Scribe: @Suzanne Gonzales-Webb
Approve Meeting Minutes: 2020-07-28 Security WG Agenda/Minutes
Motion to Approve 7/28/2020 WG call
Moved/Second: Suzanne / Mike
Vote - Approve/Abstain/Oppose : 5 / 2 / 0
ISO 21298:2017 “Health informatics – Functional and structural roles” and ISO 22600-2:2014 Appendix A Structural and Functional Roles.
Created 2 tickets:
Clarify agent.type (i.e. what is the agent doing functionally–tied to the workflow context) vs agent.role https://jira.hl7.org/browse/FHIR-28184
Structural role value set should not have functional role codes in it https://jira.hl7.org/browse/FHIR-28185
Learn More About Pediatric Care and Health IT
Webinar Recording: ONC hosted a question and answer session on health IT for pediatric care and settings on June 24, 2020.
Pediatric Health IT in the ONC Cures Rule: In the ONC Cures Act final rule, we outlined our approach to identifying recommendations for the voluntary certification of health IT to support the healthcare of children.
Care Continuum Tip Sheet: This tip sheet briefly outlines our scalable, repeatable approach to help enable collaborative efforts between the healthcare and health IT communities aimed at improving the effectiveness of health IT solutions targeting clinical priorities identified by stakeholders.
Pediatric Health IT Technical Analysis: In preparation for the Cures Act proposed rule, ONC sought input from a wide range of stakeholders and conducted an analysis of technical components and standards within the certification program to support voluntary certification of health IT for pediatric care
HIMSS Granular Segmentation of Privacy to Promote Interoperability meets the first Tuesday of each month, Dial-in info is: https://global.gotomeeting.com/join/767185645 11 am ET
Recommendation 4: Segmented Access to Information
This recommendation addresses the need for privacy of certain services by segmenting information and providing access to specific segments of the record to specific users. If this recommendation is not accomplished, disparities in care may result when information cannot be appropriately protected.
For example, adolescents may be allowed by law or practice to sequester access to information, such as sexual and behavioral health history in their health record. Some jurisdictions require sequestering a child’s record of sexual history or abuse. Sequestering patient-selected information from parental, billing, or insurance communications may be required to protect an adolescent or pediatric patient’s privacy.
This recommendation aligns with the following 2015 Edition Certification Criteria:
Transitions of Care
Security Tags – Summary of Care – Send*
Security Tags – Summary of Care – Receive*
Standardized API for Patient and Population Services*
* See the 21st Century Cures Act Final Rule and ONC guidance for information on effective dates, sunset dates, and other information on the certification criteria impacted by the 2015 Edition Cures Update.
|Privacy & Security Logical Model |
Bernd Blobel will the be attending/speaking at the meeting this week. As he is the author of the 22600 (as well as the overarching 23903 and the 21298) we have the opportunity to get the overview about CompositePolicy Composite Policy directly from him.
Calls are on Wednesdays 1 - 2 ET http://www.hl7.org/concalls/CallDetails.aspx?concall=50666
Meeting ID: 675 407 5337
Phone Number: +1 929-436-2866
Information model update: The new information model will consolidate and harmonize security models across HL7 standards (Access Control, Audit, TF4FA etc.) and (incomplete) updates from FHIM (Consolidated unresolved models). Also included are direct mappings to Access Control, Audit and Authentication (e.g. Class models) mapped to Access Control services.
TSC PSS approval before August 23, 2020
|September WGM Prep|
Planning is underway - See 2020-09 202009 September Virtual Security WGM
We need to decide how many sessions and time slots.
September Connectathon planning is also underway.
Instead of the usual request for meeting room space, this email is asking Co-Chairs to submit the days/times that they’ll meet based on 2-hour time slots via a Doodle Poll (https://www.doodle.com/poll/crgmir8dzh8x7f44). The deadline to submit this information is Friday, August 7th.
Planning on hosting a Joint session?
First, we want to be able to communicate the focus of joint meetings, so we’d like you to add the discussion topic to your Doodle entry as explained below. Also, if possible, schedule them at 10am or 4pm ET.
The HOSTING Work Group Co-Chair(s) own the task of requesting the time in the Doodle poll. Hence, the Co-Chairs of the HOST Work Group should reach out to the Co-Chairs of joining Work Group(s) and determine when they’ll all meet. Once that’s determined, the Co-Chairs of the HOST Work Group will add a separate entry into the Doodle Poll FOR EACH UNIQUE JOINT MEETING that they’ll host, indicated the Work Groups that are joining and the focus of the joint meeting.
Vocab HOSTING: FHIR-I, MnM Topic: FHIR in the V3 World
Vocab HOSTING: SD WG Topic: UTG
FHIR DS4P IG
Review and approve FHIR DS4P IG Out-of-cycle ballot request for 10/20 opening date.
Review Reconciliation Spreadsheets and JIRA Ballot Recon
Missed approval of Reconciliation prior to July 5th Sept NIB due date Security WG Admin
Quorum met - 107 voters, FHIR DS4P IG Ballot Passed
Negatives - missing definitions, which is the result of tooling errors we need to fix, and a general misunderstanding that the FHIR DS4P IG is the basis for profiles for policy specific security label IGs much like the CDA DS4P IG is. Only the profiles are implementable.
If you have any questions about these dates or the process, you can check out the FHIR IG Process Flow on Confluence
|Cross-Paradigm US Regulatory Security Labeling IG|
CUI Program Blog (https://isoo.blogs.archives.gov) NARA is promoting NIEM 5.0 Beta https://niem.github.io/niem-releases/ as the national healthcare standard for conveying CUI https://isoo.blogs.archives.gov/2020/07/02/cui-metadata/
CUI Metadata standard available for review
The CUI Executive Agent has been working with the CUI Advisory Council and the National Information Exchange Model (NIEM) to develop a metadata standard for CUI categories and limited dissemination controls. NIEM is a common vocabulary that enables efficient information exchange across diverse public and private organizations.
FHIR US Regulatory Security Labels Continuous Build - No update in the build
GitHub repo for the source material:https://github.com/HL7/us-security-label-regs
John and Mohammad are committers.
US Regulatory Security Label examples were included in the FHIR DS4P IG. These will be the starter set for the FHIR US Regulatory Security Label IG
|Share with Protections White Paper Project|
Walk through of Share with Protections White Paper; Please note new section added toward the end of the document.
NIB approved and submitted. Document submitted post updates to misspells on figures.
Note: error in ballot listing was 'sharing with protections' but has now been corrected to read 'share with protections'
Motion to Approve SwP submission for Sept Ballot
Submitted for Ballot
CARIN Blue Button Report Out
Nothing to report.
Security is a cosponsor of CARIN Blue Button IG. Calls http://www.hl7.org/concalls/CallDetails.aspx?concall=48592 Monday Mar 2, 2020 - 02:30 PM (Eastern Time, GMT -05) https://leavittpartners.zoom.us/j/461256971 or Dial: 1 646 876 9923 // Meeting ID: 461 256 971
HL7 Policy Advisory Committee (PAC)
PAC's draft HL7 responses to Artificial Intelligence survey from NIST gave good coverage of Privacy/Consent/Security/Integrity/Trustworthiness/Provenance. Several excerpts below:
Governance of AI-enabled systems should respect agreed principles, and in areas such as:
In addition, HL7’s Patient Engagement Work Group points to some helpful transparency practices and evolving AI policy perspectives as detailed in:
Question 4. Data integrity, data reliability, and data validity of AI-enabled systems: What characteristics related to data quality are important for standardization of AI-enabled systems, and for what purposes?
|Notes from CHAT|
Requesting review provide comment / recommend participants review the information (links below)
Scopes for data access - https://chat.fhir.org/login/#narrow/stream/179175-argonaut/topic/Scopes.20for.20data.20access
No additional agenda items brought forward
Meeting adjourned at 1230 Arizona time
|name||NIEM UML Profile.pdf|
|@Adam Wong firstname.lastname@example.org||HHS|
|Amol Vyas email@example.com||Cambia Health|
|Celine Lefebvre Celine.Lefebvre@ama-assn.org||AMA|
|Clara Y. Ren firstname.lastname@example.org||Federal Electronic Health Records Modernization (FEHRM) Office|
Chris Shawn, Co-Chair
|@David Staggs email@example.com||SRS|
|Debra Simmons debrasimmons@|
|Heather McComas firstname.lastname@example.org||AMA|
|Federal Electronic Health Records Modernization (FEHRM) Office|
John Davis (Mike)
John Moehrke Co-Chair
|Julie Chan email@example.com||CWGlobal|
Kathleen Connor Co-Chair
|VA (Book Zurman)|
|Laura Bright firstname.lastname@example.org|
|Laura Hoffman email@example.com||AMA|
|Matthew Reid firstname.lastname@example.org||AMA|
|VA (Book Zurman)|
|Patient Centric Solutions|
@Ricky Sahu, @1up.health
Robert Dieterle email@example.com
|Russ Ott firstname.lastname@example.org||Deloitte|
|Saul Kravitz email@example.com||MITRE|
|Stephen MacVicar firstname.lastname@example.org||MITRE|
|VA (Book Zurman)|
Terrence Cunningham 'Terry'
Patricia A.H. Williams aka Trish
|Vicki Giatzikis email@example.com||NYP|