Approve Meeting Minutes:
Motion to Approve Meeting minutes as written
Moved/Second: Beth / Mohammad
Vote - Approve/Abstain/Oppose : (7) approved by consensus
|PSAF Provenance Errata|
Review and approve Errata Letter for CTO Consideration
QA of final ANSI publication submittal missed that Volume 3 Provenance DAM did not include the Contributor Table.
We are requesting an errata version. May not be possible because ANSI has already approved it.
Mike's alternative: wants to claim an author name on HL7 formal letterhead (not to add as an ANSI change)
Security WG members who want to vote on these UTG proposals need to sign up to vote. See: Vocabulary Maintenance at HL7
UTG Consensus Review
Anyone wishing to participate in the Consensus Review of proposals in flight is welcome to participate. No tooling is required to participate - if you want to be a reviewer/voter on vocabulary change proposals and you are not one already, click this link below:
11/10 Mohammad already rebased this, and pushed new commit to Bitbucket repo. Should be a timely way to do this - needs to be reviewed and approved by harmonization process so that we don't have to continually redo. Also, Security members who have asked to be reviewers have not been responded to. We will ask that someone from UTG join Security to help us progress our proposals.
|Privacy & Security Logical Data Model |
Review and approve P&S Logical Model draft NIB submitted without suffix "Cross-Paradigm" after TSC review.2020-11-11 Privacy and Security Logical Data Model meeting did not meet quorum.
Please review and send Mike comments on V3 Logical Model Draft 1116.docx
Meeting scheduled for document and model review
Information model update: The new information model will consolidate and harmonize security models across HL7 standards (Access Control, Audit, TF4FA etc.) and (incomplete) updates from FHIM (Consolidated unresolved models). Also included are direct mappings to Access Control, Audit and Authentication (e.g. Class models) mapped to Access Control services.
TSC PSS approval before August 23, 2020
|DPROV CDA IG|
Update on CBCP transitioning sponsorship to Security.
Next steps: STU extension request listing emerging use cases, and possible sponsors for preparing DPROV CDA IG http://www.hl7.org/implement/standards/product_brief.cfm?product_id=420 for normative ballot
|SOA Consent Management Service|
This project is co-sponsored by Security and CBCP.
The project's model has progressed and is impressive.
However, some of the underlying analysis of policy and consent differ to some extent with Security foundational standards. See PolicyVsConsent.docx
MIke reviewed and commented - see attached.
SOA invites Security to join 7 pm ET call Nov 5
Join Zoom Meeting
Phone Number: +1 770-657-9270
FHIR DS4P IG
<ADD MOTION> made by Jeff: Security labeling reduces information blocking when used properly. Data holder can share more information by accurately labeling information that should not be shared. This allows for less sensitive information to be shared according to is associated security labeling. The net result is more information shared, along with the ability to defend why sensitive information is not being shared.
BLOCK: 1-22 Motion to approve as presented (Suzanne / Mike )
VOTE: abstain/opposed Motion passes (7)
Postponed early January ballot until regular January ballot cycle.
Review and approve FHIR DS4P IG Out-of-cycle ballot request for 10/20 opening date.
Carmela A. Couderc block - continue review
Review Reconciliation Spreadsheets and JIRA Ballot Recon
Missed approval of Reconciliation prior to July 5th Sept NIB due date Security WG Admin
Quorum met - 107 voters, FHIR DS4P IG Ballot Passed
Negatives - missing definitions, which is the result of tooling errors we need to fix, and a general misunderstanding that the FHIR DS4P IG is the basis for profiles for policy specific security label IGs much like the CDA DS4P IG is. Only the profiles are implementable.
If you have any questions about these dates or the process, you can check out the FHIR IG Process Flow on Confluence
RE "Data tagging is not always sufficient; in some instances data should not be sent at all."
We agree that data tagging is not sufficient if the governing policy requires that certain tagged data not be disclosed.
However, data tagging is necessary for filtering on data, which is not disclosed fully as how security labels are used by Access Control Systems is somewhat out of scope.
As is, the use cases do not adequately describe that access control will still need to be performed on specific requests even where the requester's capability statement indicate that the requester can consume, persist, and enforce labels.
We will discuss how security labels are used in Access Control Systems briefly in the Use Cases http://hl7.org/fhir/uv/security-label-ds4p/2020May/background.html#use-cases and reference other HL7 standards that are more focused on this aspect of data segmentation.
That said, this IG is policy agnostic and conceptual. Requirements for the policy specific use cases listed in this comment could be profiled for various policy specific use cases.
WG discussed need to continue to emphasize that security labeling enables maximum sharing to avoid information blocking.
|Cross-Paradigm US Regulatory Security Labeling IG|
Postponed early January ballot until regular January ballot cycle.
Previously approved NIB already submitted.
JIRA tickets filed for acceptance of new UTG values/data; motion next week when we bring information forward on the value sets.
New CUI Notice 2020-06 RE CUI Marking Waivers with e.g., splash screens, seems to be limited to internal CUI use.
FHIR US Regulatory Security Labels Continuous Build - No update in the build
GitHub repo for the source material:https://github.com/HL7/us-security-label-regs
John and Mohammad are committers.
US Regulatory Security Label examples were included in the FHIR DS4P IG. These will be the starter set for the FHIR US Regulatory Security Label IG
Share with Protections White Paper Project
Worked on ballot recon with Beth for KP comments. Ready for review.
Progress on ISD approval of Project for Reaffirmation of Normative Healthcare (Security and Privacy) Access Control Catalog, Release 3
Kathleen moved for Security. Need a second, 3 days of discussion, and then the vote.
With the move of the WGM schedule dates to start virtually on January 25, the ballot cycle and content deadline dates have also changed.
Nov 8: Next Sunday is the Notification of Intent to Ballot (NIB) deadline – Now November 8th (Ballot minus 6 weeks)
Nov 17: FHIR Connectathon proposals due– (The Connectathon dates did NOT change)
Nov 29: Reconciliation deadline for ballot items having previously balloted – (Ballot -3 weeks)
Dec 13: Final content deadline
Dec 18: Ballot opens
Dec 27: Deadline for TSC approval of PSS for 2021MAY cycle
The on-line Notification of Intent to Ballot form (off of the TSC Utilities page) is available at: http://www.hl7.org/special/committees/tsc/ballotmanagement/index.cfm.
All Calendars for this cycle are available on the new Confluence Calendars page at:
|ONC FAST||Next Steps report out.|
|Notes from CHAT|
Requesting review provide comment / recommend participants review the information (links below)
Scopes for data access - https://chat.fhir.org/login/#narrow/stream/179175-argonaut/topic/Scopes.20for.20data.20access
Confluence and JIRA Tutorials
No additional agenda items brought forward
Meeting adjourned at 1350 Arizona time