Skip to end of metadata
Go to start of metadata

Chair:  @ David Pyke

Scribe: @Suzanne Gonzales-Webb


(ATTENDEES TABLE moved to after Agenda)

Agenda Item

Meeting Minutes from Discussion

Decision Link(if not child)
Minutes Approval

2019-09-03 CBCP Meeting Agenda/Minutes (Copy) (not ready) - push to next agenda

VOTE: (motion) :   x / x

Abstain: x / Opposed: x /  Approve: #

 42CFR4 Part 2 (continued)

(Jim Kretz additional overview?)

anything that goes unders FDA oes under  separate form of consent;

Share with Protections - Mike Davis

(no update) Meeting set-up TBD (Mike not on) Mike is starting the PSS for this project

"Share with Protections"

  • PSS update
  •  (document update)

Reviewing problem slide:

  • Slide 3 "The Problem"
    • Mike would like to go over the PPT during the WGM in more detail
    • Five points
      1. Legislations protects certain conditions
      2. Segmentation for privacy works
      3. "Outside" providers do no receive complete records
      4. Affected patients are not motivated to share, even in their own best interest
        1. A huge issue for the VA wherein out of 9million only (approx.) 350,00 records received
      5. Patient sensitive information is being shared with recipients who fail to enforce its original specialty protected status
        1. if we share the information 'no one' does anything with it—impression seems to be with the consent then information can be shared and no longer controlled.  Patient consents, but the law restricts (gap) or shares without any further control.
    • This section is a problem statement and goals
  • Definitions:
    • Share with Protections in a Nutshell
      • As-Is: Data Segmentation for Privacy - (we have it but not necessarily being used)
        • receipeint per the threat sitation but enforces for local lpolicy.   xxx check recording
        • receivers can't even compute the labels, but there is also policy issue for being acceptable except under CUI of Part2; emphasizing the as-is
      • To-be -
        • data has been labels; requires the recipient retains the data, but persists the data, assigns clearances to their staff that xxx with the albes, i.e. normal , restricted clearances.  the recipeint enforces the access
        • notion of need-to-know, and segegations of security guide.
        • in security terms, this would be an ABAC system.  If clearance is greater than or equal to the deny... 
        • (JC) if you take HIPAA as a framework where enterprises are enforce... it may be that ABAC is not appropraite for some systems.  saying aBAC is the mechanismes where peopls can.. may be a step too far.  o honor any security lables but not specify how they specify the way they 'do' that.
        • (Mike) this can be done is someother mechanism.. compartments or implements with roles, 
        • (JC) the ability to persist labels can be used downstream as appropriate, they ust use them or must use with ABAC may be going a step too far. 
        • (ike) will suggesetthat ABAC will be a method dof doing that–but not requireing they use it to succeed.  the point we have the recipeient to use the secury and privacy inforamtion they are aware its sensistive as opposed to normal healthcare information.  they treat it as such by providing more limited access otherwise.  the idea is we reatin the ntoion n the disclosure that this info has sensistivy greather than normal and needs to protected in some way... other than normal.  some controls over who recies as directed to the recieving enterprise.
        • K - need to know is how we describe … we need to acknowledge that, ther eis documenation in HIPAA, and you have considered the risk and have addressed appropoirately.
        • mike - additional slides may be adressing above
    • slide 13 - legally sharing protected information with implied consent and for patient safety
    • slide 14 - virtual care team
      • earlier we said pateints are not motivated to share - in its optimum sense would not require patieent consent.  information is shared without consent but IT IS protected by the lables.  the notion is that people getting access would also receive some kind of read in, to the restricted information that would requiremethm to be trained by the sensitives of the inforamtion.  they would be read into the program and received the ability to read the restricted infroation.  being part of the virtual care team.  people specially selected to be a care team. 
      • K … wherei the patient would get an accounting of disclosure 

 eLTSS FHIR IG Project - Becky, Johnathan

TSC approval of the publication request

Johnathan will take action to contact Lynn Laakso / check list is content that is entered into the form (GregW has and will sent over to johnathan) 

  • regarding the Connectathon; Care Plan and Management track
 eLTSS Use Case - Craig (15-20 min)

Discussion:  Next steps for Connectathon track

  • nothing to add, ready to go

 Provenance DAM - Mike Davis, Kathleen

Normative ballot

  • Quorum levels reached.
  • time set aside during WGM (Tues Q2) for ballot reconciliation, comment review

 DS4P FHIR IG - Kathleen Connor

Tuesday Q4 set aside - originally discussion for FHIR IG; turning into how to do minimum necessary filtering; there is not capability to do this filtering (AMA, Bob Dieterle involved)

Update: Approved, start date is in January for September balloting. 

  • Focusing on Low hanging fruit to start, starting with security labels to describe how to do data segmentation in FHIR
  • (Topic for joint session (Security/CBCP))

Update (question) Approval from FMG and will go to e-vote from TSC - completed

PSS Approved 6/4/2019: FHIR Data Segmentation for Privacy (DS4P) Implementation Guide PSS (by Steering Division)

 September 2019 WGM

Suzanne, Kathleen to collaborate on MON Q3/Q4 and other Security/CBCP joint sessions at a future date (completed on 9/5/2019)

  • added: 'as mention'  Preliminary Draft of the NIST Privacy Framework (Monday Q3/Q4)

  • Please contact Suzanne Gonzales-Webb or Kathleen Connor to add additional agenda items added to 2019 September WGM, thanks!

Additional Agenda Items

If you are interested in becoming a FHIR IG Author - David Pyke will send you the link to attend (SEND HIM AN e-mail!)

  • FREE (ONC Sponsored)
  • Course is a day and a half (Wednesday/Thursday)
  • Curriculum is still being put together

Background intent is to have a pool of people to write FHIR IGs

LINK: Please e-mail David Pyke if you would like to register for this course (


Announcement : Interoperability Standards Advisory   (ISA)

Deadline for ISA comments is September 23, 2019 1150 ET

  • let them know DS4P FHIR IG project is underway
    • is on Security Agenda; so that we can bring input to PAC comments (Kathleen collecting, revising comments submitted will post <<add link>>); JC recommending that eLTSS IG be added)

FHIR Consent

No meetings held recently; will be meeting during the WGM

Next Thursday at 2PM ET is next attempt for comment resolution 

  • some open topics; new examples uploaded
  • met with patient care to talk about the use case for FHIR consent

have revised all the examples to fit the model

other changes to the documentation with minor changes; need to vet the changes before bringing forward to the WG

 Additional agenda Items?

Adjournment Meeting adjourned at 1048Time (Suzanne )Temporary Meeting Recording:






Johnathan Coleman Co-Chair audio

xVA (Book Zurman)

David Pyke  Co-Chair

Ready Computing

@Jim Kretz SAMHSA 

John Davis  aka Mike Davis

xKathleen ConnorVA (Book Zurman)

Georgia Tech
xChris ShawnVA

@David Staggs

SSA (Aegis)

@Laura Bright 


@Forrest White forrest.white@altarum.orgAltarum
xGreg WhiteSRS

@Pele Yu Children's Hospital




@Hannah Galvin

x@Amber PatelSRS

Jamie Parker   Carradora
x@Victor (unknown last name)Medside

@Joseph Parker

Supporting Documents

Outline Reference

Supporting Document

Minute Approval

Action items Suzanne Gonzales-Webb