Skip to end of metadata
Go to start of metadata

Chair:  @Chris Shawn

Scribe: @Suzanne Gonzales-Webb 

Weekly calls Tuesdays 3PM ET

FreeConferenceCall Online Meeting Link

Dial-in Number (United States): (515) 604-9567 Access Code: 880898#

Agenda Topics 

 Minutes Approval

Review 2019-06-11 Security WG Agenda/Minutes 

Motion to Approve 6/11 Minutes : Suzanne / Mike  Moved/ Second

Objections: none  ; Abstentions: none ; Approve: 9

Montreal WGM Minutes

SEC WGM Minutes (7th May 2019 Wed)

SEC WGM Minutes (8th May 2019 Wed)

SEC WGM Minutes (9th May 2019 Thurs)

Meeting Minutes reviewed with attendees.

Motion to Approve May Montreal Security WGM

Minutes :  Kathleen/JohnM Moved/ Second

Objections:none ; Abstentions: none; Approved: 9


Final TEFCA 2 - HL7 Comments 

 <<link to final approved comments submitted>>

 Sharing with Protections - Mike

Mike to present on Sharing with Protections paper update

Review came out from the TEFCA; 

  • notion is how we might influence ONCE or support ONC efforts in this area.
    • HITEC had dropped support for DS4P which is a blow to our efforts - this does not address the HITAC decision directly, it does provide support Sharing for Protections
  • Slide 3 - 
  • Slide 4 - Result of Not-Sharing; a patient safety issue
  • Slide 5 - Share with Protections
    • HIPAA does not specifically protect the data; creating a liability rather than property model
  • Slide
  • Slide
  • Slide 9 - Result
  • Slide 9 - Requirements: 
    • We don't make policy in HL7, but ONC does.

The paper has more detail; please send comments when convenient and we can drill down more

I see this is as a change in healthcare, what HL7 has put in place.  The chaos... and we can advance this.

comment: (Kathleen) This is concnsue on how you share new policies cross dimensional;   Vendors could have a nightmare on their hands with different policies, declassification happening.  They may have to put in different security requirements for different customers -that to me is chaos.  This way customers and vendors can come up with a joint policy/vocabulary to relieve that.

--this is the same as DoD policy, wherein we give different access secret, etc.; we .  Sharing w protections provides a way to persist these protections where everyone can understand and deal with the information.

Comment: maybe you can add a snippet of this information to your paper, using the update of TEFCA. 

Sharing with Protections 

Sharing with Protections presentation

 July Harmonization

Initial Harmonization Proposal Submissions - Kathleen

Harmonization Proposals
PSAF Provenance

 Update from Mike Davis - (no updates this week)

  • Major updates
  • Plan is to ballot Provenance as Informative; if this ballot goes well we will move on to balloting as a Normative DAM

FHIR Security

FHIR Security Call updates.

Note that John Moehrke will be OOF next week.


Need PSS approval for FHIR DS4P and DS4P CDA IG update

FHIR DS4P IG PSS (Kathleen) - Review of updated draft per 2019-05-28 FHIR-Security Meeting Minutes comments below.

Outreach to current and prospective implementers and potential Connectathon testing concluded.  VA, Perspecta, MiHIN, PatientLink added for both categories.

Report out of discussion with CBCP WG at 6/4 meeting.

Check that the DRAFT PSS comments have been adequately addressed: 

  • add incremental development goal schedule (due to resource shortage); in January WGM we can begin to parse out the details
  • fix V3 Data types (to 'NO')
  • add to Content Already Developed 'CDA'
  • clarify work is scope x and
  • deliverable: how to parse the project to resource availability (low hanging fruit first)
  • per Mike: suggests removing word 'policy wherever it occurs' (suggestion under further discussion)

Mike is proposing a sub-working group, to deliver information to send out for support


Motion:  Kathleen/ Suzanne

Abstention: 1 (Mike, Julie Maas, JohnM); Objections: None; Approved: 6;

Action Item: Develop DS4P CDA IG revision PSS - Kathleen to do

Basic Provenance

Next call is June 17th - Good progress made. Refined Brett's Provenance Author Participation template for C-CDA. Decision made to include it in the Summer out of cycle C-CDA Companion Guide to get community feedback. 

Plan from Monday's call is that Brett is to meet with FHIR Security to check whether the data elements in the proposed C-CDA Provenance Author Participation template is fully supported by FHIR Provenance. Brett is working on Argonaut/US Core Basic Provenance profile. The Basic Provenance IG will point to the C-CDA Provenance Author Participation template and to the FHIR Basic Provenance profile with discussion on the use cases and how these decisions were arrived at.

WG needs to review and approve Basic Provenance NIB for September.

NIB screen shown; Review of NIB

  • original changed to Basic Provenance for C-Cda and HIR to be consistent with how we've been call the project all along.
  • informative ballot
  • security as sponsoring WG, additiona co-sponsors also checked

  • we need to comply with the CDA schema; with an action item to check in with FHIR Security so that it supports FHIR Provenance resource so that if Argonaut/basic provenance profile will still work
  • COMMENT: previously approved by FHIR management group.  WE can ask them to attend our fhir security call to make sure its mapped correctly (as a check mark) 

Kathleen moves to have approvated / Brett second

VOTE: Abstentions: none; OBjectsions: none; Approved: 9 

Kathleen will submit; Brett sending information to Kathleen.

Basic Provenance Project

Basic Provenance 2019-06-03

HL7 CDA R2 Data Provenance

 Different bet Provenance and Lineage

Provenance is 'like what we're doing w basic provenance' pure creation...

anything after that is lineage—whatever happens to that initial thing after provenance.

what healthcare people think of provenance is 'both'  the difference would be whether you chain them

MIke would like to view basic provenance is our 'painting' and once sold, the tracking, etc is 'lineage'

JohnM in healthcare - doesn't believe there is any distinction of purely provenance or lineage. It's just a form distinction. basic provenace is spoke of very early on.  'where did I get this information from...?' which ay not be the original painter but the museum... JohM believes in trying to fit them in the hybrids definitions --doenst really fit; I don't disagree with it–just in medical records it seems that way... they just want to know 'why I should trust this information... fromt he author or whomever...why should I trust that informatin/data...'

MikeD - thank you - just want to establish some foundational defitnions.

AdjournmentMeeting adjourned  Arizona time 1259 (Kathleen moved, John seconded)

Temporary Meeting link:



John Moehrke Co-Chair


HL7 Austria

Kathleen Connor  Co-Chair

VA (Book Zurman)

@Trish Williams Co-ChairFlinders University
x@Christopher Shawn, Co-ChairVA

John Davis (Mike)

x@David StaggsSRS

VA (Electrosoft)


@Francisco Jauregui VA (Electrosoft)

@Matt BlackmonSequoia

Julie Chan jchan@cwglobalconsult.comHL7 FHIR

@Dave SilverVA (Electrosoft)

VA (Book Zurman)

@Peter VanLiesdonkPhillips

@Adam Wong adam.wong@hhs.govHHS

@Mohammad Jafari Mohammad.jafari@bookzurman.comVA (Book Zurman)

@Ricky Sahu,  

1up Health

Versaggi Consulting

Wave One

EMR Direct



Ready Computing

 PJM Consulting


 Laura Bright

 Jim Kamper Altarum

  • No labels