Scribe: @Suzanne Gonzales-Webb
Weekly calls Tuesdays 3PM ET
FreeConferenceCall Online Meeting Link https://www.freeconferencecall.com/join/security36
Dial-in Number (United States): (515) 604-9567 Access Code: 880898#
Motion to Approve with amendment to update # of approval 7/30 Minutes : Moved: Kathleen / Second Suzanne
Objections: 0 Abstentions: 0; Approve: 8
|Share with Protections|
Updates to Sender Responsibilities.
This bring up a good point–if the recipient brings up the point with the
|PSAF Provenance (Volume 3)|
Final PSAF Package submitted to HL7 HQ. Thanks to authors, contributors and commenters.
PSAF Ballot Spreadsheet - also available on Ballot Desktop. Please Vote!
Reminder that only the PSAF Vol. 3 Provenance DAM is open for comment:
Important Note to September 2019 Ballot Voters
The September 2019 Privacy and Security Framework (PSAF) ballot is a package containing all of the Volumes developed to date under the PSAF Project Scope Statement 914. See the September Ballot Announcement:
The Privacy and Security Architecture Framework (PSAF) is comprised of:
As stated, only Volume 3 Provenance, is in scope for comments for September 2019.
Inclusion of Volumes 1, 2, and the TF4FA Guide, and Volume 4 in the September PSAF ballot package also affords voters an opportunity to review the wider privacy and security context in which the Provenance DAM was developed, and to which it contributes a significant component.
Reed Gelzer: most comments were in scope - can work on offline, rather than generate more scope questions on the WG call.
Basic Provenance Ballot Spreadsheet - also available on Ballot Desktop. Please Vote!
Suggest that Security and CBCP WGs monitor Carin BlueButton FHIR IG "self-attestation" to privacy and security requirements, and seek collaboration on attestation criteria. Note that "Consent Federation" is a project on Carin roadmap. Suggest that we invite the IG author, Amol Vyas, Cambria Health, to WG call.
Consent federation - CBCP/DPyke may be reaching out to them to find out more information on what their direction is going.
Note that the IG Use Case is Individual Right of Access. IG states that authorization is done with SMART on FHIR. However, there is no support for a signature described, which is required according to OCR.
Consumer-directed health insurance data exchange Consumer-directed exchange occurs when a consumer or an authorized caregiver invokes their HIPAA Individual Right of Access (45 CFR 164.524) and requests their digital health information from a HIPAA covered entity (CE) via an application or other third-party data steward.
Use Case: Consumer Access to their Claims Data
OCR FAQ: Right to Have PHI Sent Directly to a Designated Third Party
Can an individual, through the HIPAA right of access, have his or her health care provider or health plan send the individual’s PHI to a third party?
Yes. If requested by an individual, a covered entity must transmit an individual’s PHI directly to another person or entity designated by the individual. The individual’s request must be in writing, signed by the individual, and clearly identify the designated person or entity and where to send the PHI. See 45 CFR 164.524(c)(3)(ii). A covered entity may accept an electronic copy of a signed request (e.g., PDF or scanned image), an electronically executed request (e.g., via a secure web portal) that includes an electronic signature, or a faxed or mailed copy of a signed request.
|Recent ISA updates|
HL7 PAC will be soliciting WG input on Comments.
The annual ISA Review and Comment period is now open, ending on September 23rd at 11:59pm ET. See the latest Health IT Buzz blog post for more details, and don't miss this year's questions for stakeholder feedback.
The Interoperability Standards Advisory (ISA) process represents the model by which the Office of the National Coordinator for Health Information Technology (ONC) will coordinate the identification, assessment, and public awareness of interoperability standards and implementation specifications that can be used by the healthcare industry to address specific interoperability needs including, but not limited to, interoperability for clinical, public health, and research purposes. ONC encourages all stakeholders to implement and use the standards and implementation specifications identified in the ISA as applicable to the specific interoperability needs they seek to address. Furthermore, ONC encourages further pilot testing and industry experience to be sought with respect to standards and implementation specifications identified as “emerging” in the ISA. For historical background on the ISA please review prior ISA publications.
The 2019 ISA has been updated to include improvements made based on recommendations received from public comments and subject matter expert feedback. To learn more about major revisions of the ISA, please review recent ISA updates. Registered users may subscribe to change notifications to be alerted by e-mail of all revisions to individual interoperability needs or for ISA-wide changes. Anyone may become a registered user by submitting an account request. Once logged in, look for the blue “change notification” button at the bottom of the interoperability need page, or at the bottom of the home page to be notified of any changes across the ISA. An RSS Feed was also added in 2018, capturing more granular updates made to the ISA.
Kathleen is coordinating comments (please review document and send to Kathleen) for incorporation/submittal for ISA Review
Recording Patient Preferences for Electronic Consent to Access and/or Share their Health Information with Other Care Providers
|Adjournment||Meeting adjourned at 1243 Arizona Time (JohnM)|
Temporary Meeting Recording: https://fccdl.in/GTaCFoJn7P
John Moehrke Co-Chair
Kathleen Connor Co-Chair
|VA (Book Zurman)||@Trish Williams Co-Chair||Flinders University|
|x||@Christopher Shawn, Co-Chair||VA||x|
John Davis (Mike)
|@Matt Blackmon||Sequoia||Julie Chan email@example.com||HL7 FHIR|
|x||VA (Book Zurman)||x||Kaiser|
|VA (Book Zurman)||ONC|
|@Peter VanLiesdonk||Phillips||@Adam Wong firstname.lastname@example.org||HHS|
@Ricky Sahu, @1up.health
|Sequoia||Laura Bright email@example.com|
|PJM Consulting||Jim Kamper||Altarum|
|x||Ready Computing||x||@David Staggs firstname.lastname@example.org||SRS|