Skip to end of metadata
Go to start of metadata

Chair:  @Chris Shawn

Scribe: @Suzanne Gonzales-Webb 

Weekly calls Tuesdays 3PM ET

FreeConferenceCall Online Meeting Link https://www.freeconferencecall.com/join/security36

Dial-in Number (United States): (515) 604-9567 Access Code: 880898#

Agenda Topics 

 Minutes Approval

Review 2019-06-04 Security Meeting Agenda 

Motion to Approve 6/4 Minutes :  Moved Mike/ Second Kathleen

Objections  0; Abstentions: 0 ; Approve: 9

Montreal WGM Minutes

SEC WGM Minutes (7th May 2019 Wed)

SEC WGM Minutes (8th May 2019 Wed)

SEC WGM Minutes (9th May 2019 Thurs)

Motion to Approve May Montreal Security WGM

Minutes :  Moved/ Second

Objections: ; Abstentions: ; Approved

 ONC/CMS NPRM

TEFCA 2 Security Comments


---

Kathleen will update changes as discussed during call - drop dead time for comments is early AM 6/12


 July Harmonization

There has been discussion on FHIR chat regarding use of confidentiality codes - wherein you have a total order, that you need to be explicit of fact (free range) of not overlapping concepts

  • Kathleen recommends some clean up and reorg of current concepts so as to clarify the normal, restrictive and very restrictive concepts
    • working with Mohammad and John; to come up with clearer guidance on security guidance
      • page created: with added definitions (clear definitions) with range of each
      • added discussion on how they are delineated and how they differentiated by sensitivity
        • descriptive use cases added for each

Kathleen would like peer review and feedback 

  • see also Pregnancy Sensitivy code (bottom of cell)


requesting approval of initial approval (Kathleen / Suzanne)

abstentions: none; objections: 1 (Mike) ; approval:  



---

Harmonization Proposals to be discussed on 6/11 with initial submission due date finalized at the 2019MAY WGM is 2019-06-14, midnight Eastern

Proposals:

Refine HL7 Confidentiality Code Definitions  to support implementer use of Confidentiality codes as a total ordered set with subsumption. 

See discussion - Confidentiality CodesSecurity Labels

CODE SYSTEM: Confidentiality

LEAF CONCEPT: U (unrestricted)

Description:

Privacy metadata indicating that no level of protection is required to safeguard healthcare information that has been disclosed by an authorized individual with few or no restrictions on its use.

Usage Note:

Confidentiality code total order hierarchy: Unrestricted (U) is less protective than V,R, N, M, and L, and is the lowest protection levels.

The authorization to collect, access, use, and disclose this information may be stipulated contractually between the data subject and a data user (e.g., via terms of service or data user privacy policies.)

This metadata indicates that the receiver has no obligation to consider additional policies when making access control decisions.

Examples: Includes publicly available information, e.g., business name, phone, email or physical address.

LEAF CONCEPT: L (low)

Description:

Privacy metadata indicating that a low level of protection is required to safeguard healthcare information, which has been altered in such a way as to minimize the need for confidentiality protections with some residual risks associated with re-linking. The risk of harm to an individual's reputation and sense of privacy if disclosed without authorization is considered negligible, and mitigations are in place to address reidentification risk.

Usage Note:

The level of protection afforded anonymized and pseudonymized, and non-personally identifiable information (e.g., a limited data set) is dictated by privacy policies and data use agreements intended to engender trust that health information can be used and disclosed with little or no risk of re-identification.

Confidentiality code total order hierarchy: Low (L) is less protective than V,R, N, and M, and subsumes U.

LEAF CONCEPT: M (moderate)

Description:

Privacy metadata indicating the level of protection required to safeguard healthcare information, which if disclosed without authorization, would present a moderate risk of harm to an individual's reputation and sense of privacy.

Usage Note:

The level of protection afforded moderately confidential information is dictated by privacy policies intended to engender trust in a service provider. 

Privacy policies mandating moderate levels of protection preempt less protective privacy policies.  "Moderate" confidentiality policies differ from and would be preempted by the prevailing privacy policies mandating normative level of protection for information used in the delivery and management of healthcare.

Confidentiality code total order hierarchy: Moderate (M) is less protective than V, R, and N, and subsumes all other protection levels, i.e. L and U.

Examples: Includes health information that a patient authorizes to be collected, accessed, used or disclosed to a bank for a health credit card or savings account; to health oversight authorities; to worker compensation, disability, property and casualty or life insurers; and to personal health record systems, consumer controlled devices, social media accounts and online apps; or for marketing purposes.

LEAF CONCEPT: N (normal)

Description:

Privacy metadata indicating the level of protection required to safeguard healthcare information, which if disclosed without authorization, would present a considerable risk of harm to an individual's reputation and sense of privacy.

Usage Note:

The level of protection afforded normatively confidential information is dictated by the prevailing normative privacy policies, intended to engender patient trust in their healthcare providers.

Privacy policies mandating normative levels of protection preempt less protective privacy policies when the information is used in the delivery and management of healthcare. May be pre-empted by jurisdictional law, e.g., for public health reporting or emergency treatment.

Confidentiality code total order hierarchy: Restricted (R) is less protective than V, and subsumes all other protection levels, i.e. N,M, L, and U.

Examples: In the US, this includes what HIPAA identifies as the minimum necessary protected health information (PHI) given a covered purpose of use (treatment, payment, or operations).

LEAF CONCEPT: R (restricted)

Description:

Privacy metadata indicating the level of protection required to safeguard potentially stigmatizing information, which if disclosed without authorization, would present a high risk of harm to an individual's reputation and sense of privacy.

Usage Note:

The level of protection afforded restricted confidential information is dictated by specially protective privacy policies intended to engender patient trust in providers of sensitive services.

Privacy policies mandating additional  levels of protection by restricting information access preempt less protective privacy policies when the information is used in the delivery and management of healthcare. May be pre-empted by jurisdictional law, e.g., for public health reporting or emergency treatment.

Confidentiality code total order hierarchy: Restricted (R) is less protective than V, and subsumes all other protection levels, i.e. N,M, L, and U.

Examples: Includes information that is additionally protected such as sensitive conditions mental health, HIV, substance abuse, domestic violence, child abuse, genetic disease, and reproductive health; or sensitive demographic information such as a patient's standing as an employee or a celebrity. May be used to indicate proprietary or classified information that is not related to an individual, e.g., secret ingredients in a therapeutic substance; or the name of a manufacturer.

LEAF CONCEPT: V (very restricted)

Description:

Privacy metadata indicating the level of protection required under atypical circumstances to safeguard potentially damaging or harmful information, which if disclosed without authorization, would (1) present an extremely high risk of harm to an individual's reputation, sense of privacy, and possibly safety; or (2) impact an individual’s or organization’s legal matters.

Usage Note:

The level of protection afforded very restricted confidential information is dictated by specially protective privacy or legal policies intended to ensure that under atypical circumstances additional protections limit access to only those with a high need to know and the information is kept in highest confidence.

Privacy and legal policies mandating the highest level of protection by restricting information access, preempt less protective privacy policies when the information is used in the delivery and management of healthcare including legal proceedings related to healthcare. May be pre-empted by jurisdictional law, e.g., for public health reporting or emergency treatment but only under limited circumstances.

Confidentiality code total order hierarchy: Very Restricted (V) is the highest protection level and subsumes all other protection levels, i.e. R, N,M, L, and U.

Examples: Includes information about a victim of abuse, patient requested information sensitivity, and taboo subjects relating to health status that must be discussed with the patient by an attending provider before sharing with the patient. May also include information held under a “legal holder” or attorney-client privilege.

FIX CUI Display names - non-substantial changes to the display names for CUI because use of parens was not implemented correctly.

Add Pregnancy Sensitivity code - request based on input from the X-Paradigm Security Labeling project.  Proposed definition: Policy for handling information related to a pregnant individual, deemed sensitive by the individual or by policy, which may be afforded heightened confidentiality.


Current Confidentiality Codes

U (unrestricted)

Description:

Definition: Privacy metadata indicating that the information is not classified as sensitive.

Examples: Includes publicly available information, e.g., business name, phone, email or physical address.

Usage Note: This metadata indicates that the receiver has no obligation to consider additional policies when making access control decisions. Note that in some jurisdictions, personally identifiable information must be protected as confidential, so it would not be appropriate to assign a confidentiality code of "unrestricted" to that information even if it is publicly available.

L (low)

Description:

Definition: Privacy metadata indicating that the information has been de-identified, and there are mitigating circumstances that prevent re-identification, which minimize risk of harm from unauthorized disclosure. The information requires protection to maintain low sensitivity.

Examples: Includes anonymized, pseudonymized, or non-personally identifiable information such as HIPAA limited data sets.

Map: No clear map to ISO 13606-4 Sensitivity Level (1) Care Management: RECORD_COMPONENTs that might need to be accessed by a wide range of administrative staff to manage the subject of care's access to health services.

Usage Note: This metadata indicates the receiver may have an obligation to comply with a data use agreement.

M (moderate)

Description:

Definition: Privacy metadata indicating moderately sensitive information, which presents moderate risk of harm if disclosed without authorization.

Examples: Includes allergies of non-sensitive nature used inform food service; health information a patient authorizes to be used for marketing, released to a bank for a health credit card or savings account; or information in personal health record systems that are not governed under health privacy laws.

Map: Partial Map to ISO 13606-4 Sensitivity Level (3) Clinical Care: Default for normal clinical care access (i.e. most clinical staff directly caring for the patient should be able to access nearly all of the EHR). Maps to normal confidentiality for treatment information but not to ancillary care, payment and operations.

Usage Note: This metadata indicates that the receiver may be obligated to comply with the sender's terms of use or privacy policies.

N (normal)

Description:

Definition: Privacy metadata indicating that the information is typical, non-stigmatizing health information, which presents typical risk of harm if disclosed without authorization.

Examples: In the US, this includes what HIPAA identifies as the minimum necessary protected health information (PHI) given a covered purpose of use (treatment, payment, or operations). Includes typical, non-stigmatizing health information disclosed in an application for health, workers compensation, disability, or life insurance.

Usage Note: This metadata indicates that the receiver may be obligated to comply with applicable jurisdictional privacy law or disclosure authorization.

R (restricted)

Description:

Privacy metadata indicating highly sensitive, potentially stigmatizing information, which presents a high risk to the information subject if disclosed without authorization. May be pre-empted by jurisdictional law, e.g., for public health reporting or emergency treatment.

Examples: Includes information that is additionally protected such as sensitive conditions mental health, HIV, substance abuse, domestic violence, child abuse, genetic disease, and reproductive health; or sensitive demographic information such as a patient's standing as an employee or a celebrity. May be used to indicate proprietary or classified information that is not related to an individual, e.g., secret ingredients in a therapeutic substance; or the name of a manufacturer.

Map: Partial Map to ISO 13606-4 Sensitivity Level (3) Clinical Care: Default for normal clinical care access (i.e. most clinical staff directly caring for the patient should be able to access nearly all of the EHR). Maps to normal confidentiality for treatment information but not to ancillary care, payment and operations

Usage Note: This metadata indicates that the receiver may be obligated to comply with applicable, prevailing (default) jurisdictional privacy law or disclosure authorization.

PSAF Provenance

 Update from Mike Davis - (no updates this week)

  • Major updates
  • Plan is to ballot Provenance as Informative; if this ballot goes well we will move on to balloting as a Normative DAM
Mike's Document discussed on call:
FHIR Security

No decisions made during FHIR Security Call (no update)



FHIR DS4P

review of latest changes; will approve next week

-----

Need PSS approval for FHIR DS4P and DS4P CDA IG update

FHIR DS4P IG PSS (Kathleen) - Review of updated draft per 2019-05-28 FHIR-Security Meeting Minutes comments below.

Outreach to current and prospective implementers and potential Connectathon testing concluded.  VA, Perspecta, MiHIN, PatientLink added for both categories.

Report out of discussion with CBCP WG at 6/4 meeting.

Check that the DRAFT PSS comments have been adequately addressed: 

  • add incremental development goal schedule (due to resource shortage); in January WGM we can begin to parse out the details
  • fix V3 Data types (to 'NO')
  • add to Content Already Developed 'CDA'
  • clarify work is scope x and
  • deliverable: how to parse the project to resource availability (low hanging fruit first)
  • per Mike: suggests removing word 'policy wherever it occurs' (suggestion under further discussion)

Mike is proposing a sub-working group, to deliver information to send out for support

LINK to Security/CBCP FHIR DS4P IG PSS

Motion:  /

Abstention: TBD; Objections: TBD; Approved: TBD;

Action Item: Develop DS4P CDA IG revision PSS - Kathleen to do

Basic Provenance

Next call is June 18th - (no update)


Basic Provenance Project

Basic Provenance 2019-06-03

HL7 CDA R2 Data Provenance


AdjournmentMeeting adjourned 1258 Arizona time

Temporary Meeting link: https://fccdl.in/LFiJShRYKx


Attendees

x

John Moehrke Co-Chair

By-Light


HL7 Austria
x

Kathleen Connor  Co-Chair

VA (Book Zurman)

@Trish Williams Co-ChairFlinders University
x@Christopher Shawn, Co-ChairVA
x

John Davis (Mike)

VA
x@David StaggsSRS

VA (Electrosoft)

SRS

@Francisco Jauregui  fjauregui@electrosoft-inc.com VA (Electrosoft)
xAegis



@Matt BlackmonSequoia

Julie Chan jchan@cwglobalconsult.comHL7 FHIR

@Dave SilverVA (Electrosoft)
xKaiser
xVA (Book Zurman)
xONC

@Peter VanLiesdonkPhillips

@Adam Wong adam.wong@hhs.govHHS

@Mohammad Jafari Mohammad.jafari@bookzurman.comVA (Book Zurman)

@Ricky Sahu, @1up.health  

1up Health

Versaggi Consulting

Wave One

EMR Direct

EnableCare

Sequoia

Ready Computing

 PJM Consulting

Jopari 

 Laura Bright laurabright4@gmail.com

x Jim Kamper? Altarum







  • No labels