.health
|EMR Direct||Laura Bright firstname.lastname@example.org|
|PJM Consulting||@David Staggs email@example.com||SRS|
|Ready Computing||Terence Cunningham firstname.lastname@example.org (Terry)||AMA|
|Trustworthy EHR||Laura Hoffman email@example.com||AMA|
|Heather McComas firstname.lastname@example.org||AMA||Matthrew Reid email@example.com||AMA|
|Julie Maas||EMR Direct|