Skip to end of metadata
Go to start of metadata

Chair: @Kathleen Connor

Scribe: @Suzanne Gonzales-Webb 

Weekly calls Tuesdays 3PM ET

FreeConferenceCall Online Meeting Link https://www.freeconferencecall.com/join/security36

Dial-in Number (United States): (515) 604-9567 Access Code: 880898#

Agenda Topics 

 Minutes Approval

Review

2019-08-13 Security WG Agenda/Minutes

Motion to Approve with amendment to update # of approval 8/13 Minutes :   Moved: Beth/  Second Suzanne

Objections: 0  Abstentions: 0; Approve: 5

Share with Protections

Updates- Mike Davis

Discuss Draft Sharing with Protections PSS



Going forward Mike would like to publish this as a journal article.

Review of updates from last version

  • further review
    • comments incorporated, document reorganized.  Changes include:
      • Introducing 'share with protections'
      • addition of Gartner quotation
      • Conclusion
      • Appendix A: simplification of drawing - 
    • no further work completed at this time on issues

Discussion on PSS

  • since we have a DS4P IG - we could add this to the current DS4P IG or  to creaet a new IG to following up with DS4P on its own–it would need to cover CDA, unsure about a FHIR IG.
    • this work seems to apply to CDA and FHIR–it doesn't seem to be something to e implemented, but more informative.  originally it was to be a white paper and ballot as informative.  Kathleen believes its would be useful to start the PSS process and to do so, it needs to be done in the Confluence PSS Template. Kathleen has started one - see Sharing with Protections Project Scope Statement
    • get approval to complete the PSS and then move forward.  It needs two cycles out in order to get it to ballot.  
    • Mike agrees that it should go forward (the PSS) inclinations is to not make this document the PSS...still keen on the IG idea.  Mike would like to submit as a journal article somewhere.  and send it as a WG product, Mike would push it on the ONC.  initially it was to provide ONC with  xxx and then support ore than document labeling.  
    • there is policy guidance in the persistence of the labels, more importantly is the assignment of clearances to the end user/organization staff and managing that at that level.  According to the model, each org is allowed to assign class... depending on their need.  Given the classification of the data they would be expected to designate and protect:
      • What is the relationship to access control.
      • the access control in ABAC is the mechanism we are pushing here.  This is the HOW, at least suggest and reference.  In ringing it for
    • in terms of trust, maintaining provenance is a good example of  bring all of the concepts together.  DS4P is focusing on the originator.


Provenance QuestionsMike presented his Provenance Questions and we discussed whether and how those are supported by DPROV CDA IG, FHIR Provenance Resource, and the Basic Provenance IG.

FHIR Security

John Moehrke is at the ONC Meeting, so the meeting was cancelled.


Carin Alliance

Follow up on Carin BlueButton FHIR IG "self-attestation" to privacy and security requirements, and seek collaboration on attestation criteria.   Note that "Consent Federation" is a project on Carin roadmap. 

Added comment on CARIN BB IG PSS recommending that CARIN collaborate with CBCP/Security as co-sponsors on their PSS.  CARIN Alliance HL7 FHIR Projects

See Carin Alliance WEDi.pdf and https://build.fhir.org/ig/HL7/carin-bb/toc.html

PDF

https://www.carinalliance.com/wp-content/uploads/2019/06/CARIN_DIGITAL-ID-SUMMIT_Slides_Consent.pdf

Carin BlueButton FHIR IG TOC link: https://build.fhir.org/ig/HL7/carin-bb/toc.html 

Recent ISA updates

HL7 PAC is soliciting WG input on The Interoperability Standards Advisory (ISA) for HL7 comments.  See ONC ISA 2019 for focus areas

Kathleen is coordinating comments (please review document and send to Kathleen) for incorporation/submittal for ISA Review

Data Segmentation of Sensitive Information

Recording Patient Preferences for Electronic Consent to Access and/or Share their Health Information with Other Care Providers

Appendix I – Sources of Security Standards and Security Patterns

Query for Documents Outside a Specific Health Information Exchange Domain

AdjournmentMeeting adjourned at 1300 Arizona Time

Temporary Meeting Recording: https://fccdl.in/03i0o4zUqH

Attendees

  •  

John Moehrke Co-Chair

By-Light
  •  
HL7 Austria
  •  

Kathleen Connor  Co-Chair

VA (Book Zurman)
  •  
@Trish Williams Co-ChairFlinders University
  •  

Chris Shawn, Co-Chair

VA
  •  

John Davis (Mike)

VA
  •  
SRS
  •  
ONC
  •  
Aegis
  •  

  •  
Sequoia
  •  
Julie Chan jchan@cwglobalconsult.comHL7 FHIR
  •  
VA (Book Zurman)
  •  
Kaiser
  •  
VA (Book Zurman)
  •  
@Adam Wong adam.wong@hhs.govHHS
  •  
Phillips
  •  

@Ricky Sahu, @1up.health  

1up Health
  •  
Wave One
  •  


  •  
EMR Direct
  •  
Laura Bright laurabright4@gmail.com
  •  
Sequoia
  •  
Jim KamperAltarum
  •  
 PJM Consulting
  •  
 @David Staggs drs@securityrs.comSRS 
  •  
 Ready Computing



  •  
Trustworthy EHR 









  • No labels