Skip to end of metadata
Go to start of metadata

Chair:  @ David Pyke

Scribe: @Suzanne Gonzales-Webb






xVA (Book Zurman)

David Pyke  Co-Chair

Ready Computing

@Jim Kretz SAMHSA 

John Davis  aka Mike Davis

xKathleen ConnorVA (Book Zurman)

Georgia Tech
xChris ShawnVA

@David Staggs

Joseph M. LamySSA (Aegis)

@Laura Bright 


@Forresst White forrest.white@altarum.orgAltarum
xGreg WhiteSRS

@Pele Yu Children's Hospital



@Hannah Galvin


@Amber PatelSRS
xJamie Parker   Carradora
x@Victor (unknown last name)Medside
Alex Kontur HHS 

Create Decision from template

Agenda Topics

Agenda Item

Meeting Minutes from Discussion

Decision Link(if not child)
Minutes Approval

2019-07-16 CBCP Meeting Agenda/Minutes

VOTE: (motion) :  Suzanne / Mike

Abstain: 0 / Opposed: 0/  Approve: 12

Share with Protections (Response to HITAC) - Mike Davis

Meeting set-up TBD

"Share with Protections"

      • PSS update
  • Minor updates completed


The answer we are providing is: (Mike will provide)

What are we going to do with it?  Mike's thought is to have CBCP and Security as principle stakehodlers–to review as a project, provide comments back and establish this as positions of the WGs - its not a spec or standards, we agree upon that this represents our view of the subject.  That's where Mike would like to get to.

We need to set this up as a sub-group meeting.  PSS? or how would like to handle?

  • If this is going to be used outside HL7, it needs to be a formal document.  Therefore we create a PSS and create an Informative document

HITAC Link: 

 CUI Presentation

 CUI Presentation - Mike

Two types of CUI

  • CUI Basic
  • CUI Specified

A disagreement on CUI led discussion back to review of NARA wherein Health is Basic CUI, Privacy is CUI specified (confirm from slides)

CUI Legal Agreements

  • Agreements and arrangements are any vehicle that sets out specific CUI handling requirements for contractors and other information-sharing partners when the arrangement with the other party involves CUI

TEFCA Draft2

  • Minimum Security Requirements - MRTCs Draft 2 requirements the QHINs comply with the HIPAA Privacy and Security Rules as it pertains to EHI


  • HITAC Recommendation: TF recommends ONC remove the section related to CUI
  • Recommendation: TF recommends that ONC make it clear the additional obligations on CUI handling or other specific requirements will be borne by Federal partners
  • HITAC Recommendation is Uninformed per Mike, partners should implement controls


Doing work with Sequoia

Desire is to implement CUI codes HL7 v2, CDA and 

Once the default CUI is agreed to we can … publish IG so that's its easier for implementers to pick up rather than go through the entire lists of security labels/standardized security labels


Use-case of registering a Privacy Consent that authorizes a proxy - DPyke, JMoehrke

No update.

Meeting: Every other Thursday at 2:00 bi-weekly; next meeting;

Next FHIR meeting, this Thursday 08/01/2019; no update this week

 eLTSS Use Case - Craig (15-20 min)

Discussion:  Next steps for Connectathon track

  • Have we notified Patient Care Track POC?  
    • through DaveP put Craig in contact with Dave Carlson 
  • vocabulary now working

Same use case as discussed before - working with Greg White; looking for folks to work with Altarum for the connectathon

eLTSS FHIR IG Project - Becky, Johnathan

Use case to be run through at 

  • still looking for a partner

Becky completing comments; reviewing for duplicates

  • do we bring information back to CBCP for publication (vote)
    • yes, content review by CBCP (see notes from Melva Peters

CBCP FHIR Consent CPs-DavidP

Waiting for next meeting - no update this week

 Provenance DAM - Mike Davis

Content due 8/4 (Sunday) , Normative ballot

Material still being developed; most graphics have been presented to both CBCP and Security.  On track for final content deadline. Completing document this week.  Next week will be grammar review.

  • Mike to Set up meeting for next Wednesday - with near final content, for review/walk-through


  • Consensus pool for September ballot is out, please sign up to review and vote
  • working on completing sections of the document

 DS4P FHIR IG - Kathleen Connor

Approval from FMG and will go to e-vote from TSC

PSS Approved 6/4/2019: FHIR Data Segmentation for Privacy (DS4P) Implementation Guide PSS (by Steering Division)

 September 2019 WGM

Suzanne, Kathleen to collaborate on MON Q3/Q4 and other Security/CBCP joint sessions at a future date

No additional agenda items added to 2019 September WGM at this time.

Additional Agenda ItemsNo additional agenda items brought forward
Adjournment Meeting adjourned at 0939 Arizona Time (CraigN )Temporary Meeting Recording:

Supporting Documents

Outline Reference

Supporting Document

Minute Approval

Action items Suzanne Gonzales-Webb